<?php
require_once('inc/base.php');
require_once('inc/debug.php');
require_once('inc/error.php');
require_once('inc/db_connect.php');
define('ROLE_ANONYMOUS', 0);
define('ROLE_DOMAINADMIN', 1);
define('ROLE_SYSTEMUSER', 2);
define('ROLE_CUSTOMER', 3);
define('ROLE_SYSADMIN', 4);
// Gibt die Rolle aus, wenn das Passwort stimmt
function find_role($login, $password)
{
$login = mysql_real_escape_string($login);
// Domain-Admin? <not implemented>
// System-User?
$uid = (int) $login;
if ($uid == 0)
$uid = 'NULL';
$result = @mysql_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
if (mysql_error())
system_failure(mysql_error());
if (@mysql_num_rows($result) > 0)
{
$db_password = mysql_fetch_object($result)->password;
$hash = crypt($password, $db_password);
if ($hash == $db_password)
return ROLE_SYSTEMUSER;
}
// Customer?
$customerno = (int) $login;
$pass = sha1($password);
$result = @mysql_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
if (mysql_error())
system_failure(mysql_error());
if (@mysql_num_rows($result) > 0)
{
return ROLE_CUSTOMER;
}
// Nothing?
return NULL;
}
