Login PHP8

controller/admin_login.php

@@ -1,25 +1,28 @@
 <?php
 # https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/
-require_once("../config/datenbankanbindung.php");
-require_once("func_ldap_connect.php");
+require_once ("../config/datenbankanbindung.php");
+require_once ("func_ldap_connect.php");
 #require_once("func_passwort_back.php");
 $db = dbconnect();
 
 $function = $_POST['function'];
-if (!isset($_SESSION)) {
+if (!isset($_SESSION))
+{
     session_start();
 }
 
-if ($function == 'logout') {
-    if ($_SESSION['angemeldet_bleiben'] == 1) {
-        $identifier    = $_COOKIE['identifier'];
-        $securitytoken = $_COOKIE['securitytoken'];
-        $token_neu     = sha1($securitytoken);
-        $sql1          = $db->query("DELETE FROM lg_securitytokens
-                         WHERE securitytoken ='$token_neu'
-                           AND identifier = '$identifier'
-                      ");
-    }
+if ($function == 'logout')
+{
+#    if ($_SESSION['angemeldet_bleiben'] == 1)
+#    {
+#        $identifier = $_COOKIE['identifier'];
+#        $securitytoken = $_COOKIE['securitytoken'];
+#        $token_neu = sha1($securitytoken);
+#        $sql1 = $db->query("DELETE FROM lg_securitytokens
+#                         WHERE securitytoken ='$token_neu'
+#                           AND identifier = '$identifier'
+#                      ");
+#    }
     //Cookies entfernen
     session_destroy();
     setcookie("identifier", "", time() - (3600 * 24 * 365));
@@ -27,40 +30,55 @@ if ($function == 'logout') {
     header("location:../php/login.php");
 }
 
-
-
-if ($function == 'login') {
-    $user     = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
+if ($function == 'login')
+{
+    $user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
     $password = $_POST["password"];
+    $query_login = $db->query("SELECT wert1 FROM parameter WHERE pid='14'");
+    $row_login = $query_login->fetch_array();
     
     # 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
-    
-    if ($user == "" OR $password == "") {
+    if ($user == "" or $password == "")
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error';
         exit;
     }
-    
-    
-    $result = $db->query("SELECT sid, uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
-    $row    = $result->fetch_array();
-    if (mysqli_num_rows($result) == 0) {
+
+    $result = $db->query("SELECT uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
+    $row = $result->fetch_array();
+    if (mysqli_num_rows($result) == 0)
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error';
         exit;
-    } else if ($row['durchgefallen'] != 'N') {
+    }
+    else if ($row['durchgefallen'] != 'N')
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error';
         exit;
-    } else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd']) {
-        $_SESSION['global_sid'] = $row['sid'];
-        $_SESSION['global_uid'] = $row['uid'];
-        $_SESSION['global_stg'] = $row['stg'];
-        $_SESSION['global_hs']  = $row['hs'];
+    }
+    else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd'])
+    {
+        
+        if($row_login['wert1'] == 'Y'){
+          $heute_format = date("Y-m-d H:i:s",time());
+          $result_debug = $db->query("INSERT INTO kurs_debug (uid, passwort, logindat, success) VALUES ('$uid', '$pwd', '$heute_format', 'Y')");
+        }
+        if(isset($row['uid'])){
+          setcookie("uid1","$row[uid]", NULL,'/');
+          $_SESSION['global_uid'] = $row['uid'];
+          $_SESSION['global_stg'] = $row['stg'];
+	  $_SESSION['global_hs'] = $row['hs'];
+        }
+        
         echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
-    } else {
+        
+    }
+    else
+    {
         echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
         exit;
     }
-    
-   
+
     /*
     else if (md5($password) != $row['passwort'] or $row['mail'] == ''){  //verschlüsseltes Passwort überprüfen
     echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
@@ -97,7 +115,6 @@ if ($function == 'login') {
     */
 }
 
-
 /*
 if ($function == 'passwortvergessen') {