101 lines
3.1 KiB
PHP
101 lines
3.1 KiB
PHP
<?php
|
|
/*
|
|
# Fuer debugging
|
|
error_reporting(E_ALL);
|
|
ini_set('display_errors', 1);
|
|
#echo __LINE__."<br>";
|
|
*/
|
|
|
|
include_once 'classes/lg-on_Smarty.class.php';
|
|
$smarty = new lgon_Smarty();
|
|
require_once("config.inc.php");
|
|
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
|
|
require_once "language/german.inc.php";
|
|
|
|
if(isset($_GET['action'])){
|
|
$action = $_GET['action'];
|
|
}else{
|
|
$action = '';
|
|
}
|
|
if($action == ''){
|
|
$db = dbconnect();
|
|
$result = $db->query("SELECT nachname, vorname FROM admin where user=\"$user_admin\"");
|
|
$row = $result->fetch_array();
|
|
$name = "$row[vorname] $row[nachname]";
|
|
$smarty->assign('pass_switch_name', "$name");
|
|
|
|
}
|
|
|
|
if($action == 'wechsel'){
|
|
|
|
$db = dbconnect();
|
|
$result = $db->query("SELECT passwort FROM admin where user=\"$user_admin\"");
|
|
$row = $result->fetch_array();
|
|
|
|
if (empty($_POST['pw_alt']) or empty($_POST['pw_neu']) or empty($_POST['pw_wied']))
|
|
{
|
|
$smarty->assign('pass_switch_noinput', "1");
|
|
}else{
|
|
// Eingaben überpfüfen <script usw darf nicht drin stehen...
|
|
$pw_alt=$_POST['pw_alt'];
|
|
$pw_neu=$_POST['pw_neu'];
|
|
$pw_wied=$_POST['pw_wied'];
|
|
}
|
|
|
|
dbconnect ();
|
|
|
|
$pw_md5_neu = md5($pw_neu); // passwort md-5 codieren
|
|
$result2 = $db->query("SELECT 1
|
|
FROM passwd_log
|
|
WHERE USER = '$user_admin'
|
|
AND passwort = '$pw_md5_neu'
|
|
ORDER BY datum DESC
|
|
LIMIT 0 , 7
|
|
");
|
|
$row2 = $result2->fetch_array();
|
|
|
|
if (md5($pw_alt) != $row['passwort']){
|
|
$smarty->assign('pass_switch_invalid', "1");
|
|
}
|
|
elseif ($pw_neu != $pw_wied){
|
|
$smarty->assign('pass_switch_uneven', "1");
|
|
}
|
|
elseif (strlen($pw_neu) < 6){
|
|
$smarty->assign('pass_switch_strlen', "1");
|
|
}
|
|
elseif ($pw_neu == $user_admin){
|
|
$smarty->assign('pass_switch_evenusername', "1");
|
|
}
|
|
elseif ($row2[0] == 1 or $pw_neu == $row['passwort'] or $pw_neu == $pw_alt){
|
|
$smarty->assign('pass_switch_repeat', "1");
|
|
}else{
|
|
|
|
$datum=date("Y-m-d H:i:s");
|
|
$sql = $db->query( "INSERT INTO passwd_log (user, passwort, datum) VALUES ('$user_admin', '$row[passwort]', '$datum') " );
|
|
|
|
$result1 = $db->query("SELECT pwid
|
|
FROM passwd_log
|
|
WHERE USER = '$user_admin'
|
|
ORDER BY datum DESC
|
|
LIMIT 7 , 100
|
|
");
|
|
#Nicht mehr als 7 in passwd_log vorhalten
|
|
while ($row1 = $result1->fetch_array()){
|
|
$sql1 = $db->query( "DELETE FROM passwd_log WHERE user = '$user_admin' AND pwid='$row1[pwid]'" );
|
|
}
|
|
|
|
$result = $db->query("SELECT distinct DATE_ADD(NOW(), INTERVAL 1 MONTH) exp_date
|
|
FROM admin
|
|
WHERE user ='$user_admin'
|
|
");
|
|
$row = $result->fetch_array();
|
|
|
|
$sql = $db->query( "UPDATE admin SET passwort='$pw_md5_neu', pw_expire='$row[exp_date]' WHERE user='$user_admin'" );
|
|
$smarty->assign('pass_switch_login', "1");
|
|
|
|
}
|
|
}
|
|
|
|
$smarty->assign('action', "$action");
|
|
$smarty->display("$template/$templatename");
|
|
?>
|