| 0,0 → 1,111 |
|---|
| <?php |
| require_once('version.inc'); |
| require_once('dbaccess.inc'); |
| require_once('language.inc'); |
| require_once('helper.inc'); |
| require_once('crypt.inc'); |
| require_once('settings.inc'); |
| |
| $user = $_REQUEST['user']; |
| $pass = $_REQUEST['pass']; |
| |
| $db = OpenDB(); |
| $query = "select mi_userid, mi_passwd, mi_num, mi_vname, mi_nname,"; |
| $query .= "mi_rstufe, mi_hacker from mitarbeiter where mi_userid = '$user'"; |
| |
| if (!($result = QueryDB($db, $query))) |
| $nrow = 0; |
| else |
| $nrow = numrowsDB($result); |
| |
| if ($nrow != 1) { |
| $ini_array = parse_ini_file("setup/setup.dat"); |
| $suser = $ini_array['suser']; |
| $passw = $ini_array['password']; |
| $pw = md5($pass); |
| |
| if ($user == $suser && $passw == $pw) { |
| $headline = 4; |
| $menu = 4; |
| $rstufe = 0; |
| $unum = 0; |
| $cunum = encrypt($unum); |
| $crstufe = encrypt($rstufe); |
| setcookie("TPMunum", $cunum, time()+86400); |
| setcookie("TPMrstufe", $crstufe, time()+86400); |
| $login = 1; |
| Journal(400, "login.php: User: 0 = Verwaltungsuser", $db); |
| require('header.inc'); |
| require_once('menu.inc'); |
| // Here we can insert a splash screen, if we want to. |
| require('start.inc'); |
| } else { |
| require('header.inc'); |
| echo "<td></td></tr></table></td></tr></table>\n"; |
| Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n")); |
| echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n"; |
| echo "<input type=\"hidden\" name=\"headline\" value=1>\n"; |
| Button(GetMessage($db, 217, "Weiter -->"), "error"); |
| echo "</form>\n"; |
| closeDB($db); |
| require('footer.inc'); |
| exit; |
| } |
| } else { |
| $data = fetchDB($result, 0); |
| $suser = $data[0]; |
| $passw = $data[1]; |
| $unum = $data [2]; |
| $vname = $data[3]; |
| $nname = $data[4]; |
| $rstufe = $data[5]; |
| $hacker = $data[6]; |
| $pw = md5($pass); |
| |
| if ($hacker >= 3) { |
| require('header.inc'); |
| echo "<td></td></tr></table></td></tr></table>\n"; |
| echo "<p>Sie haben mehrfach versucht dieses System illegal zu\n"; |
| echo "manipulieren und wurden daher <b>gesperrt</b>!<br>\n"; |
| echo "Um wieder freigeschalten zu werden, wenden sie sich bitte\n"; |
| echo "an den <b>Systemadministrator</b>!</p>\n"; |
| Journal(403, "login.php: User: $unum = $nname $vname", $db); |
| closeDB($db); |
| require('footer.inc'); |
| exit; |
| } |
| |
| if ($rstufe == 5 || $user != $suser || $passw != $pw) { |
| require('header.inc'); |
| echo "<td></td></tr></table></td></tr></table>\n"; |
| Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n")); |
| echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n"; |
| echo "<input type=\"hidden\" name=\"headline\" value=1>\n"; |
| |
| if ($user == $suser) |
| Journal(402, "login.php: User: $suser", $db); |
| |
| Button(GetMessage($db, 217, "Weiter -->"), "error"); |
| echo "</form>\n"; |
| closeDB($db); |
| require('footer.inc'); |
| exit; |
| } |
| |
| $headline = 3; |
| $menu = 1; |
| $cunum = encrypt($unum); |
| $crstufe = encrypt($rstufe); |
| setcookie("TPMunum", $cunum, time()+86400); |
| setcookie("TPMrstufe", $crstufe, time()+86400); |
| // $login = 1; |
| require('header.inc'); |
| require_once('menu.inc'); |
| Journal(400, "login.php: User: $unum = $nname $vname"); |
| // Here we can insert a splash screen, if we want to. |
| require('start.inc'); |
| } |
| |
| //closeDB($db); |
| require('footer.inc'); |
| ?> |