aschwarz/login
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login PHP8

Browse Source
This commit is contained in:
aschwarz 2024-02-29 07:57:12 +01:00
parent 31023adb93
commit cff4afb497
4 changed files with 113 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/datenbankanbindung.php
View File

@ -3,7 +3,7 @@
function dbconnect() //--Prozedur - kein return-Wert function dbconnect() //--Prozedur - kein return-Wert
{ {
$db = @new mysqli( 'localhost', 'root', '', 'ams_stammdaten' ); $db = @new mysqli( 'localhost', 'root', '', 'kurs' );
$db->query("set sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'"); $db->query("set sql_mode = 'ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'");
$db->set_charset('utf8mb4'); $db->set_charset('utf8mb4');
$db->query("SET NAMES 'utf8mb4'"); $db->query("SET NAMES 'utf8mb4'");

85
controller/admin_login.php
View File

@ -1,25 +1,28 @@
<?php <?php
# https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/ # https://www.php-einfach.de/experte/php-codebeispiele/loginscript/angemeldet-bleiben/
require_once("../config/datenbankanbindung.php"); require_once ("../config/datenbankanbindung.php");
require_once("func_ldap_connect.php"); require_once ("func_ldap_connect.php");
#require_once("func_passwort_back.php"); #require_once("func_passwort_back.php");
$db = dbconnect(); $db = dbconnect();
$function = $_POST['function']; $function = $_POST['function'];
if (!isset($_SESSION)) { if (!isset($_SESSION))
{
session_start(); session_start();
} }
if ($function == 'logout') { if ($function == 'logout')
if ($_SESSION['angemeldet_bleiben'] == 1) { {
$identifier = $_COOKIE['identifier']; # if ($_SESSION['angemeldet_bleiben'] == 1)
$securitytoken = $_COOKIE['securitytoken']; # {
$token_neu = sha1($securitytoken); # $identifier = $_COOKIE['identifier'];
$sql1 = $db->query("DELETE FROM lg_securitytokens # $securitytoken = $_COOKIE['securitytoken'];
WHERE securitytoken ='$token_neu' # $token_neu = sha1($securitytoken);
AND identifier = '$identifier' # $sql1 = $db->query("DELETE FROM lg_securitytokens
"); # WHERE securitytoken ='$token_neu'
} # AND identifier = '$identifier'
# ");
# }
//Cookies entfernen //Cookies entfernen
session_destroy(); session_destroy();
setcookie("identifier", "", time() - (3600 * 24 * 365)); setcookie("identifier", "", time() - (3600 * 24 * 365));
@ -27,40 +30,55 @@ if ($function == 'logout') {
header("location:../php/login.php"); header("location:../php/login.php");
} }
if ($function == 'login')
{
if ($function == 'login') { $user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
$user = mb_strtoupper($_POST["user"]); //remove case sensitivity on the mail
$password = $_POST["password"]; $password = $_POST["password"];
$query_login = $db->query("SELECT wert1 FROM parameter WHERE pid='14'");
$row_login = $query_login->fetch_array();
# 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP # 2 Loginmöglichkeiten: 1) Datenbank ams_stammdaten oder 2) Hochschul-LDAP
if ($user == "" or $password == "")
if ($user == "" OR $password == "") { {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error'; echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte f&uuml;llen Sie alle Felder aus!</div>|***|error';
exit; exit;
} }
$result = $db->query("SELECT uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'");
$result = $db->query("SELECT sid, uid, mail, hs, stg, pwd, durchgefallen FROM stud WHERE upper(uid)='$user'"); $row = $result->fetch_array();
$row = $result->fetch_array(); if (mysqli_num_rows($result) == 0)
if (mysqli_num_rows($result) == 0) { {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error'; echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist im Anmeldesystem nicht verfügbar!</div>|***|error';
exit; exit;
} else if ($row['durchgefallen'] != 'N') { }
else if ($row['durchgefallen'] != 'N')
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error'; echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Account ist inaktiv!</div>|***|error';
exit; exit;
} else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd']) { }
$_SESSION['global_sid'] = $row['sid']; else if (studnet($user, $password) or hsnet($user, $password) or md5($password) == $row['pwd'])
$_SESSION['global_uid'] = $row['uid']; {
$_SESSION['global_stg'] = $row['stg'];
$_SESSION['global_hs'] = $row['hs']; if($row_login['wert1'] == 'Y'){
$heute_format = date("Y-m-d H:i:s",time());
$result_debug = $db->query("INSERT INTO kurs_debug (uid, passwort, logindat, success) VALUES ('$uid', '$pwd', '$heute_format', 'Y')");
}
if(isset($row['uid'])){
setcookie("uid1","$row[uid]", NULL,'/');
$_SESSION['global_uid'] = $row['uid'];
$_SESSION['global_stg'] = $row['stg'];
$_SESSION['global_hs'] = $row['hs'];
}
echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success"; echo "<div class='alert alert-success'><i class='fa fa-fw fa-thumbs-up'></i> Login wird durchgef&uuml;hrt</div>|***|success";
} else {
}
else
{
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error'; echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
exit; exit;
} }
/* /*
else if (md5($password) != $row['passwort'] or $row['mail'] == ''){ //verschlüsseltes Passwort überprüfen else if (md5($password) != $row['passwort'] or $row['mail'] == ''){ //verschlüsseltes Passwort überprüfen
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error'; echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
@ -97,7 +115,6 @@ if ($function == 'login') {
*/ */
} }
/* /*
if ($function == 'passwortvergessen') { if ($function == 'passwortvergessen') {

84
controller/func_ldap_connect.php
View File

@ -1,75 +1,91 @@
<?php <?php
function hsnet($user, $password) function hsnet($user, $password)
{ {
$db = dbconnect(); $db = dbconnect();
$query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'"); $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
$row_ldapuser = $query_ldapuser->fetch_array(); $row_ldapuser = $query_ldapuser->fetch_array();
#hsnet #hsnet
$ds = @ldap_connect("141.10.128.30", "389"); $ds = @ldap_connect("141.10.128.30", "389");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1); ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
# bind wird benötigt, sonst werden die Umlaute bei Namen nicht richtig angezeigt ?!!? # bind wird benötigt, sonst werden die Umlaute bei Namen nicht richtig angezeigt ?!!?
$r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']); $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
if ($r) { if ($r)
{
$_ldap_dn = "ou=OUHochschulnetzwerk,dc=hsnet,dc=hs-ludwigsburg,dc=de"; $_ldap_dn = "ou=OUHochschulnetzwerk,dc=hsnet,dc=hs-ludwigsburg,dc=de";
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user"); $sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr); $info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr); $anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0) { if ($anzahl > 0)
$first = ldap_first_entry($ds, $sr); {
$first = ldap_first_entry($ds, $sr);
$distinguishedName = ldap_get_dn($ds, $first); $distinguishedName = ldap_get_dn($ds, $first);
if (@ldap_bind($ds, $distinguishedName, $password)) { if (@ldap_bind($ds, $distinguishedName, $password))
{
ldap_close($ds); ldap_close($ds);
return TRUE; return true;
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
}
}
function studnet($user, $password) function studnet($user, $password)
{ {
$db = dbconnect(); $db = dbconnect();
$query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'"); $query_ldapuser = $db->query("SELECT wert1, wert2 FROM parameter WHERE pid='13'");
$row_ldapuser = $query_ldapuser->fetch_array(); $row_ldapuser = $query_ldapuser->fetch_array();
# Studnet # Studnet
$ds = ldap_connect("141.10.144.37", "389"); $ds = ldap_connect("141.10.144.37", "389");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1); ldap_set_option($ds, LDAP_OPT_NETWORK_TIMEOUT, 1);
$r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']); $r = @ldap_bind($ds, $row_ldapuser['wert1'], $row_ldapuser['wert2']);
if ($r) { if ($r)
{
$_ldap_dn = "ou=ouStudnet,dc=studnet,dc=hs-ludwigsburg,dc=de"; $_ldap_dn = "ou=ouStudnet,dc=studnet,dc=hs-ludwigsburg,dc=de";
$sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user"); $sr = @ldap_search($ds, $_ldap_dn, "samaccountname=$user");
$info = @ldap_get_entries($ds, $sr); $info = @ldap_get_entries($ds, $sr);
$anzahl = ldap_count_entries($ds, $sr); $anzahl = ldap_count_entries($ds, $sr);
if ($anzahl > 0) { if ($anzahl > 0)
$first = ldap_first_entry($ds, $sr); {
$first = ldap_first_entry($ds, $sr);
$distinguishedName = ldap_get_dn($ds, $first); $distinguishedName = ldap_get_dn($ds, $first);
if (@ldap_bind($ds, $distinguishedName, $password)) { if (@ldap_bind($ds, $distinguishedName, $password))
{
ldap_close($ds); ldap_close($ds);
return true; return true;
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }
} else { }
else
{
ldap_close($ds); ldap_close($ds);
return false; return false;
} }

11
html/index.html
View File

@ -178,6 +178,17 @@
</div> </div>
</div> </div>
{/if} {/if}
{if $hs == 'L'}
<div class="col-sm-6 pt-3">
<div class="card">
<div class="card-body">
<h5 class="card-title">AESPA Fragebogen</h5>
<p class="card-text">Zum buchen der Wahlpflichtf&auml;cher (Fak. 2).</p>
<a href="../../fragebogen/hauptframe.htm" class="btn btn-primary">Programm öffnen</a>
</div>
</div>
</div>
{/if}
</div> </div>
</div> </div>
<!-- / Content --> <!-- / Content -->