function user_login_check($auto = false) { global $allgAr, $menu; $formpassed = false; $cn = session_und_cookie_name(); if (isset($_POST['user_login_sub']) and isset($_POST['email']) and isset($_POST['pass'])) { debug('posts vorhanden'); // prüfen ob Eingabe = Email oder Username if (preg_match('/^[^@]+@[a-zA-Z0-9._-]+\\.[a-zA-Z]+$/', $_POST['email'], $matsch)) { $lower = get_lower($_POST['email']); $value = escape_for_email($lower); $term = "email = BINARY '" . $value . "'"; debug('Login mit Email: ' . $value); } else { $lower = get_lower($_POST['email']); $value = escape($lower, 'string'); $term = "name_clean = '" . $value . "'"; debug('Login mit Nickname: ' . $value); } if ($lower != $value) { return false; } $erg = db_query("SELECT `name`,`id`,`recht`,`pass`,`llogin`, `sperre` FROM `prefix_user` WHERE " . $term); $formpassed = true; } elseif ($auto) { $dat = explode('=', $_COOKIE[$cn]); $id = $pw = 0; if (isset($dat[0])) { $id = escape($dat[0], 'integer'); } if (isset($dat[1])) { $pw = $dat[1]; } debug(' pw ' . $pw); debug(' id ' . $id); $erg = db_query("SELECT `name`,`id`,`recht`,`pass`,`llogin`,`sperre` FROM `prefix_user` WHERE `id` = " . $id); } if (isset($erg) and db_num_rows($erg) == 1) { $row = db_fetch_assoc($erg); debug('user gefunden... ' . $row['name']); if ($row['sperre'] == 1) { debug('user gesperrt... ' . $row['name']); return false; } elseif (!$auto and $row['pass'] == md5($_POST['pass']) or $auto and $row['pass'] == $pw) { debug('passwort stimmt ... ' . $row['name']); $_SESSION['authname'] = $row['name']; $_SESSION['authid'] = (int) $row['id']; $_SESSION['authright'] = (int) $row['recht']; $_SESSION['authlang'] = $allgAr['lang']; $_SESSION['lastlogin'] = (int) $row['llogin']; $_SESSION['authsess'] = $cn; $_SESSION['sperre'] = $row['sperre']; db_query('DELETE FROM `prefix_online` WHERE `uid` = ' . $_SESSION['authid'] . ' AND `sid` != "' . session_id() . '"'); db_query('UPDATE `prefix_online` SET `uid` = ' . $_SESSION['authid'] . ' WHERE `sid` = "' . session_id() . '"'); $cookiepath = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME'])); if (strlen($cookiepath) > 1) { $cookiepath .= '/'; } setcookie($cn, $row['id'] . '=' . $row['pass'], strtotime('+1 year'), $cookiepath, '', false, true); user_set_grps_and_modules(); return true; } } if ($formpassed) { $menu->set_url(0, 'user'); $menu->set_url(1, 'login'); } return false; }
function user_login_check() { if (isset($_POST['user_login_sub']) and isset($_POST['name']) and isset($_POST['pass'])) { debug('posts vorhanden'); $name = escape_nickname($_POST['name']); if ($name != $_POST['name'] or strlen($_POST['name']) > 15) { return false; } $erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '" . $name . "'"); if (db_num_rows($erg) == 1) { debug('user gefunden'); $row = db_fetch_assoc($erg); if (user_pw_check($_POST['pass'], $row['pass'], $row['id'])) { debug('passwort stimmt ... ' . $row['name']); $_SESSION['authname'] = $row['name']; $_SESSION['authid'] = $row['id']; $_SESSION['authright'] = $row['recht']; $_SESSION['lastlogin'] = $row['llogin']; $_SESSION['authsess'] = session_und_cookie_name(); db_query("UPDATE prefix_online SET uid = " . $_SESSION['authid'] . " WHERE sid = '" . session_id() . "'"); user_set_cookie($row['id'], $row['pass']); user_set_grps_and_modules(); return true; } } global $menu; $menu->set_url(0, 'user'); $menu->set_url(1, 'login'); } return false; }