dvm/bewerbung_QIS/index.php

<?php
header("Expires: Mon, 12 Jul 1995 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H.i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

## INDEX gegen DB
session_start();

include_once '../classes/TestProjektSmarty.class_subdir.php';
require_once("../config.inc.php");
require_once("../config/datenbankanbindung.php");
require_once("../func_get_parameter.php");
require_once("../config/func_cryption.php");
require_once("../func_standard_hs.php");
$smarty       = new SmartyAdmin();
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
require_once "../language/german.inc.php";


$action = $_GET['action'];
if ($action == '') {
  if (isset($_GET['error'])) {
    
    $errorno = $_GET['error'];
    
    $smarty->assign('index_error', 1);
    
    if ($errorno == 1) {
      $smarty->assign('index_error_text', "Es m&uuml;ssen alle Felder ausgef&uuml;llt werden");
    }
    
    if ($errorno == 2) {
      $smarty->assign('index_error_text', "Der Benutzername ist im System nicht vorhanden");
    }
    
    if ($errorno == 3) {
      $smarty->assign('index_error_text', "Der Benutzername oder das Passwort ist nicht korrekt.");
    }
    
  
    if ($errorno == 5) {
      $smarty->assign('index_error_text', "Es sind noch keine Testergebnisse vorhanden. Daher kann dieser Schritt noch nicht ausgeführt werden.");
    }
    
    if ($errorno == 6) {
      $smarty->assign('index_error_text', "Es liegt aktuell kein bestandenes Testergebnis vor. Daher kann dieser Schritt nicht ausgeführt werden.");
    }
    
    # Daten aufbereiten bei Fehler
    if (isset($_SESSION["global_username"])) {
      $smarty->assign('index_user', $_SESSION["global_username"]);
    }
  }
  


}

if ($action == 'anmeld') {


  if (isset($_POST['user'])) {
    $username_kand = mb_strtoupper($_POST["user"]); //remove case sensitivity on the username
  } else {
    $username_kand = $_SESSION["username_kand"];
  }
  
  if (isset($_POST['password'])) {
    $tan = $_POST["password"];
  } else {
    $tan = $_SESSION["tan"];
  }
  $_SESSION["username_kand"] = $username_kand;
  $_SESSION["tan"]      = $tan;
  
  if ($username_kand == "" OR $tan == "") {
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=1\">";
    exit;
  } else {
    
    $db = dbconnect();
    
    $result_best = $db->query("SELECT bestanden
                                 FROM dvm_kandidat a, dvm_term_kand b, dvm_tanpool c, dvm_ergebnisse d
                                WHERE a.ka_id = b.ka_id
                                  AND b.tp_id = c.tp_id
                                  AND c.tan = d.tan
                                  AND a.id = '$username_kand'
                                  AND c.tan= '$tan'
                                  AND c.aktiv = 'A'
                                ORDER BY b.TK_ID DESC
                                LIMIT 1");
    $row_best    = $result_best->fetch_array();

    $result_anzerg = $db->query("SELECT count(*) Anz
                                 FROM dvm_kandidat a, dvm_term_kand b, dvm_tanpool c, dvm_ergebnisse d
                                WHERE a.ka_id = b.ka_id
                                  AND b.tp_id = c.tp_id
                                  AND c.tan = d.tan
                                  AND a.id = '$username_kand'
                                  AND c.tan= '$tan'
                                  AND c.aktiv = 'A'
                                ORDER BY b.TK_ID DESC
                                LIMIT 1");
    $row_anzerg    = $result_anzerg->fetch_array();
    if($row_anzerg['Anz'] == 0){
    # Keine Ergebnisse erfasst
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=5\">";
    exit;
    }
    
    if($row_best['bestanden'] == 0){
    # Durchgefallen
    echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=6\">";
    exit;
    }

    
    $result = $db->query("SELECT a.ka_id, a.id, c.tp_id, c.tan, c.tinyurl
                          FROM dvm_kandidat a, dvm_term_kand b, dvm_tanpool c
                         WHERE a.ka_id = b.ka_id
                           AND b.tp_id = c.tp_id
                           AND a.id = '$username_kand'
                           AND c.tan= '$tan'
                           AND c.aktiv = 'A'
                         LIMIT 1");
    $row    = $result->fetch_array();
    
    $_SESSION["ka_id"] = $row['ka_id'];
    
    $result_fin = $db->query("SELECT max(upload_dat) upload_dat
                            FROM dvm_upload
                           WHERE ka_id = '$row[ka_id]'");
    $row_fin    = $result_fin->fetch_array();
    
    if ($username_kand != strtoupper($row['id'])) {
      echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=2\">";
      exit;
    }
    // Passwort falsch
    elseif ($tan != $row['tan']) {
      echo "<meta http-equiv=\"refresh\" content=\"0; URL=" . $_SERVER['PHP_SELF'] . "?error=3\">";
      exit;
    }
  }

# Bestanden, dann weiter:
echo "<meta http-equiv=\"refresh\" content=\"0; URL='https://onlinebewerbung.hs-ludwigsburg.de/qisserver/servlet/de.his.servlet.RequestDispatcherServlet?state=wimma&stg=n&imma=einl'\">";
  
}

$smarty->assign('action', "$action");
$smarty->display("$template/bewerbung/$templatename");
?>