webinterface.git

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
require_once('inc/base.php');
require_once('inc/debug.php');
require_once('inc/error.php');
require_once('inc/db_connect.php');
define('ROLE_ANONYMOUS', 0);
define('ROLE_DOMAINADMIN', 1);
define('ROLE_SYSTEMUSER', 2);
define('ROLE_CUSTOMER', 3);
define('ROLE_SYSADMIN', 4);
// Gibt die Rolle aus, wenn das Passwort stimmt
function find_role($login, $password)
{
  $login = mysql_real_escape_string($login);
  // Domain-Admin?  <not implemented>
  // System-User?
  $uid = (int) $login;
  if ($uid == 0)
    $uid = 'NULL';
  $result = db_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
  if (@mysql_num_rows($result) > 0)
  {
    $db_password = mysql_fetch_object($result)->password;
    $hash = crypt($password, $db_password);
    if ($hash == $db_password)
      return ROLE_SYSTEMUSER;
  }
  // Customer?
  $customerno = (int) $login;
  $pass = sha1($password);
  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
  if (@mysql_num_rows($result) > 0)
  {
    return ROLE_CUSTOMER;
  }
  // Nothing?
  return NULL;
}
function get_customer_info($customerno)
{
  $ret = array();
 
 
הההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההההה
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX