Blame | Last modification | View Log | RSS feed
<?php
require_once('version.inc');
require_once('dbaccess.inc');
require_once('language.inc');
require_once('helper.inc');
require_once('crypt.inc');
require_once('settings.inc');
$user = $_REQUEST['user'];
$pass = $_REQUEST['pass'];
$db = OpenDB();
$query = "select mi_userid, mi_passwd, mi_num, mi_vname, mi_nname,";
$query .= "mi_rstufe, mi_hacker from mitarbeiter where mi_userid = '$user'";
if (!($result = QueryDB($db, $query)))
$nrow = 0;
else
$nrow = numrowsDB($result);
if ($nrow != 1) {
$ini_array = parse_ini_file("setup/setup.dat");
$suser = $ini_array['suser'];
$passw = $ini_array['password'];
$pw = md5($pass);
if ($user == $suser && $passw == $pw) {
$headline = 4;
$menu = 4;
$rstufe = 0;
$unum = 0;
$cunum = encrypt($unum);
$crstufe = encrypt($rstufe);
setcookie("TPMunum", $cunum, time()+86400);
setcookie("TPMrstufe", $crstufe, time()+86400);
$login = 1;
Journal(400, "login.php: User: 0 = Verwaltungsuser", $db);
require('header.inc');
require_once('menu.inc');
// Here we can insert a splash screen, if we want to.
require('start.inc');
} else {
require('header.inc');
echo "<td></td></tr></table></td></tr></table>\n";
Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n"));
echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"headline\" value=1>\n";
Button(GetMessage($db, 217, "Weiter -->"), "error");
echo "</form>\n";
closeDB($db);
require('footer.inc');
exit;
}
} else {
$data = fetchDB($result, 0);
$suser = $data[0];
$passw = $data[1];
$unum = $data [2];
$vname = $data[3];
$nname = $data[4];
$rstufe = $data[5];
$hacker = $data[6];
$pw = md5($pass);
if ($hacker >= 3) {
require('header.inc');
echo "<td></td></tr></table></td></tr></table>\n";
echo "<p>Sie haben mehrfach versucht dieses System illegal zu\n";
echo "manipulieren und wurden daher <b>gesperrt</b>!<br>\n";
echo "Um wieder freigeschalten zu werden, wenden sie sich bitte\n";
echo "an den <b>Systemadministrator</b>!</p>\n";
Journal(403, "login.php: User: $unum = $nname $vname", $db);
closeDB($db);
require('footer.inc');
exit;
}
if ($rstufe == 5 || $user != $suser || $passw != $pw) {
require('header.inc');
echo "<td></td></tr></table></td></tr></table>\n";
Error(GetMessage($db, 216, "Ungültiger Benutzername oder Passwort!\n"));
echo "<form name=\"error\" action=\"index.php\" method=\"post\">\n";
echo "<input type=\"hidden\" name=\"headline\" value=1>\n";
if ($user == $suser)
Journal(402, "login.php: User: $suser", $db);
Button(GetMessage($db, 217, "Weiter -->"), "error");
echo "</form>\n";
closeDB($db);
require('footer.inc');
exit;
}
$headline = 3;
$menu = 1;
$cunum = encrypt($unum);
$crstufe = encrypt($rstufe);
setcookie("TPMunum", $cunum, time()+86400);
setcookie("TPMrstufe", $crstufe, time()+86400);
// $login = 1;
require('header.inc');
require_once('menu.inc');
Journal(400, "login.php: User: $unum = $nname $vname");
// Here we can insert a splash screen, if we want to.
require('start.inc');
}
//closeDB($db);
require('footer.inc');
?>