0,0 → 1,111 |
<?php |
require_once('version.inc'); |
require_once('dbaccess.inc'); |
require_once('language.inc'); |
require_once('helper.inc'); |
require_once('crypt.inc'); |
require_once('settings.inc'); |
|
$user = $_REQUEST['user']; |
$pass = $_REQUEST['pass']; |
|
$db = OpenDB(); |
$query = "select mi_userid, mi_passwd, mi_num, mi_vname, mi_nname,"; |
$query .= "mi_rstufe, mi_hacker from mitarbeiter where mi_userid = '$user'"; |
|
if (!($result = QueryDB($db, $query))) |
$nrow = 0; |
else |
$nrow = numrowsDB($result); |
|
if ($nrow != 1) { |
$ini_array = parse_ini_file("setup/setup.dat"); |
$suser = $ini_array['suser']; |
$passw = $ini_array['password']; |
$pw = md5($pass); |
|
if ($user == $suser && $passw == $pw) { |
$headline = 4; |
$menu = 4; |
$rstufe = 0; |
$unum = 0; |
$cunum = encrypt($unum); |
$crstufe = encrypt($rstufe); |
setcookie("TPMunum", $cunum, time()+86400); |
setcookie("TPMrstufe", $crstufe, time()+86400); |
$login = 1; |
Journal(400, "login.php: User: 0 = Verwaltungsuser", $db); |
require('header.inc'); |
require_once('menu.inc'); |
// Here we can insert a splash screen, if we want to. |
require('start.inc'); |
} else { |
require('header.inc'); |
echo "<td></td></tr></table></td></tr></table>\n"; |
Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n")); |
echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n"; |
echo "<input type=\"hidden\" name=\"headline\" value=1>\n"; |
Button(GetMessage($db, 217, "Weiter -->"), "error"); |
echo "</form>\n"; |
closeDB($db); |
require('footer.inc'); |
exit; |
} |
} else { |
$data = fetchDB($result, 0); |
$suser = $data[0]; |
$passw = $data[1]; |
$unum = $data [2]; |
$vname = $data[3]; |
$nname = $data[4]; |
$rstufe = $data[5]; |
$hacker = $data[6]; |
$pw = md5($pass); |
|
if ($hacker >= 3) { |
require('header.inc'); |
echo "<td></td></tr></table></td></tr></table>\n"; |
echo "<p>Sie haben mehrfach versucht dieses System illegal zu\n"; |
echo "manipulieren und wurden daher <b>gesperrt</b>!<br>\n"; |
echo "Um wieder freigeschalten zu werden, wenden sie sich bitte\n"; |
echo "an den <b>Systemadministrator</b>!</p>\n"; |
Journal(403, "login.php: User: $unum = $nname $vname", $db); |
closeDB($db); |
require('footer.inc'); |
exit; |
} |
|
if ($rstufe == 5 || $user != $suser || $passw != $pw) { |
require('header.inc'); |
echo "<td></td></tr></table></td></tr></table>\n"; |
Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n")); |
echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n"; |
echo "<input type=\"hidden\" name=\"headline\" value=1>\n"; |
|
if ($user == $suser) |
Journal(402, "login.php: User: $suser", $db); |
|
Button(GetMessage($db, 217, "Weiter -->"), "error"); |
echo "</form>\n"; |
closeDB($db); |
require('footer.inc'); |
exit; |
} |
|
$headline = 3; |
$menu = 1; |
$cunum = encrypt($unum); |
$crstufe = encrypt($rstufe); |
setcookie("TPMunum", $cunum, time()+86400); |
setcookie("TPMrstufe", $crstufe, time()+86400); |
// $login = 1; |
require('header.inc'); |
require_once('menu.inc'); |
Journal(400, "login.php: User: $unum = $nname $vname"); |
// Here we can insert a splash screen, if we want to. |
require('start.inc'); |
} |
|
//closeDB($db); |
require('footer.inc'); |
?> |