$REX_LOGIN = new rex_login();
$REX_LOGIN->setSqlDb(1);
$REX_LOGIN->setSysID($REX['INSTNAME']);
$REX_LOGIN->setSessiontime(3000);
$REX_LOGIN->setLanguage($I18N->msg("htmllang"));
if ($REX['PSWFUNC'] != "") {
$REX_LOGIN->setPasswordFunction($REX['PSWFUNC']);
}
$REX_LOGIN->setLogin($REX_ULOGIN, $REX_UPSW);
if (isset($FORM['logout']) and $FORM['logout'] == 1) {
$REX_LOGIN->setLogout(true);
}
$REX_LOGIN->setUserID($REX['TABLE_PREFIX'] . "user.user_id");
$REX_LOGIN->setUserquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE user_id = 'USR_UID'");
$REX_LOGIN->setLoginquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE login = '******' and psw = 'USR_PSW' and lasttrydate <'" . (time() - $REX['RELOGINDELAY']) . "'");
if (!$REX_LOGIN->checkLogin()) {
// login failed
$FORM["loginmessage"] = $REX_LOGIN->message;
$LOGIN = FALSE;
$page = "login";
// fehlversuch speichern | login_tries++
if ($REX_ULOGIN != "") {
$fvs = new sql();
$fvs->query("update " . $REX['TABLE_PREFIX'] . "user set login_tries=login_tries+1,lasttrydate='" . time() . "' where login='******'");
}
} else {
// gelungenen versuch speichern | login_tries = 0
if ($REX_ULOGIN != "") {
$fvs = new sql();
$fvs->query("update " . $REX['TABLE_PREFIX'] . "user set login_tries=0,lasttrydate='" . time() . "' where login='******'");
header("Location:index.php?page=structure");
public function checkLogin()
{
$sql = rex_sql::factory();
$userId = $this->getSessionVar('UID');
$cookiename = 'rex_user_' . sha1(rex::getProperty('instname'));
if ($cookiekey = rex_cookie($cookiename, 'string')) {
if (!$userId) {
$sql->setQuery('SELECT id FROM ' . rex::getTable('user') . ' WHERE cookiekey = ? LIMIT 1', [$cookiekey]);
if ($sql->getRows() == 1) {
$this->setSessionVar('UID', $sql->getValue('id'));
setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
} else {
setcookie($cookiename, '', time() - 3600);
}
}
$this->setSessionVar('STAMP', time());
}
$check = parent::checkLogin();
if ($check) {
// gelungenen versuch speichern | login_tries = 0
if ($this->userLogin != '' || !$userId) {
$this->regenerateSessionId();
$params = [];
$add = '';
if ($this->stayLoggedIn || $cookiekey) {
$cookiekey = sha1($this->systemId . time() . $this->userLogin);
$add = 'cookiekey = ?, ';
$params[] = $cookiekey;
setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
}
if (self::passwordNeedsRehash($this->user->getValue('password'))) {
$add .= 'password = ?, ';
$params[] = self::passwordHash($this->userPassword, true);
}
array_push($params, rex_sql::datetime(), session_id(), $this->userLogin);
$sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, session_id=? WHERE login=? LIMIT 1', $params);
}
$this->user = new rex_user($this->user);
} else {
// fehlversuch speichern | login_tries++
if ($this->userLogin != '') {
$sql->setQuery('SELECT login_tries FROM ' . $this->tableName . ' WHERE login=? LIMIT 1', [$this->userLogin]);
if ($sql->getRows() > 0) {
$login_tries = $sql->getValue('login_tries');
$sql->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",cookiekey="",lasttrydate=? WHERE login=? LIMIT 1', [rex_sql::datetime(), $this->userLogin]);
if ($login_tries >= self::LOGIN_TRIES_1 - 1) {
$time = $login_tries < self::LOGIN_TRIES_2 ? self::RELOGIN_DELAY_1 : self::RELOGIN_DELAY_2;
$hours = floor($time / 3600);
$mins = floor(($time - $hours * 3600) / 60);
$secs = $time % 60;
$formatted = ($hours ? $hours . 'h ' : '') . ($hours || $mins ? $mins . 'min ' : '') . $secs . 's';
$this->message .= ' ' . rex_i18n::msg('login_wait', '<strong data-time="' . $time . '">' . $formatted . '</strong>');
}
}
}
}
if ($this->isLoggedOut() && $userId != '') {
$sql->setQuery('UPDATE ' . $this->tableName . ' SET session_id="", cookiekey="" WHERE id=? LIMIT 1', [$userId]);
setcookie($cookiename, '', time() - 3600);
}
return $check;
}
function checkLogin()
{
global $REX;
$fvs = new rex_sql();
// $fvs->debugsql = true;
$userId = $this->getSessionVar('UID');
$check = parent::checkLogin();
if ($check) {
// gelungenen versuch speichern | login_tries = 0
if ($this->usr_login != '') {
$this->sessionFixation();
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=0, lasttrydate=' . time() . ', session_id="' . session_id() . '" WHERE login="******" LIMIT 1');
}
} else {
// fehlversuch speichern | login_tries++
if ($this->usr_login != '') {
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",lasttrydate=' . time() . ' WHERE login="******" LIMIT 1');
}
}
if ($this->isLoggedOut() && $userId != '') {
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET session_id="" WHERE user_id="' . $userId . '" LIMIT 1');
}
if ($fvs->hasError()) {
return $fvs->getError();
}
return $check;
}
