bpm/hogrefe/index.php

<?php
header("Expires: Mon, 12 Jul 1995 05:00:00 GMT");
header("Last-Modified: ". gmdate("D, d M Y H.i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

## INDEX gegen DB
if(!isset($_SESSION)) { session_start(); }

include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
require_once("../config/datenbankanbindung.php");
$smarty = new SmartyAdmin();
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "../language/german.inc.php";


$action = $_GET['action'];
if($action == ''){
  if(isset($_GET['error'])){
  
    $errorno = $_GET['error'];
    
    $smarty->assign('index_error', 1);
    
    if($errorno == 1){
      $smarty->assign('index_error_text', "Es m&uuml;ssen alle Felder ausgef&uuml;llt werden");
    }
    
    if($errorno == 2){
      $smarty->assign('index_error_text', "Der Benutzername ist im System nicht vorhanden oder nicht mehr gültig");
    }
    
    if($errorno == 3){
      $smarty->assign('index_error_text', "Der Benutzername oder das Passwort ist nicht korrekt<br>Sie k&ouml;nnen hier ein <a class='box' href='passwort_vergessen.php'>neues Passwort</a> beantragen");
    }
    
    # Daten aufbereiten bei Fehler
    if(isset($_SESSION["global_username"])){
      $smarty->assign('index_user', $_SESSION["global_username"]);
    }
  }
  

}

if($action == 'anmeld'){
  $username=mb_strtoupper($_POST["user"]); //remove case sensitivity on the username
  $tan=$_POST["password"];
  
 
  if($username == "" OR $tan == ""){
     echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$_SERVER['PHP_SELF']."?error=1\">";
  }else{
  
  
  $db = dbconnect();
  $result = $db->query("SELECT a.id, c.tp_id, c.tan, c.tinyurl
                          FROM bpm_kandidat a, bpm_term_kand b, bpm_tanpool c
                         WHERE a.ka_id = b.ka_id
                           AND b.tp_id = c.tp_id
                           AND a.id = '$username'
                           AND c.tan= '$tan'
                           AND c.login_dat = '0000-00-00 00:00:00'");
  $row = $result->fetch_array();
  
  
  if ($username != strtoupper($row['id'])) {
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$_SERVER['PHP_SELF']."?error=2\">";
  }
  // Passwort falsch
  elseif ($tan != $row['tan']){
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$_SERVER['PHP_SELF']."?error=3\">";
  }else{
    $datum=date("Y-m-d H:i:s");
    $result_1 = $db->query("UPDATE bpm_tanpool
                               SET login_dat='$datum'
                             WHERE tp_id =$row[tp_id]");
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=".$row['tinyurl']."\">";
  }
  }
  
}

$smarty->assign('action', "$action");
$smarty->display("$template/hogrefe/$templatename");
?>