aschwarz/login
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login PHP8

Browse Source
This commit is contained in:
aschwarz 2024-02-29 07:57:12 +01:00
parent 31023adb93
commit cff4afb497
4 changed files with 113 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/datenbankanbindung.php
View File

@ -3,7 +3,7 @@
function dbconnect() //--Prozedur - kein return-Wert
{
$db = @new mysqli( 'localhost', 'root', '', 'ams_stammdaten' );
$db = @new mysqli( 'localhost', 'root', '', 'kurs' );
$db->query("set sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'");
$db->set_charset('utf8mb4');
$db->query("SET NAMES 'utf8mb4'");

85
controller/admin_login.php
View File

@ -1,25 +1,28 @@
<?php
# https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/
require_once("../config/datenbankanbindung.php");
require_once("func_ldap_connect.php");
require_once ("../config/datenbankanbindung.php");
require_once ("func_ldap_connect.php");
#require_once("func_passwort_back.php");
$db = dbconnect();
$function = $_POST['function'];
if (!isset($_SESSION)) {
if (!isset($_SESSION))
{
session_start();
}
if ($function == 'logout') {
if ($_SESSION['angemeldet_bleiben'] == 1) {
$identifier = $_COOKIE['identifier'];
$securitytoken = $_COOKIE['securitytoken'];
$token_neu = sha1($securitytoken);
$sql1 = $db->query("DELETE FROM lg_securitytokens
WHERE securitytoken ='$token_neu'
AND identifier = '$identifier'
");
}
if ($function == 'logout')
{
# if ($_SESSION['angemeldet_bleiben'] == 1)
# {
# $identifier = $_COOKIE['identifier'];
# $securitytoken = $_COOKIE['securitytoken'];
# $token_neu = sha1($securitytoken);
# $sql1 = $db->query("DELETE FROM lg_securitytokens
# WHERE securitytoken ='$token_neu'
# AND identifier = '$identifier'
# ");
# }
//Cookies entfernen
session_destroy();
setcookie("identifier", "", time() - (3600 * 24 * 365));
@ -27,40 +30,55 @@ if ($function == 'logout') {
header("location:../php/login.php");
}
if ($function == 'login') {
$user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
if ($function == 'login')
{
$user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
$password = $_POST["password"];
$query_login = $db->query("SELECT wert1 FROM parameter WHERE pid='14'");
$row_login = $query_login->fetch_array();
# 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
if ($user == "" OR $password == "") {
if ($user == "" or $password == "")
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error';
exit;
}
$result = $db->query("SELECT sid, uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
$row = $result->fetch_array();
if (mysqli_num_rows($result) == 0) {
$result = $db->query("SELECT uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
$row = $result->fetch_array();
if (mysqli_num_rows($result) == 0)
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error';
exit;
} else if ($row['durchgefallen'] != 'N') {
}
else if ($row['durchgefallen'] != 'N')
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error';
exit;
} else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd']) {
$_SESSION['global_sid'] = $row['sid'];
$_SESSION['global_uid'] = $row['uid'];
$_SESSION['global_stg'] = $row['stg'];
$_SESSION['global_hs'] = $row['hs'];
}
else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd'])
{
if($row_login['wert1'] == 'Y'){
$heute_format = date("Y-m-d H:i:s",time());
$result_debug = $db->query("INSERT INTO kurs_debug (uid, passwort, logindat, success) VALUES ('$uid', '$pwd', '$heute_format', 'Y')");
}
if(isset($row['uid'])){
setcookie("uid1","$row[uid]", NULL,'/');
$_SESSION['global_uid'] = $row['uid'];
$_SESSION['global_stg'] = $row['stg'];
$_SESSION['global_hs'] = $row['hs'];
}
echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
} else {
}
else
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
exit;
}
/*
else if (md5($password) != $row['passwort'] or $row['mail'] == ''){ //verschlüsseltes Passwort überprüfen
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
@ -97,7 +115,6 @@ if ($function == 'login') {
*/
}
/*
if ($function == 'passwortvergessen') {

84
controller/func_ldap_connect.php
View File

@ -1,75 +1,91 @@
<?php
<?php
function hsnet($user, $password)
{
$db = dbconnect();
$db = dbconnect();
$query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
$row_ldapuser = $query_ldapuser->fetch_array();
$row_ldapuser = $query_ldapuser->fetch_array();
#hsnet
$ds = @ldap_connect("141.10.128.30", "389");
$ds = @ldap_connect("141.10.128.30", "389");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
# bind wird benötigt, sonst werden die Umlaute bei Namen nicht richtig angezeigt ?!!?
$r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
if ($r) {
if ($r)
{
$_ldap_dn = "ou=OUHochschulnetzwerk,dc=hsnet,dc=hs-ludwigsburg,dc=de";
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0) {
$first = ldap_first_entry($ds, $sr);
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0)
{
$first = ldap_first_entry($ds, $sr);
$distinguishedName = ldap_get_dn($ds, $first);
if (@ldap_bind($ds, $distinguishedName, $password)) {
if (@ldap_bind($ds, $distinguishedName, $password))
{
ldap_close($ds);
return TRUE;
} else {
return true;
}
else
{
ldap_close($ds);
return false;
}
} else {
}
else
{
ldap_close($ds);
return false;
}
} else {
}
else
{
ldap_close($ds);
return false;
}
}
}
function studnet($user, $password)
{
$db = dbconnect();
$db = dbconnect();
$query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
$row_ldapuser = $query_ldapuser->fetch_array();
# Studnet
$ds = ldap_connect("141.10.144.37", "389");
$row_ldapuser = $query_ldapuser->fetch_array();
# Studnet
$ds = ldap_connect("141.10.144.37", "389");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
$r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
if ($r) {
if ($r)
{
$_ldap_dn = "ou=ouStudnet,dc=studnet,dc=hs-ludwigsburg,dc=de";
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0) {
$first = ldap_first_entry($ds, $sr);
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0)
{
$first = ldap_first_entry($ds, $sr);
$distinguishedName = ldap_get_dn($ds, $first);
if (@ldap_bind($ds, $distinguishedName, $password)) {
if (@ldap_bind($ds, $distinguishedName, $password))
{
ldap_close($ds);
return true;
} else {
}
else
{
ldap_close($ds);
return false;
}
} else {
}
else
{
ldap_close($ds);
return false;
}
} else {
}
else
{
ldap_close($ds);
return false;
}

11
html/index.html
View File

@ -178,6 +178,17 @@
</div>
</div>
{/if}
{if $hs == 'L'}
<div class="col-sm-6 pt-3">
<div class="card">
<div class="card-body">
<h5 class="card-title">AESPA Fragebogen</h5>
<p class="card-text">Zum buchen der Wahlpflichtf&auml;cher (Fak. 2).</p>
<a href="../../fragebogen/hauptframe.htm" class="btn btn-primary">Programm öffnen</a>
</div>
</div>
</div>
{/if}
</div>
</div>
<!-- / Content -->