-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.php
201 lines (170 loc) · 6.47 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
<?php
// **********************************************************************************
// ** **
// ** login.php (c) Wolfram Plettscher 02/2016 **
// ** **
// **********************************************************************************
include "inc/menuhref.inc";
include "inc/password.class.php";
//-----------------------------------------------------------------------------------
// react on previously pushed buttons ---
//-----------------------------------------------------------------------------------
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
session_start();
$account = $_POST['account'];
$user = $_POST['user'];
$pw = $_POST['pw'];
// we check inputs of account, user and password before we allow to access the DB
// all three inputs will be verified by Password::check (same criteria)
if (Password::check ($account) && Password::check($user) && Password::check($pw)) {
// now hash the password to check against DB
Password::$salt = $user;
$pw_hash = Password::hash ($pw);
//echo $pw_hash;
//exit();
$hostname = $_SERVER['HTTP_HOST'];
$path = dirname($_SERVER['PHP_SELF']);
// Access database to verify credentials
include "mysql/credentials.inc";
$mysqli = new mysqli($host,$username,$password,$database);
// Verbindung prüfen
if (mysqli_connect_errno()) {
printf ("Verbindung fehlgeschlagen: %s\n", mysqli_connect_error());
exit();
}
// Get account uuid and check, if account is active
$query = $mysqli->query ("SELECT acc_uuid, inv_company
FROM account
WHERE acc_name = '$account'
AND active = '1'
");
if ($result = $query->fetch_object()) {
$myacc = $result->acc_uuid;
$_SESSION['account'] = $myacc;
$_SESSION['company'] = $result->inv_company;
// check and hash the password
$pwh = new Password();
if (! $pwh->check ($pw))
exit();
$pw_hash = $pwh->hash ($pw);
//$pw_hash = md5($pw);
// Select the user from database
$query = $mysqli->query ("SELECT user_uuid, firstname, lastname, user_role
FROM user
WHERE user = '$user'
AND password = '$pw_hash'
AND acc_uuid = '$myacc'
");
if ($result = $query->fetch_object()) {
// we found the user in database
$_SESSION['loggedin'] = true;
$_SESSION['TIME'] = time();
$_SESSION['welcome'] = "Welcome " . "{$result->firstname}" . " {$result->lastname}";
$_SESSION['userid'] = "{$result->user_uuid}";
$_SESSION['usershort'] = $user;
$_SESSION['kicker'] = "";
$_SESSION['usergroup'] = $result->user_role;
// update last login and # of logins
$myid = "{$result->user_uuid}";
$query = $mysqli->query ("UPDATE user
SET sessionctr = sessionctr + 1
WHERE user_uuid = '$myid'");
// get group rights
// $query = $mysqli->query ("SELECT groupshort
// FROM user2group
// WHERE usershort = '$user'
// ");
// if ($result = $query->fetch_object()) {
// $_SESSION['usergroup'] = "{$result->groupshort}";
// }
// select default project
$query = $mysqli->query ("SELECT proj_uuid, projshort
FROM user2proj
WHERE user_uuid = '$myid'
ORDER BY defaultproj DESC, projshort ASC
");
if ($result = $query->fetch_object()) {
$myprojid = "{$result->proj_uuid}";
$_SESSION['projid'] = $myprojid;
$query = $mysqli->query ("SELECT projlong
FROM project
WHERE proj_uuid = '$myprojid'
");
if ($result = $query->fetch_object()) {
$_SESSION['project'] = "Project: " . "{$result->projlong}";
}
}
// Weiterleitung zur geschützten Startseite
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.1') {
if (php_sapi_name() == 'cgi') {
header('Status: 303 See Other');
} else {
header('HTTP/1.1 303 See Other');
}
}
header ('Location: ' . checksslproxy ('index.php?section=home'));
exit;
}
}
}
}
?>
<!--
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="https://www.w3.org/1999/xhtml" xml:lang="de" lang="de">
-->
<!DOCTYPE html>
<html>
<head>
<title>WP Tools</title>
<link href="css/style.css" rel="stylesheet" type="text/css">
<?php
include ('css/menu.inc');
include ('css/stdbutton.inc');
?>
</head>
<body>
<div id="wrapper">
<div id="header">
<table width="980px"><tr>
<td align="left" valign="bottom"><h3> </h3></td>
<td align="right" valign="middle"></td>
</tr></table>
</div>
<div id="cssmenu">
<ul>
<li class='active'><a href='<?php echo checksslproxy ('login.php')?>'><span>Login</span></a></li>
<li><a href='<?php echo checksslproxy ('privacy.php')?>'><span>Privacy Policy</span></a></li>
<li><a href='<?php echo checksslproxy ('loginimpressum.php')?>'><span>Impressum</span></a></li>
</ul>
</div>
<div id="contentbody">
<h1>Wolfram Plettscher's Project Tools</h1>
<form action="<?php echo checksslproxy ('login.php')?>" method="post">
<table>
<tr>
<td>Account: </td>
<td><input type="text" name="account" size="20" value="" maxlength="30" tabindex="1"/></td>
</tr><tr>
<td>Username: </td>
<td><input type="text" name="user" size="20" value="" maxlength="30" tabindex="2"/></td>
</tr><tr>
<td>Password: </td>
<td><input type="password" name="pw" size="20" value="" maxlength="30" tabindex="3"/></td>
</tr>
</table>
<br />
<table>
<tr>
<td><input class='css_btn_class' name='login' type='submit' value='login' /></td>
<td><input class='css_btn_class' name='newaccount' type='submit' value='new Account' formaction='newaccount.php'/></td>
</tr>
</table>
</form>
</div>
</div>
<div id="footer">
© Wolfram Plettscher 2018
</div>
</body>
</html>