<?php /* * Copyright (c) 2015, Johannes Boost <jjjb at usw-tools.de> * * Lizenziert unter: Creative Commons Lizenzvertrag - CC-BY-NC-SA * Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen * http://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode */ require_once __DIR__ . '/../../includes/auth.inc'; require_once __DIR__ . '/../../includes/functions.inc'; require_once __DIR__ . '/../../includes/functions.inc'; $tze = new tze(); $oDatenbank = $tze->mysql(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $action = filter_input(INPUT_POST, 'action'); $mode = filter_input(INPUT_POST, 'mode'); $id = filter_input(INPUT_POST, 'id', FILTER_VALIDATE_INT); if ($mode == "admin") { # # Admin Status Prüfen # if (!$_SESSION['iAdmin'] == 1) { exit_error('unzureichende Rechte!'); } else { // ziehe Projekte Liste if ($action == 'projekt-list') { $strQuery = "SELECT id, Projekt FROM `projekte` WHERE id > 0 AND deleted != 1"; $request = $oDatenbank->query($strQuery); $rows = array(); while ($row = $request->fetch_assoc()) {
# Auf HTTPS umleiten und beenden $redirect = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; header("Location: {$redirect}"); exit; } if ($_SERVER['REQUEST_METHOD'] == 'POST' && filter_input(INPUT_POST, 'action') === "login") { require_once __DIR__ . '/../includes/mysql.inc'; require_once __DIR__ . '/../includes/passwordLib.inc'; $regexPattern = array("options" => array("regexp" => "/^[a-zA-Z0-9]+\$/")); $sLogin = filter_input(INPUT_POST, 'tze_login', FILTER_VALIDATE_REGEXP, $regexPattern); if (is_null($sLogin) || !$sLogin) { sleep(3); exit('{"Result":"ERROR","Message":"Login ungültig!"}'); } $sPassword = filter_input(INPUT_POST, 'tze_passwd'); $Datenbank = tze::mysql(); $result = $Datenbank->query("SELECT * FROM ma WHERE sLogin = '******' AND `deleted` <> '1'"); if (!$result) { $sError = "Fehler mit der Datenbank!"; } else { if ($result->num_rows !== 1) { $sError = "Name oder Passwort falsch!"; } else { $row = $result->fetch_assoc(); if (!$row["bLogin_Allowed"]) { $sError = "Hinweis: Login ist gesperrt!"; } else { if (!password_verify($sPassword, $row["sPassword_hash"])) { $sError = "Name oder Passwort falsch!"; } else { session_start();
<?php # # Copyright (c) 2015, Johannes Boost <jjjb at usw-tools.de> # # Lizenziert unter: Creative Commons Lizenzvertrag - CC-BY-NC-SA # Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen # http://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode # $strSubSiteName = 'Passwort'; require_once __DIR__ . '/../includes/auth.inc'; require_once __DIR__ . '/../includes/functions.inc'; require_once __DIR__ . '/../includes/passwordLib.inc'; $tze = new tze(); $oDB = $tze->mysql(); $sError = ""; $sIntro = ""; if ($_SESSION["bForce_Update_PW"]) { $sIntro = "<p>Das Passwort muss geändert werden!</p>\n"; } $iPasswordUserID = $_SESSION['userId']; $result = $tze->get_Results('SELECT * FROM ma WHERE userId = ?', 'i', $iPasswordUserID); if ($result) { if (count($result) == 1) { $sUserName = $result[0]["sLogin"] . " (" . $result[0]['sVorname'] . " " . $result[0]['sNachname'] . ")"; $sOldPassword_hash = $result[0]["sPassword_hash"]; } else { $sUserName = "******"font-size: smaller; color: #800000;\">User nicht gefunden!</span>\n"; } } if ($_SERVER['REQUEST_METHOD'] == 'POST') {