svj/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
53295535eb04efaa1ad91da3d8429ffe5db32871
website/.actions/portal_actions.php

100 lines
3.8 KiB
PHP
Raw Blame History

<?php
/* Anmelden */
if ( isset ( $_POST[ 'siteId' ] ) && $_POST[ 'siteId' ] === 'checkLogin' && isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'checkLogin' )
{
/* Nur nicht gelöschte Benutzer */
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordCrypt = "' . md5 ( $_POST[ 'passWord' ] ) . '" AND userDelete = "N";' );
if ( $result -> num_rows === 0 )
{
/* Fehlerhafte Benutzeranmeldung */
$arrError[ ] = 'login_001';
fnc_writeLog ( '00000001' , array ( $_SERVER[ 'REMOTE_ADDR' ] , $_POST[ 'userName' ] ) , 0 );
}
else
{
$dat_user = $result -> fetch_assoc ( );
if ( $dat_user[ 'userActive' ] === 'N' )
{
/* User ist deaktiviert */
$arrError[ ] = 'login_002';
fnc_writeLog ( '00000002' , array ( ) , $dat_user[ 'userId' ] );
}
else
{
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
/* Bearbeitungsrechte abfragen */
$editingRights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user[ 'userId' ] . '";' );
$_SESSION[ 'sess_userId' ] = $dat_user[ 'userId' ];
$_SESSION[ 'sess_loginDate' ] = date( 'YmdHis' );
$_SESSION[ 'sess_loginStatus' ] = ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
? 'changePW'
: 'loggedIn';
$_SESSION[ 'sess_sessionId' ] = session_id( );
$_SESSION[ 'sess_sessionName' ] = session_name( );
$_SESSION[ 'sess_loginLang' ] = 'de';
$_SESSION[ 'sess_portalRightsType' ] = $dat_user[ 'userPortalRightsType' ];
$_SESSION[ 'sess_portalRights' ] = explode ( ';' , $dat_user[ 'userPortalRights' ] );
while ( $singleRights = $editingRights -> fetch_assoc ( ) )
{
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] . 'Type' ] = $singleRights[ 'rightsType' ];
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] ] = $singleRights[ 'rights' ];
}
if ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
{
$_GET[ 'siteId' ] = 'changePW';
fnc_writeLog ( '00000005' , array ( ) , $dat_user[ 'userId' ] );
}
else
{
$_GET[ 'siteId' ] = '1';
fnc_writeLog ( '00000003' , array ( ) , $dat_user[ 'userId' ] );
}
header( 'Location: index.php?siteId=' . $_GET[ 'siteId' ] );
die( );
}
}
}
/* Abmelden */
if ( isset ( $_GET[ 'siteId' ] ) && $_GET[ 'siteId' ] === 'logout' )
{
if ( isset ( $_SESSION[ 'sess_userId' ] ) )
{
fnc_writeLog ( '00000004' , array ( ) , $_SESSION[ 'sess_userId' ] );
}
session_destroy( );
header( 'Location: index.php?siteId=login' );
die( );
}
/* Passwort ändern */
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'changePW' )
{
if ( $_POST[ 'newPassWord' ] !== $_POST[ 'passWordRepeat' ] )
{
$arrError[ ] = 'pw_001';
}
else
{
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordOrg = "' . $_POST[ 'passWord' ] . '" AND userDelete = "N";' );
if ( $result -> num_rows === 0 )
{
$arrError[ ] = 'login_001';
}
else
{
$_SESSION[ 'sess_loginStatus' ] = 'loggedIn';
$user = $result -> fetch_assoc ( );
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5 ( $_POST[ 'newPassWord' ] ) . '" WHERE userId = "' . $user[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000016' , array ( fnc_getUsernameById ( $user[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=1' );
die( );
}
}
}
?>
Reference in New Issue View Git Blame Copy Permalink