function user_login_check($auto = false)
{
global $allgAr, $menu;
$formpassed = false;
$cn = session_und_cookie_name();
if (isset($_POST['user_login_sub']) and isset($_POST['email']) and isset($_POST['pass'])) {
debug('posts vorhanden');
// prüfen ob Eingabe = Email oder Username
if (preg_match('/^[^@]+@[a-zA-Z0-9._-]+\\.[a-zA-Z]+$/', $_POST['email'], $matsch)) {
$lower = get_lower($_POST['email']);
$value = escape_for_email($lower);
$term = "email = BINARY '" . $value . "'";
debug('Login mit Email: ' . $value);
} else {
$lower = get_lower($_POST['email']);
$value = escape($lower, 'string');
$term = "name_clean = '" . $value . "'";
debug('Login mit Nickname: ' . $value);
}
if ($lower != $value) {
return false;
}
$erg = db_query("SELECT `name`,`id`,`recht`,`pass`,`llogin`, `sperre` FROM `prefix_user` WHERE " . $term);
$formpassed = true;
} elseif ($auto) {
$dat = explode('=', $_COOKIE[$cn]);
$id = $pw = 0;
if (isset($dat[0])) {
$id = escape($dat[0], 'integer');
}
if (isset($dat[1])) {
$pw = $dat[1];
}
debug(' pw ' . $pw);
debug(' id ' . $id);
$erg = db_query("SELECT `name`,`id`,`recht`,`pass`,`llogin`,`sperre` FROM `prefix_user` WHERE `id` = " . $id);
}
if (isset($erg) and db_num_rows($erg) == 1) {
$row = db_fetch_assoc($erg);
debug('user gefunden... ' . $row['name']);
if ($row['sperre'] == 1) {
debug('user gesperrt... ' . $row['name']);
return false;
} elseif (!$auto and $row['pass'] == md5($_POST['pass']) or $auto and $row['pass'] == $pw) {
debug('passwort stimmt ... ' . $row['name']);
$_SESSION['authname'] = $row['name'];
$_SESSION['authid'] = (int) $row['id'];
$_SESSION['authright'] = (int) $row['recht'];
$_SESSION['authlang'] = $allgAr['lang'];
$_SESSION['lastlogin'] = (int) $row['llogin'];
$_SESSION['authsess'] = $cn;
$_SESSION['sperre'] = $row['sperre'];
db_query('DELETE FROM `prefix_online` WHERE `uid` = ' . $_SESSION['authid'] . ' AND `sid` != "' . session_id() . '"');
db_query('UPDATE `prefix_online` SET `uid` = ' . $_SESSION['authid'] . ' WHERE `sid` = "' . session_id() . '"');
$cookiepath = str_replace('\\', '/', dirname($_SERVER['SCRIPT_NAME']));
if (strlen($cookiepath) > 1) {
$cookiepath .= '/';
}
setcookie($cn, $row['id'] . '=' . $row['pass'], strtotime('+1 year'), $cookiepath, '', false, true);
user_set_grps_and_modules();
return true;
}
}
if ($formpassed) {
$menu->set_url(0, 'user');
$menu->set_url(1, 'login');
}
return false;
}
function user_login_check()
{
if (isset($_POST['user_login_sub']) and isset($_POST['name']) and isset($_POST['pass'])) {
debug('posts vorhanden');
$name = escape_nickname($_POST['name']);
if ($name != $_POST['name'] or strlen($_POST['name']) > 15) {
return false;
}
$erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '" . $name . "'");
if (db_num_rows($erg) == 1) {
debug('user gefunden');
$row = db_fetch_assoc($erg);
if (user_pw_check($_POST['pass'], $row['pass'], $row['id'])) {
debug('passwort stimmt ... ' . $row['name']);
$_SESSION['authname'] = $row['name'];
$_SESSION['authid'] = $row['id'];
$_SESSION['authright'] = $row['recht'];
$_SESSION['lastlogin'] = $row['llogin'];
$_SESSION['authsess'] = session_und_cookie_name();
db_query("UPDATE prefix_online SET uid = " . $_SESSION['authid'] . " WHERE sid = '" . session_id() . "'");
user_set_cookie($row['id'], $row['pass']);
user_set_grps_and_modules();
return true;
}
}
global $menu;
$menu->set_url(0, 'user');
$menu->set_url(1, 'login');
}
return false;
}
