WebSVN – public – Blame – /pm/trunk/login.php

Rev	Author	Line No.	Line
4	andreas	1	`<?php`
		2	`require_once('version.inc');`
		3	`require_once('dbaccess.inc');`
		4	`require_once('language.inc');`
		5	`require_once('helper.inc');`
		6	`require_once('crypt.inc');`
		7	`require_once('settings.inc');`
		8
		9	`$user = $_REQUEST['user'];`
		10	`$pass = $_REQUEST['pass'];`
		11
		12	`$db = OpenDB();`
		13	`$query = "select mi_userid, mi_passwd, mi_num, mi_vname, mi_nname,";`
		14	`$query .= "mi_rstufe, mi_hacker from mitarbeiter where mi_userid = '$user'";`
		15
		16	`if (!($result = QueryDB($db, $query)))`
		17	`$nrow = 0;`
		18	`else`
		19	`$nrow = numrowsDB($result);`
		20
		21	`if ($nrow != 1) {`
		22	`$ini_array = parse_ini_file("setup/setup.dat");`
		23	`$suser = $ini_array['suser'];`
		24	`$passw = $ini_array['password'];`
		25	`$pw = md5($pass);`
		26
		27	`if ($user == $suser && $passw == $pw) {`
		28	`$headline = 4;`
		29	`$menu = 4;`
		30	`$rstufe = 0;`
		31	`$unum = 0;`
		32	`$cunum = encrypt($unum);`
		33	`$crstufe = encrypt($rstufe);`
		34	`setcookie("TPMunum", $cunum, time()+86400);`
		35	`setcookie("TPMrstufe", $crstufe, time()+86400);`
		36	`$login = 1;`
		37	`Journal(400, "login.php: User: 0 = Verwaltungsuser", $db);`
		38	`require('header.inc');`
		39	`require_once('menu.inc');`
		40	`// Here we can insert a splash screen, if we want to.`
		41	`require('start.inc');`
		42	`} else {`
		43	`require('header.inc');`
		44	`echo "<td></td></tr></table></td></tr></table>\n";`
		45	`Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n"));`
		46	`echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";`
		47	`echo "<input type=\"hidden\" name=\"headline\" value=1>\n";`
		48	`Button(GetMessage($db, 217, "Weiter -->"), "error");`
		49	`echo "</form>\n";`
		50	`closeDB($db);`
		51	`require('footer.inc');`
		52	`exit;`
		53	`}`
		54	`} else {`
		55	`$data = fetchDB($result, 0);`
		56	`$suser = $data[0];`
		57	`$passw = $data[1];`
		58	`$unum = $data [2];`
		59	`$vname = $data[3];`
		60	`$nname = $data[4];`
		61	`$rstufe = $data[5];`
		62	`$hacker = $data[6];`
		63	`$pw = md5($pass);`
		64
		65	`if ($hacker >= 3) {`
		66	`require('header.inc');`
		67	`echo "<td></td></tr></table></td></tr></table>\n";`
		68	`echo "<p>Sie haben mehrfach versucht dieses System illegal zu\n";`
		69	`echo "manipulieren und wurden daher <b>gesperrt</b>!<br>\n";`
		70	`echo "Um wieder freigeschalten zu werden, wenden sie sich bitte\n";`
		71	`echo "an den <b>Systemadministrator</b>!</p>\n";`
		72	`Journal(403, "login.php: User: $unum = $nname $vname", $db);`
		73	`closeDB($db);`
		74	`require('footer.inc');`
		75	`exit;`
		76	`}`
		77
		78	`if ($rstufe == 5 \|\| $user != $suser \|\| $passw != $pw) {`
		79	`require('header.inc');`
		80	`echo "<td></td></tr></table></td></tr></table>\n";`
		81	`Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n"));`
		82	`echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";`
		83	`echo "<input type=\"hidden\" name=\"headline\" value=1>\n";`
		84
		85	`if ($user == $suser)`
		86	`Journal(402, "login.php: User: $suser", $db);`
		87
		88	`Button(GetMessage($db, 217, "Weiter -->"), "error");`
		89	`echo "</form>\n";`
		90	`closeDB($db);`
		91	`require('footer.inc');`
		92	`exit;`
		93	`}`
		94
		95	`$headline = 3;`
		96	`$menu = 1;`
		97	`$cunum = encrypt($unum);`
		98	`$crstufe = encrypt($rstufe);`
		99	`setcookie("TPMunum", $cunum, time()+86400);`
		100	`setcookie("TPMrstufe", $crstufe, time()+86400);`
		101	`// $login = 1;`
		102	`require('header.inc');`
		103	`require_once('menu.inc');`
		104	`Journal(400, "login.php: User: $unum = $nname $vname");`
		105	`// Here we can insert a splash screen, if we want to.`
		106	`require('start.inc');`
		107	`}`
		108
		109	`//closeDB($db);`
		110	`require('footer.inc');`
		111	`?>`

Subversion Repositories public

(root)/pm/trunk/login.php @ 325 – Rev 4