Fire-Devils/monitor-frontend
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

ready to go

Browse Source
This commit is contained in:
Manuel Weiser
2018-08-04 17:21:54 +02:00
parent 2c0012a6f4
commit 8cf053078a
7 changed files with 82 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
loginfunctions.inc.php
View File

@ -171,12 +171,13 @@ else
////////////////////////
// Sicherheitsabfrage
////////////////////////
if ( !$_SESSION["name"] && $_GET["mode"] != 'login' && !$_GET["login"] )
if (!isset($_GET["mode"])) $_GET["mode"] ="";
if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
{
echo '
<br><br>
'.$login_infotext.'<br><br>
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head">&nbsp;<b>Login</b></td>
@ -205,12 +206,12 @@ else
';
exit;
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login')
elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( $row[a_name] && $row["a_admin"] != '2' )
if( $row["a_name"] && $row["a_admin"] != '2' )
{
//$_SESSION["name"] = $_REQUEST["a_name"];
//$_SESSION["admin"] = $row["a_admin"];
@ -221,7 +222,7 @@ else
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row[a_mail].'</b> versand.';
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
exit;
}
@ -232,7 +233,7 @@ else
}
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'register')
elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
{
echo '
<br><br>
@ -272,7 +273,7 @@ else
exit;
}
if( !empty($_GET["login"]) )
if( isset($_GET["login"]) )
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
@ -290,7 +291,7 @@ exit;
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $HTTP_USER_AGENT;
$agent = $_SERVER["HTTP_USER_AGENT"];
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;