Fire-Devils/monitor-frontend
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

update config

Browse Source
This commit is contained in:
Manuel Weiser
2018-10-01 12:12:24 +02:00
parent 0f09a883f4
commit b0a6f832aa
26 changed files with 1148 additions and 598 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
loginfunctions.inc.php
View File

@ -33,12 +33,12 @@ if ( (ip2str($ip_start) <= ip2str($_SERVER["REMOTE_ADDR"]) && ip2str($_SERVER["R
$_SESSION["userid"] = $ip_users[$_SERVER["REMOTE_ADDR"]];
}
$zack = $ip_users[$_SERVER["REMOTE_ADDR"]];
$result = mysql_query("SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '$zack'") or die (mysql_error());
$row = mysql_fetch_array($result);
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '$zack'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
$_SESSION["name"] = $row["a_name"];
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
}
elseif ( $_GET["iam"] == "manuelw" )
elseif ( isset($_GET["iam"]) && $_GET["iam"] == "manuelw" )
{
//$_SESSION["userid"] = '1';
$_SESSION["admin"] = '1';
@ -47,13 +47,13 @@ elseif ( $_GET["iam"] == "manuelw" )
$_SESSION["userid"] = 1;
$result = mysql_query("SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '1'") or die (mysql_error());
$row = mysql_fetch_array($result);
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '1'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
$_SESSION["name"] = $row["a_name"];
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
$filter=1;
}
elseif( $wap == 1 )
elseif( isset($wap) && $wap == 1 )
{
////////////////////////
// Login per Wap
@ -111,12 +111,12 @@ elseif( $wap == 1 )
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login' && $_REQUEST["a_name"] && $_REQUEST["a_pass"])
{
$result = mysql_query("SELECT id, a_name, a_admin, a_mail, real_name, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter, wap_handy, login_count FROM admin_users WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'") or die (mysql_error());
$row = mysql_fetch_array($result);
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter, wap_handy, login_count FROM admin_users WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["wap_handy"] )
{
$result = mysql_query("UPDATE admin_users SET wap_handy='$HTTP_USER_AGENT' WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'");
$result = mysqli_query($dbconn, "UPDATE admin_users SET wap_handy='$HTTP_USER_AGENT' WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'");
}
else
{
@ -140,10 +140,10 @@ elseif( $wap == 1 )
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $HTTP_USER_AGENT;
$result = mysql_query("INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;
$result = mysql_query("UPDATE admin_users SET login_count = '$row[login_count]' WHERE id = '$row[id]' ") or die(mysql_error());
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_count = '$row[login_count]' WHERE id = '$row[id]' ") or die(mysqli_error($dbconn));
}
else
{
@ -158,7 +158,7 @@ elseif( $wap == 1 )
</head>
<body>
Login falsch!<br><a href="javascript:history.back()">zur<EFBFBD>ck</a>
Login falsch!<br><a href="javascript:history.back()">zurück</a>
</body>
</html>';
exit;
@ -171,12 +171,13 @@ else
////////////////////////
// Sicherheitsabfrage
////////////////////////
if ( !$_SESSION["name"] && $_GET["mode"] != 'login' && !$_GET["login"] )
if (!isset($_GET["mode"])) $_GET["mode"] ="";
if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
{
echo '
<br><br>
'.$login_infotext.'<br><br>
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head">&nbsp;<b>Login</b></td>
@ -205,12 +206,12 @@ else
';
exit;
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login')
elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
{
$result = mysql_query("SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysql_error());
$row = mysql_fetch_array($result);
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( $row[a_name] && $row["a_admin"] != '2' )
if( $row["a_name"] && $row["a_admin"] != '2' )
{
//$_SESSION["name"] = $_REQUEST["a_name"];
//$_SESSION["admin"] = $row["a_admin"];
@ -219,9 +220,9 @@ else
mail_pass($row["a_mail"], $pass);
$result = mysql_query("UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysql_error());
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row[a_mail].'</b> versand.';
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
exit;
}
@ -232,7 +233,7 @@ else
}
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'register')
elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
{
echo '
<br><br>
@ -272,10 +273,10 @@ else
exit;
}
if( !empty($_GET["login"]) )
if( isset($_GET["login"]) )
{
$result = mysql_query("SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysql_error());
$row = mysql_fetch_array($result);
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !empty($row["a_name"]) )
{
@ -290,11 +291,11 @@ exit;
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $HTTP_USER_AGENT;
$result = mysql_query("INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$agent = $_SERVER["HTTP_USER_AGENT"];
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;
$result = mysql_query("UPDATE admin_users SET login_pass='', login_count='$row[login_count]' WHERE id='$row[id]'") or die(mysql_error());
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='', login_count='$row[login_count]' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo gohome("index.php");
}