From cff4afb497f50cc06d9ff2556cec8d2e507df261 Mon Sep 17 00:00:00 2001
From: aschwarz <a.schwarz@polizei.bwl.de>
Date: Thu, 29 Feb 2024 07:57:12 +0100
Subject: [PATCH] Login PHP8

---
 config/datenbankanbindung.php    |  2 +-
 controller/admin_login.php       | 85 +++++++++++++++++++-------------
 controller/func_ldap_connect.php | 84 ++++++++++++++++++-------------
 html/index.html                  | 11 +++++
 4 files changed, 113 insertions(+), 69 deletions(-)

diff --git a/config/datenbankanbindung.php b/config/datenbankanbindung.php
index 67a1346..e1d4681 100644
--- a/config/datenbankanbindung.php
+++ b/config/datenbankanbindung.php
@@ -3,7 +3,7 @@
 
    function dbconnect() //--Prozedur - kein return-Wert
     {
-     $db = @new mysqli( 'localhost', 'root', '', 'ams_stammdaten' );
+     $db = @new mysqli( 'localhost', 'root', '', 'kurs' );
      $db->query("set sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'");
      $db->set_charset('utf8mb4');
      $db->query("SET NAMES 'utf8mb4'");
diff --git a/controller/admin_login.php b/controller/admin_login.php
index d9f712a..aa4ec51 100644
--- a/controller/admin_login.php
+++ b/controller/admin_login.php
@@ -1,25 +1,28 @@
 <?php
 # https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/
-require_once("../config/datenbankanbindung.php");
-require_once("func_ldap_connect.php");
+require_once ("../config/datenbankanbindung.php");
+require_once ("func_ldap_connect.php");
 #require_once("func_passwort_back.php");
 $db = dbconnect();
 
 $function = $_POST['function'];
-if (!isset($_SESSION)) {
+if (!isset($_SESSION))
+{
     session_start();
 }
 
-if ($function == 'logout') {
-    if ($_SESSION['angemeldet_bleiben'] == 1) {
-        $identifier    = $_COOKIE['identifier'];
-        $securitytoken = $_COOKIE['securitytoken'];
-        $token_neu     = sha1($securitytoken);
-        $sql1          = $db->query("DELETE FROM lg_securitytokens
-                         WHERE securitytoken ='$token_neu'
-                           AND identifier = '$identifier'
-                      ");
-    }
+if ($function == 'logout')
+{
+#    if ($_SESSION['angemeldet_bleiben'] == 1)
+#    {
+#        $identifier = $_COOKIE['identifier'];
+#        $securitytoken = $_COOKIE['securitytoken'];
+#        $token_neu = sha1($securitytoken);
+#        $sql1 = $db->query("DELETE FROM lg_securitytokens
+#                         WHERE securitytoken ='$token_neu'
+#                           AND identifier = '$identifier'
+#                      ");
+#    }
     //Cookies entfernen
     session_destroy();
     setcookie("identifier", "", time() - (3600 * 24 * 365));
@@ -27,40 +30,55 @@ if ($function == 'logout') {
     header("location:../php/login.php");
 }
 
-
-
-if ($function == 'login') {
-    $user     = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
+if ($function == 'login')
+{
+    $user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
     $password = $_POST["password"];
+    $query_login = $db->query("SELECT wert1 FROM parameter WHERE pid='14'");
+    $row_login = $query_login->fetch_array();
     
     # 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
-    
-    if ($user == "" OR $password == "") {
+    if ($user == "" or $password == "")
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error';
         exit;
     }
-    
-    
-    $result = $db->query("SELECT sid, uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
-    $row    = $result->fetch_array();
-    if (mysqli_num_rows($result) == 0) {
+
+    $result = $db->query("SELECT uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
+    $row = $result->fetch_array();
+    if (mysqli_num_rows($result) == 0)
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error';
         exit;
-    } else if ($row['durchgefallen'] != 'N') {
+    }
+    else if ($row['durchgefallen'] != 'N')
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error';
         exit;
-    } else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd']) {
-        $_SESSION['global_sid'] = $row['sid'];
-        $_SESSION['global_uid'] = $row['uid'];
-        $_SESSION['global_stg'] = $row['stg'];
-        $_SESSION['global_hs']  = $row['hs'];
+    }
+    else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd'])
+    {
+        
+        if($row_login['wert1'] == 'Y'){
+          $heute_format = date("Y-m-d H:i:s",time());
+          $result_debug = $db->query("INSERT INTO kurs_debug (uid, passwort, logindat, success) VALUES ('$uid', '$pwd', '$heute_format', 'Y')");
+        }
+        if(isset($row['uid'])){
+          setcookie("uid1","$row[uid]", NULL,'/');
+          $_SESSION['global_uid'] = $row['uid'];
+          $_SESSION['global_stg'] = $row['stg'];
+	  $_SESSION['global_hs'] = $row['hs'];
+        }
+        
         echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
-    } else {
+        
+    }
+    else
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
         exit;
     }
-    
-   
+
     /*
     else if (md5($password) != $row['passwort'] or $row['mail'] == ''){  //verschlüsseltes Passwort überprüfen
     echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
@@ -97,7 +115,6 @@ if ($function == 'login') {
     */
 }
 
-
 /*
 if ($function == 'passwortvergessen') {
 
diff --git a/controller/func_ldap_connect.php b/controller/func_ldap_connect.php
index ce7c1c2..89774a0 100644
--- a/controller/func_ldap_connect.php
+++ b/controller/func_ldap_connect.php
@@ -1,75 +1,91 @@
- <?php
-
+<?php
 function hsnet($user, $password)
 {
-    $db             = dbconnect();
+    $db = dbconnect();
     $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
-    $row_ldapuser   = $query_ldapuser->fetch_array();
+    $row_ldapuser = $query_ldapuser->fetch_array();
     #hsnet
-    $ds             = @ldap_connect("141.10.128.30", "389");
+    $ds = @ldap_connect("141.10.128.30", "389");
     ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
     ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
-    
+
     # bind wird benötigt, sonst werden die Umlaute bei Namen  nicht richtig angezeigt ?!!?
     $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
-    if ($r) {
+    if ($r)
+    {
         $_ldap_dn = "ou=OUHochschulnetzwerk,dc=hsnet,dc=hs-ludwigsburg,dc=de";
-        $sr       = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
-        $info     = @ldap_get_entries($ds, $sr);
-        $anzahl   = ldap_count_entries($ds, $sr);
-        
-        if ($anzahl > 0) {
-            $first             = ldap_first_entry($ds, $sr);
+        $sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
+        $info = @ldap_get_entries($ds, $sr);
+        $anzahl = ldap_count_entries($ds, $sr);
+
+        if ($anzahl > 0)
+        {
+            $first = ldap_first_entry($ds, $sr);
             $distinguishedName = ldap_get_dn($ds, $first);
-            if (@ldap_bind($ds, $distinguishedName, $password)) {
+            if (@ldap_bind($ds, $distinguishedName, $password))
+            {
                 ldap_close($ds);
-                return TRUE;
-            } else {
+                return true;
+            }
+            else
+            {
                 ldap_close($ds);
                 return false;
             }
-        } else {
+        }
+        else
+        {
             ldap_close($ds);
             return false;
         }
-    } else {
+    }
+    else
+    {
         ldap_close($ds);
         return false;
     }
-    
-}
 
+}
 
 function studnet($user, $password)
 {
-    $db             = dbconnect();
+    $db = dbconnect();
     $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
-    $row_ldapuser   = $query_ldapuser->fetch_array();
-    # Studnet  
-    $ds             = ldap_connect("141.10.144.37", "389");
+    $row_ldapuser = $query_ldapuser->fetch_array();
+    # Studnet
+    $ds = ldap_connect("141.10.144.37", "389");
     ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
     ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
     $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
-    if ($r) {
+    if ($r)
+    {
         $_ldap_dn = "ou=ouStudnet,dc=studnet,dc=hs-ludwigsburg,dc=de";
-        $sr       = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
-        $info     = @ldap_get_entries($ds, $sr);
-        $anzahl   = ldap_count_entries($ds, $sr);
-        if ($anzahl > 0) {
-            $first             = ldap_first_entry($ds, $sr);
+        $sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
+        $info = @ldap_get_entries($ds, $sr);
+        $anzahl = ldap_count_entries($ds, $sr);
+        if ($anzahl > 0)
+        {
+            $first = ldap_first_entry($ds, $sr);
             $distinguishedName = ldap_get_dn($ds, $first);
-            if (@ldap_bind($ds, $distinguishedName, $password)) {
+            if (@ldap_bind($ds, $distinguishedName, $password))
+            {
                 ldap_close($ds);
                 return true;
-            } else {
+            }
+            else
+            {
                 ldap_close($ds);
                 return false;
             }
-        } else {
+        }
+        else
+        {
             ldap_close($ds);
             return false;
         }
-    } else {
+    }
+    else
+    {
         ldap_close($ds);
         return false;
     }
diff --git a/html/index.html b/html/index.html
index ec7fcb4..3a113b3 100644
--- a/html/index.html
+++ b/html/index.html
@@ -178,6 +178,17 @@
             </div>
           </div>
           {/if}
+          {if $hs == 'L'}
+          <div class="col-sm-6 pt-3">
+            <div class="card">
+              <div class="card-body">
+                <h5 class="card-title">AESPA Fragebogen</h5>
+                <p class="card-text">Zum buchen der Wahlpflichtf&auml;cher (Fak. 2).</p>
+                <a href="../../fragebogen/hauptframe.htm" class="btn btn-primary">Programm öffnen</a>
+              </div>
+            </div>
+          </div>
+          {/if}
         </div>
       </div>
       <!-- / Content -->