$REX_LOGIN = new rex_login(); $REX_LOGIN->setSqlDb(1); $REX_LOGIN->setSysID($REX['INSTNAME']); $REX_LOGIN->setSessiontime(3000); $REX_LOGIN->setLanguage($I18N->msg("htmllang")); if ($REX['PSWFUNC'] != "") { $REX_LOGIN->setPasswordFunction($REX['PSWFUNC']); } $REX_LOGIN->setLogin($REX_ULOGIN, $REX_UPSW); if (isset($FORM['logout']) and $FORM['logout'] == 1) { $REX_LOGIN->setLogout(true); } $REX_LOGIN->setUserID($REX['TABLE_PREFIX'] . "user.user_id"); $REX_LOGIN->setUserquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE user_id = 'USR_UID'"); $REX_LOGIN->setLoginquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE login = '******' and psw = 'USR_PSW' and lasttrydate <'" . (time() - $REX['RELOGINDELAY']) . "'"); if (!$REX_LOGIN->checkLogin()) { // login failed $FORM["loginmessage"] = $REX_LOGIN->message; $LOGIN = FALSE; $page = "login"; // fehlversuch speichern | login_tries++ if ($REX_ULOGIN != "") { $fvs = new sql(); $fvs->query("update " . $REX['TABLE_PREFIX'] . "user set login_tries=login_tries+1,lasttrydate='" . time() . "' where login='******'"); } } else { // gelungenen versuch speichern | login_tries = 0 if ($REX_ULOGIN != "") { $fvs = new sql(); $fvs->query("update " . $REX['TABLE_PREFIX'] . "user set login_tries=0,lasttrydate='" . time() . "' where login='******'"); header("Location:index.php?page=structure");
public function checkLogin() { $sql = rex_sql::factory(); $userId = $this->getSessionVar('UID'); $cookiename = 'rex_user_' . sha1(rex::getProperty('instname')); if ($cookiekey = rex_cookie($cookiename, 'string')) { if (!$userId) { $sql->setQuery('SELECT id FROM ' . rex::getTable('user') . ' WHERE cookiekey = ? LIMIT 1', [$cookiekey]); if ($sql->getRows() == 1) { $this->setSessionVar('UID', $sql->getValue('id')); setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365); } else { setcookie($cookiename, '', time() - 3600); } } $this->setSessionVar('STAMP', time()); } $check = parent::checkLogin(); if ($check) { // gelungenen versuch speichern | login_tries = 0 if ($this->userLogin != '' || !$userId) { $this->regenerateSessionId(); $params = []; $add = ''; if ($this->stayLoggedIn || $cookiekey) { $cookiekey = sha1($this->systemId . time() . $this->userLogin); $add = 'cookiekey = ?, '; $params[] = $cookiekey; setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365); } if (self::passwordNeedsRehash($this->user->getValue('password'))) { $add .= 'password = ?, '; $params[] = self::passwordHash($this->userPassword, true); } array_push($params, rex_sql::datetime(), session_id(), $this->userLogin); $sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, session_id=? WHERE login=? LIMIT 1', $params); } $this->user = new rex_user($this->user); } else { // fehlversuch speichern | login_tries++ if ($this->userLogin != '') { $sql->setQuery('SELECT login_tries FROM ' . $this->tableName . ' WHERE login=? LIMIT 1', [$this->userLogin]); if ($sql->getRows() > 0) { $login_tries = $sql->getValue('login_tries'); $sql->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",cookiekey="",lasttrydate=? WHERE login=? LIMIT 1', [rex_sql::datetime(), $this->userLogin]); if ($login_tries >= self::LOGIN_TRIES_1 - 1) { $time = $login_tries < self::LOGIN_TRIES_2 ? self::RELOGIN_DELAY_1 : self::RELOGIN_DELAY_2; $hours = floor($time / 3600); $mins = floor(($time - $hours * 3600) / 60); $secs = $time % 60; $formatted = ($hours ? $hours . 'h ' : '') . ($hours || $mins ? $mins . 'min ' : '') . $secs . 's'; $this->message .= ' ' . rex_i18n::msg('login_wait', '<strong data-time="' . $time . '">' . $formatted . '</strong>'); } } } } if ($this->isLoggedOut() && $userId != '') { $sql->setQuery('UPDATE ' . $this->tableName . ' SET session_id="", cookiekey="" WHERE id=? LIMIT 1', [$userId]); setcookie($cookiename, '', time() - 3600); } return $check; }
function checkLogin() { global $REX; $fvs = new rex_sql(); // $fvs->debugsql = true; $userId = $this->getSessionVar('UID'); $check = parent::checkLogin(); if ($check) { // gelungenen versuch speichern | login_tries = 0 if ($this->usr_login != '') { $this->sessionFixation(); $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=0, lasttrydate=' . time() . ', session_id="' . session_id() . '" WHERE login="******" LIMIT 1'); } } else { // fehlversuch speichern | login_tries++ if ($this->usr_login != '') { $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",lasttrydate=' . time() . ' WHERE login="******" LIMIT 1'); } } if ($this->isLoggedOut() && $userId != '') { $fvs->setQuery('UPDATE ' . $this->tableName . ' SET session_id="" WHERE user_id="' . $userId . '" LIMIT 1'); } if ($fvs->hasError()) { return $fvs->getError(); } return $check; }