<?php
require_once('inc/base.php');
require_once('inc/debug.php');
require_once('inc/error.php');
require_once('inc/db_connect.php');
define('ROLE_ANONYMOUS', 0);
define('ROLE_MAILACCOUNT', 1);
define('ROLE_VMAIL_ACCOUNT', 2);
define('ROLE_SYSTEMUSER', 4);
define('ROLE_CUSTOMER', 8);
define('ROLE_SYSADMIN', 16);
// Gibt die Rolle aus, wenn das Passwort stimmt
function find_role($login, $password, $i_am_admin = False)
{
$login = mysql_real_escape_string($login);
// Domain-Admin? <not implemented>
// System-User?
$uid = (int) $login;
if ($uid == 0)
$uid = 'NULL';
$result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
if (@mysql_num_rows($result) > 0)
{
$entry = mysql_fetch_object($result);
$db_password = $entry->password;
$hash = crypt($password, $db_password);
if ($hash == $db_password || $i_am_admin)
{
$role = ROLE_SYSTEMUSER;
if ($entry->primary)
$role = $role | ROLE_CUSTOMER;
if ($entry->admin)
$role = $role | ROLE_SYSADMIN;
logger("session/checkuser", "login", "logged in systemuser »{$login}«.");
return $role;
}
logger("session/checkuser", "login", "wrong password for existing useraccount »{$login}«.");
} else {
logger("session/checkuser", "login", "did not find useraccount »{$login}«. trying other roles...");
}
// Customer?
$customerno = (int) $login;
$pass = sha1($password);
$result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");