98 lines
3.2 KiB
PHP
98 lines
3.2 KiB
PHP
<?php
|
|
|
|
/* Anmelden */
|
|
if (isset ($_POST['siteId']) && $_POST['siteId'] === 'checkLogin' && isset ($_POST['formAction']) && $_POST['formAction'] === 'checkLogin')
|
|
{
|
|
/* Nur nicht gelöschte Benutzer */
|
|
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordCrypt = "' . md5($_POST['passWord']) . '" AND userDelete = "N";');
|
|
if ($result->num_rows === 0)
|
|
{
|
|
/* Fehlerhafte Benutzeranmeldung */
|
|
$arrError[] = 'login_001';
|
|
fnc_writeLog('00000001', array($_SERVER['REMOTE_ADDR'], $_POST['userName']), 0);
|
|
}
|
|
else
|
|
{
|
|
$dat_user = $result->fetch_assoc();
|
|
if ($dat_user['userActive'] === 'N')
|
|
{
|
|
/* User ist deaktiviert */
|
|
$arrError[] = 'login_002';
|
|
fnc_writeLog('00000002', array(), $dat_user['userId']);
|
|
}
|
|
else
|
|
{
|
|
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
|
|
/* Bearbeitungsrechte abfragen */
|
|
$editingRights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user['userId'] . '";');
|
|
|
|
$_SESSION['sess_userId'] = $dat_user['userId'];
|
|
$_SESSION['sess_loginDate'] = date('YmdHis');
|
|
$_SESSION['sess_loginStatus'] = ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
|
|
? 'changePW'
|
|
: 'loggedIn';
|
|
$_SESSION['sess_sessionId'] = session_id();
|
|
$_SESSION['sess_sessionName'] = session_name();
|
|
$_SESSION['sess_loginLang'] = 'de';
|
|
$_SESSION['sess_portalRightsType'] = $dat_user['userPortalRightsType'];
|
|
$_SESSION['sess_portalRights'] = explode(';', $dat_user['userPortalRights']);
|
|
while ($singleRights = $editingRights->fetch_assoc())
|
|
{
|
|
$_SESSION['sess_' . $singleRights['rightsPrefix'] . 'Type'] = $singleRights['rightsType'];
|
|
$_SESSION['sess_' . $singleRights['rightsPrefix']] = $singleRights['rights'];
|
|
}
|
|
|
|
if ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
|
|
{
|
|
$_GET['siteId'] = 'changePW';
|
|
fnc_writeLog('00000005', array(), $dat_user['userId']);
|
|
}
|
|
else
|
|
{
|
|
$_GET['siteId'] = '1';
|
|
fnc_writeLog('00000003', array(), $dat_user['userId']);
|
|
}
|
|
|
|
header('Location: index.php?siteId=' . $_GET['siteId']);
|
|
die();
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Abmelden */
|
|
if (isset ($_GET['siteId']) && $_GET['siteId'] === 'logout')
|
|
{
|
|
if (isset ($_SESSION['sess_userId']))
|
|
{
|
|
fnc_writeLog('00000004', array(), $_SESSION['sess_userId']);
|
|
}
|
|
session_destroy();
|
|
header('Location: index.php?siteId=login');
|
|
die();
|
|
}
|
|
|
|
/* Passwort ändern */
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'changePW')
|
|
{
|
|
if ($_POST['newPassWord'] !== $_POST['passWordRepeat'])
|
|
{
|
|
$arrError[] = 'pw_001';
|
|
}
|
|
else
|
|
{
|
|
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordOrg = "' . $_POST['passWord'] . '" AND userDelete = "N";');
|
|
if ($result->num_rows === 0)
|
|
{
|
|
$arrError[] = 'login_001';
|
|
}
|
|
else
|
|
{
|
|
$_SESSION['sess_loginStatus'] = 'loggedIn';
|
|
$user = $result->fetch_assoc();
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5($_POST['newPassWord']) . '" WHERE userId = "' . $user['userId'] . '" LIMIT 1;');
|
|
fnc_writeLog('00000016', array(fnc_getUsernameById($user['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=1');
|
|
die();
|
|
}
|
|
}
|
|
} |