...
|
...
|
@@ -39,10 +39,16 @@ function find_role($login, $password, $i_am_admin = False)
|
39
|
39
|
$uid = (int) $login;
|
40
|
40
|
if ($uid == 0)
|
41
|
41
|
$uid = 'NULL';
|
42
|
|
- $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
|
|
42
|
+ $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
|
43
|
43
|
if (@mysql_num_rows($result) > 0)
|
44
|
44
|
{
|
45
|
45
|
$entry = mysql_fetch_object($result);
|
|
46
|
+ if ($entry->username != $login) {
|
|
47
|
+ // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein.
|
|
48
|
+ logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
|
|
49
|
+ warning('Beachten Sie bei der Eingabe Ihrer Zugangsdaten bitte die Groß- und Kleinschreibung.');
|
|
50
|
+ return NULL;
|
|
51
|
+ }
|
46
|
52
|
$db_password = $entry->password;
|
47
|
53
|
$hash = crypt($password, $db_password);
|
48
|
54
|
if (($entry->status == 0 && $hash == $db_password) || $i_am_admin)
|