Sperre Login für gesperrte User (a95ec07) - webinterface.git

Sperre Login für gesperrte User

bernd commited on 2012-01-06 15:04:32
Zeige 2 geänderte Dateien mit 3 Einfügungen und 3 Löschungen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2112 87cf0b9e-d624-0410-a070-f6ee81989793

session/checkuser.php 3e2af8f..92dfeff
session/start.php 76042d4..b64a7cb

session/checkuser.php

Zeige Datei @ a95ec07

@@ -25,13 +25,13 @@ function find_role($login, $password, $i_am_admin = False)
   $uid = (int) $login;
   if ($uid == 0)
     $uid = 'NULL';
-  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
+  $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
   if (@mysql_num_rows($result) > 0)
   {
     $entry = mysql_fetch_object($result);
     $db_password = $entry->password;
     $hash = crypt($password, $db_password);
-    if ($hash == $db_password || $i_am_admin)
+    if (($entry->status == 0 && $hash == $db_password) || $i_am_admin)
     {
       $role = ROLE_SYSTEMUSER;
       if ($entry->primary)

session/start.php

Zeige Datei @ a95ec07

@@ -29,7 +29,7 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor
   if ($role === NULL)
   {
     $_SESSION['role'] = ROLE_ANONYMOUS;
-    logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
+    logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
     login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
   }
   else


...	...	@@ -25,13 +25,13 @@ function find_role($login, $password, $i_am_admin = False)
25	25	$uid = (int) $login;
26	26	if ($uid == 0)
27	27	$uid = 'NULL';
28		- $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
	28	+ $result = db_query("SELECT passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
29	29	if (@mysql_num_rows($result) > 0)
30	30	{
31	31	$entry = mysql_fetch_object($result);
32	32	$db_password = $entry->password;
33	33	$hash = crypt($password, $db_password);
34		- if ($hash == $db_password \|\| $i_am_admin)
	34	+ if (($entry->status == 0 && $hash == $db_password) \|\| $i_am_admin)
35	35	{
36	36	$role = ROLE_SYSTEMUSER;
37	37	if ($entry->primary)

...	...	@@ -29,7 +29,7 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor
29	29	if ($role === NULL)
30	30	{
31	31	$_SESSION['role'] = ROLE_ANONYMOUS;
32		- logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
	32	+ logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
33	33	login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
34	34	}
35	35	else
36	36