<?php
/*
* Copyright (c) 2015, Johannes Boost <jjjb at usw-tools.de>
*
* Lizenziert unter: Creative Commons Lizenzvertrag - CC-BY-NC-SA
* Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen
* http://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode
*/
require_once __DIR__ . '/../../includes/auth.inc';
require_once __DIR__ . '/../../includes/functions.inc';
require_once __DIR__ . '/../../includes/functions.inc';
$tze = new tze();
$oDatenbank = $tze->mysql();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$action = filter_input(INPUT_POST, 'action');
$mode = filter_input(INPUT_POST, 'mode');
$id = filter_input(INPUT_POST, 'id', FILTER_VALIDATE_INT);
if ($mode == "admin") {
#
# Admin Status Prüfen
#
if (!$_SESSION['iAdmin'] == 1) {
exit_error('unzureichende Rechte!');
} else {
// ziehe Projekte Liste
if ($action == 'projekt-list') {
$strQuery = "SELECT id, Projekt FROM `projekte` WHERE id > 0 AND deleted != 1";
$request = $oDatenbank->query($strQuery);
$rows = array();
while ($row = $request->fetch_assoc()) {
# Auf HTTPS umleiten und beenden
$redirect = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
header("Location: {$redirect}");
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST' && filter_input(INPUT_POST, 'action') === "login") {
require_once __DIR__ . '/../includes/mysql.inc';
require_once __DIR__ . '/../includes/passwordLib.inc';
$regexPattern = array("options" => array("regexp" => "/^[a-zA-Z0-9]+\$/"));
$sLogin = filter_input(INPUT_POST, 'tze_login', FILTER_VALIDATE_REGEXP, $regexPattern);
if (is_null($sLogin) || !$sLogin) {
sleep(3);
exit('{"Result":"ERROR","Message":"Login ungültig!"}');
}
$sPassword = filter_input(INPUT_POST, 'tze_passwd');
$Datenbank = tze::mysql();
$result = $Datenbank->query("SELECT * FROM ma WHERE sLogin = '******' AND `deleted` <> '1'");
if (!$result) {
$sError = "Fehler mit der Datenbank!";
} else {
if ($result->num_rows !== 1) {
$sError = "Name oder Passwort falsch!";
} else {
$row = $result->fetch_assoc();
if (!$row["bLogin_Allowed"]) {
$sError = "Hinweis: Login ist gesperrt!";
} else {
if (!password_verify($sPassword, $row["sPassword_hash"])) {
$sError = "Name oder Passwort falsch!";
} else {
session_start();
<?php
#
# Copyright (c) 2015, Johannes Boost <jjjb at usw-tools.de>
#
# Lizenziert unter: Creative Commons Lizenzvertrag - CC-BY-NC-SA
# Namensnennung - Nicht-kommerziell - Weitergabe unter gleichen Bedingungen
# http://creativecommons.org/licenses/by-nc-sa/3.0/de/legalcode
#
$strSubSiteName = 'Passwort';
require_once __DIR__ . '/../includes/auth.inc';
require_once __DIR__ . '/../includes/functions.inc';
require_once __DIR__ . '/../includes/passwordLib.inc';
$tze = new tze();
$oDB = $tze->mysql();
$sError = "";
$sIntro = "";
if ($_SESSION["bForce_Update_PW"]) {
$sIntro = "<p>Das Passwort muss geändert werden!</p>\n";
}
$iPasswordUserID = $_SESSION['userId'];
$result = $tze->get_Results('SELECT * FROM ma WHERE userId = ?', 'i', $iPasswordUserID);
if ($result) {
if (count($result) == 1) {
$sUserName = $result[0]["sLogin"] . " (" . $result[0]['sVorname'] . " " . $result[0]['sNachname'] . ")";
$sOldPassword_hash = $result[0]["sPassword_hash"];
} else {
$sUserName = "******"font-size: smaller; color: #800000;\">User nicht gefunden!</span>\n";
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
