Browse code

Codingstyle PSR12 + array syntax

Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
... ...
@@ -46,7 +46,7 @@ function find_role($login, $password, $i_am_admin = false)
46 46
     if ($uid == 0) {
47 47
         $uid = null;
48 48
     }
49
-    $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
49
+    $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", [":uid" => $uid, ":login" => $login]);
50 50
     if (@$result->rowCount() > 0) {
51 51
         $entry = $result->fetch(PDO::FETCH_OBJ);
52 52
         if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) {
... ...
@@ -76,9 +76,9 @@ function find_role($login, $password, $i_am_admin = false)
76 76
     // Customer?
77 77
     $customerno = (int) $login;
78 78
     $pass = sha1($password);
79
-    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=:customerno AND passwort=:pass", array(":customerno" => $customerno, ":pass" => $pass));
79
+    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=:customerno AND passwort=:pass", [":customerno" => $customerno, ":pass" => $pass]);
80 80
     if ($i_am_admin) {
81
-        $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=?", array($customerno));
81
+        $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=?", [$customerno]);
82 82
     }
83 83
     if (@$result->rowCount() > 0) {
84 84
         return ROLE_CUSTOMER;
... ...
@@ -86,7 +86,7 @@ function find_role($login, $password, $i_am_admin = false)
86 86
 
87 87
     // Sub-User
88 88
 
89
-    $result = db_query("SELECT password FROM system.subusers WHERE username=?", array($login));
89
+    $result = db_query("SELECT password FROM system.subusers WHERE username=?", [$login]);
90 90
     if (@$result->rowCount() > 0) {
91 91
         $entry = $result->fetch(PDO::FETCH_OBJ);
92 92
         $db_password = $entry->password;
... ...
@@ -117,7 +117,7 @@ function find_role($login, $password, $i_am_admin = false)
117 117
             }
118 118
         }
119 119
     }
120
-    $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account=?", array($account));
120
+    $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account=?", [$account]);
121 121
     if (@$result->rowCount() > 0) {
122 122
         $entry = $result->fetch(PDO::FETCH_OBJ);
123 123
         $db_password = $entry->cryptpass;
... ...
@@ -131,7 +131,7 @@ function find_role($login, $password, $i_am_admin = false)
131 131
 
132 132
     // virtueller Mail-Account
133 133
     $account = $login;
134
-    $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", array($account));
134
+    $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", [$account]);
135 135
     if (@$result->rowCount() > 0) {
136 136
         $entry = $result->fetch(PDO::FETCH_OBJ);
137 137
         $db_password = $entry->cryptpass;
... ...
@@ -153,9 +153,9 @@ function is_locked()
153 153
 {
154 154
     $result = null;
155 155
     if (isset($_SESSION['customerinfo']['customerno'])) {
156
-        $result = db_query("SELECT gesperrt FROM kundendaten.kunden WHERE id=?", array($_SESSION['customerinfo']['customerno']));
156
+        $result = db_query("SELECT gesperrt FROM kundendaten.kunden WHERE id=?", [$_SESSION['customerinfo']['customerno']]);
157 157
     } elseif (isset($_SESSION['userinfo']['uid'])) {
158
-        $result = db_query("SELECT (SELECT gesperrt FROM kundendaten.kunden WHERE id=useraccounts.kunde) AS gesperrt FROM system.useraccounts WHERE uid=?", array($_SESSION['userinfo']['uid']));
158
+        $result = db_query("SELECT (SELECT gesperrt FROM kundendaten.kunden WHERE id=useraccounts.kunde) AS gesperrt FROM system.useraccounts WHERE uid=?", [$_SESSION['userinfo']['uid']]);
159 159
     }
160 160
     if ($result) {
161 161
         $line = $result->fetch();
... ...
@@ -170,17 +170,17 @@ function is_locked()
170 170
 function get_customer_info($customer)
171 171
 {
172 172
     if (! $_SESSION['role'] & ROLE_CUSTOMER) {
173
-        return array();
173
+        return [];
174 174
     }
175
-    $ret = array();
175
+    $ret = [];
176 176
     $customerno = (int) $customer;
177 177
     if ($customerno != 0) {
178 178
         DEBUG('Looking up customerinfo for customer no. '.$customerno);
179
-        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id=?", array($customerno));
179
+        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id=?", [$customerno]);
180 180
     } else {
181 181
         $username = $customer;
182 182
         DEBUG('looking up customer info for username '.$username);
183
-        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
183
+        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", [$username]);
184 184
     }
185 185
     if (@$result->rowCount() == 0) {
186 186
         system_failure("Konnte Kundendaten nicht auslesen!");
... ...
@@ -199,7 +199,7 @@ function get_customer_info($customer)
199 199
 
200 200
 function get_subuser_info($username)
201 201
 {
202
-    $result = db_query("SELECT uid, modules FROM system.subusers WHERE username=?", array($username));
202
+    $result = db_query("SELECT uid, modules FROM system.subusers WHERE username=?", [$username]);
203 203
     if ($result->rowCount() < 1) {
204 204
         logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
205 205
         system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
... ...
@@ -214,48 +214,48 @@ function get_subuser_info($username)
214 214
 function get_user_info($username)
215 215
 {
216 216
     $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
217
-                      FROM system.v_useraccounts WHERE username=:username OR uid=:username", array(":username" => $username));
217
+                      FROM system.v_useraccounts WHERE username=:username OR uid=:username", [":username" => $username]);
218 218
     if ($result->rowCount() < 1) {
219 219
         logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
220 220
         system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
221 221
     }
222 222
     $val = @$result->fetch(PDO::FETCH_OBJ);
223
-    return array(
223
+    return [
224 224
           'username'      => $val->username,
225 225
           'customerno'    => $val->customerno,
226 226
           'uid'           => $val->uid,
227 227
           'homedir'       => $val->homedir,
228 228
           'server'        => $val->server,
229 229
           'name'          => $val->name,
230
-          );
230
+          ];
231 231
 }
232 232
 
233 233
 function set_customer_verified($customerno)
234 234
 {
235 235
     $customerno = (int) $customerno;
236
-    db_query("UPDATE kundendaten.kunden SET status=0 WHERE id=?", array($customerno));
236
+    db_query("UPDATE kundendaten.kunden SET status=0 WHERE id=?", [$customerno]);
237 237
     logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0.");
238 238
 }
239 239
 
240 240
 function set_customer_lastlogin($customerno)
241 241
 {
242 242
     $customerno = (int) $customerno;
243
-    db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id=?", array($customerno));
243
+    db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id=?", [$customerno]);
244 244
 }
245 245
 
246 246
 function set_customer_password($customerno, $newpass)
247 247
 {
248 248
     $customerno = (int) $customerno;
249 249
     $newpass = sha1($newpass);
250
-    db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", array(":newpass" => $newpass, ":customerno" => $customerno));
250
+    db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", [":newpass" => $newpass, ":customerno" => $customerno]);
251 251
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
252 252
 }
253 253
 
254 254
 function set_subuser_password($subuser, $newpass)
255 255
 {
256
-    $args = array(":subuser" => $subuser,
256
+    $args = [":subuser" => $subuser,
257 257
                 ":uid" => (int) $_SESSION['userinfo']['uid'],
258
-                ":newpass" => sha1($newpass));
258
+                ":newpass" => sha1($newpass), ];
259 259
     db_query("UPDATE system.subusers SET password=:newpass WHERE username=:subuser AND uid=:uid", $args);
260 260
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
261 261
 }
... ...
@@ -265,14 +265,14 @@ function set_systemuser_password($uid, $newpass)
265 265
     $uid = (int) $uid;
266 266
     require_once('inc/base.php');
267 267
     $newpass = crypt($newpass, '$6$'.random_string(8).'$');
268
-    db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
268
+    db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", [":newpass" => $newpass, ":uid" => $uid]);
269 269
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
270 270
 }
271 271
 
272 272
 
273 273
 function user_for_mailaccount($account)
274 274
 {
275
-    $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account=?", array($account));
275
+    $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account=?", [$account]);
276 276
     if ($result->rowCount() != 1) {
277 277
         system_failure('Diese Adresse ist herrenlos?!');
278 278
     }
... ...
@@ -282,7 +282,7 @@ function user_for_mailaccount($account)
282 282
 
283 283
 function user_for_vmail_account($account)
284 284
 {
285
-    $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)=?", array($account));
285
+    $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)=?", [$account]);
286 286
     if ($result->rowCount() != 1) {
287 287
         system_failure('Diese Adresse ist herrenlos?!');
288 288
     }
... ...
@@ -302,7 +302,7 @@ function setup_session($role, $useridentity)
302 302
         $_SESSION['restrict_modules'] = explode(',', $info['modules']);
303 303
         $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
304 304
         $_SESSION['subuser'] = $useridentity;
305
-        $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", array($info['username']));
305
+        $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", [$info['username']]);
306 306
         if ($entry = $data->fetch()) {
307 307
             if ($entry['kundenaccount'] == 1) {
308 308
                 $customer = get_customer_info($_SESSION['userinfo']['username']);
... ...
@@ -345,6 +345,6 @@ function setup_session($role, $useridentity)
345 345
         DEBUG("We are virtual mailaccount: {$_SESSION['mailaccount']}");
346 346
     }
347 347
     if (! ($role & ROLE_CUSTOMER)) {
348
-        $_SESSION['customerinfo'] = array();
348
+        $_SESSION['customerinfo'] = [];
349 349
     }
350 350
 }
Browse code

Simplify crypt() calls, always assume SHA512 is available, use default value for rounds

Hanno Böck authored on 13/01/2021 10:32:52
Showing 1 changed files
... ...
@@ -264,14 +264,7 @@ function set_systemuser_password($uid, $newpass)
264 264
 {
265 265
     $uid = (int) $uid;
266 266
     require_once('inc/base.php');
267
-    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
268
-        $rounds = rand(1000, 5000);
269
-        $salt = "rounds=".$rounds."$".random_string(8);
270
-        $newpass = crypt($newpass, "\$6\${$salt}\$");
271
-    } else {
272
-        $salt = random_string(8);
273
-        $newpass = crypt($newpass, "\$1\${$salt}\$");
274
-    }
267
+    $newpass = crypt($newpass, '$6$'.random_string(8).'$');
275 268
     db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
276 269
     logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
277 270
 }
Browse code

show a warning on the start page when customer account is locked

Bernd Wurst authored on 20/05/2020 11:19:51
Showing 1 changed files
... ...
@@ -149,6 +149,23 @@ function find_role($login, $password, $i_am_admin = false)
149 149
     return null;
150 150
 }
151 151
 
152
+function is_locked()
153
+{
154
+    $result = null;
155
+    if (isset($_SESSION['customerinfo']['customerno'])) {
156
+        $result = db_query("SELECT gesperrt FROM kundendaten.kunden WHERE id=?", array($_SESSION['customerinfo']['customerno']));
157
+    } elseif (isset($_SESSION['userinfo']['uid'])) {
158
+        $result = db_query("SELECT (SELECT gesperrt FROM kundendaten.kunden WHERE id=useraccounts.kunde) AS gesperrt FROM system.useraccounts WHERE uid=?", array($_SESSION['userinfo']['uid']));
159
+    }
160
+    if ($result) {
161
+        $line = $result->fetch();
162
+        if ($line['gesperrt'] == 1) {
163
+            return true;
164
+        }
165
+    }
166
+    return false;
167
+}
168
+
152 169
 
153 170
 function get_customer_info($customer)
154 171
 {
Browse code

Lösche alte Kundendaten aus der Session beim su

Bernd Wurst authored on 31/07/2019 07:09:53
Showing 1 changed files
... ...
@@ -334,4 +334,7 @@ function setup_session($role, $useridentity)
334 334
         $_SESSION['userinfo'] = get_user_info($uid);
335 335
         DEBUG("We are virtual mailaccount: {$_SESSION['mailaccount']}");
336 336
     }
337
+    if (! ($role & ROLE_CUSTOMER)) {
338
+        $_SESSION['customerinfo'] = array();
339
+    }
337 340
 }
Browse code

add brute force protection to login

Bernd Wurst authored on 10/04/2019 07:56:36
Showing 1 changed files
... ...
@@ -32,6 +32,14 @@ define('ROLE_SUBUSER', 32);
32 32
 
33 33
 function find_role($login, $password, $i_am_admin = false)
34 34
 {
35
+    if (!$i_am_admin) {
36
+        $failed = count_failed_logins();
37
+        if ($failed > 5) {
38
+            global $title;
39
+            $title = '';
40
+            system_failure("Zu viele fehlgeschlagenen Login-Versuche! Bitte warten Sie einige Minuten bis zum nächsten Versuch!");
41
+        }
42
+    }
35 43
     // Domain-Admin?  <not implemented>
36 44
     // System-User?
37 45
     $uid = (int) $login;
Browse code

remove whitespace in empty lines

Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
... ...
@@ -120,7 +120,7 @@ function find_role($login, $password, $i_am_admin = false)
120 120
         }
121 121
         logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing e-mail-account »{$account}«.");
122 122
     }
123
-  
123
+
124 124
     // virtueller Mail-Account
125 125
     $account = $login;
126 126
     $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", array($account));
... ...
@@ -134,7 +134,7 @@ function find_role($login, $password, $i_am_admin = false)
134 134
         }
135 135
         logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing virtual e-mail-account »{$account}«.");
136 136
     }
137
-  
137
+
138 138
 
139 139
 
140 140
     // Nothing?
... ...
@@ -167,7 +167,7 @@ function get_customer_info($customer)
167 167
     $ret['company'] = $data['firma'];
168 168
     $ret['name'] = $data['name'];
169 169
     $ret['email'] = $data['email'];
170
-  
170
+
171 171
     return $ret;
172 172
 }
173 173
 
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -30,180 +30,172 @@ define('ROLE_SUBUSER', 32);
30 30
 
31 31
 // Gibt die Rolle aus, wenn das Passwort stimmt
32 32
 
33
-function find_role($login, $password, $i_am_admin = False)
33
+function find_role($login, $password, $i_am_admin = false)
34 34
 {
35
-  // Domain-Admin?  <not implemented>
36
-  // System-User?
37
-  $uid = (int) $login;
38
-  if ($uid == 0)
39
-    $uid = NULL;
40
-  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
41
-  if (@$result->rowCount() > 0)
42
-  {
43
-    $entry = $result->fetch(PDO::FETCH_OBJ);
44
-    if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) {
45
-      // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein.
46
-      logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
47
-      warning('Beachten Sie bei der Eingabe Ihrer Zugangsdaten bitte die Groß- und Kleinschreibung.');
48
-      return NULL;  
35
+    // Domain-Admin?  <not implemented>
36
+    // System-User?
37
+    $uid = (int) $login;
38
+    if ($uid == 0) {
39
+        $uid = null;
49 40
     }
50
-    $db_password = $entry->password;
51
-    $hash = crypt($password, $db_password);
52
-    if (($entry->status == 0 && $hash == $db_password) || $i_am_admin)
53
-    {
54
-      $role = ROLE_SYSTEMUSER;
55
-      if ($entry->primary)
56
-        $role = $role | ROLE_CUSTOMER;
57
-      if ($entry->admin)
58
-        $role = $role | ROLE_SYSADMIN;
59
-      logger(LOG_INFO, "session/checkuser", "login", "logged in systemuser »{$login}«.");
60
-      return $role;
41
+    $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
42
+    if (@$result->rowCount() > 0) {
43
+        $entry = $result->fetch(PDO::FETCH_OBJ);
44
+        if (strcasecmp($entry->username, $login) == 0 && $entry->username != $login) {
45
+            // MySQL matched (warum auch immer) ohne Beachtung der Schreibweise. Wir wollen aber case-sensitive sein.
46
+            logger(LOG_WARNING, "session/checkuser", "login", "denying login to wrong cased username »{$login}«.");
47
+            warning('Beachten Sie bei der Eingabe Ihrer Zugangsdaten bitte die Groß- und Kleinschreibung.');
48
+            return null;
49
+        }
50
+        $db_password = $entry->password;
51
+        $hash = crypt($password, $db_password);
52
+        if (($entry->status == 0 && $hash == $db_password) || $i_am_admin) {
53
+            $role = ROLE_SYSTEMUSER;
54
+            if ($entry->primary) {
55
+                $role = $role | ROLE_CUSTOMER;
56
+            }
57
+            if ($entry->admin) {
58
+                $role = $role | ROLE_SYSADMIN;
59
+            }
60
+            logger(LOG_INFO, "session/checkuser", "login", "logged in systemuser »{$login}«.");
61
+            return $role;
62
+        }
63
+        logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing useraccount »{$login}«.");
64
+    } else {
65
+        logger(LOG_WARNING, "session/checkuser", "login", "did not find useraccount »{$login}«. trying other roles...");
61 66
     }
62
-    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing useraccount »{$login}«.");
63
-  } else {
64
-    logger(LOG_WARNING, "session/checkuser", "login", "did not find useraccount »{$login}«. trying other roles...");
65
-  }
66
-
67
-  // Customer?
68
-  $customerno = (int) $login;
69
-  $pass = sha1($password);
70
-  $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=:customerno AND passwort=:pass", array(":customerno" => $customerno, ":pass" => $pass));
71
-  if ($i_am_admin)
72
-    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=?", array($customerno));
73
-  if (@$result->rowCount() > 0)
74
-  {
75
-    return ROLE_CUSTOMER;
76
-  }
77
-
78
-  // Sub-User
79
-
80
-  $result = db_query("SELECT password FROM system.subusers WHERE username=?", array($login));
81
-  if (@$result->rowCount() > 0)
82
-  {
83
-    $entry = $result->fetch(PDO::FETCH_OBJ);
84
-    $db_password = $entry->password;
85
-    // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
86
-    if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin)
87
-    {
88
-      logger(LOG_INFO, "session/checkuser", "login", "logged in virtual subuser »{$login}«.");
89
-      return ROLE_SUBUSER;
67
+
68
+    // Customer?
69
+    $customerno = (int) $login;
70
+    $pass = sha1($password);
71
+    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=:customerno AND passwort=:pass", array(":customerno" => $customerno, ":pass" => $pass));
72
+    if ($i_am_admin) {
73
+        $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id=?", array($customerno));
74
+    }
75
+    if (@$result->rowCount() > 0) {
76
+        return ROLE_CUSTOMER;
77
+    }
78
+
79
+    // Sub-User
80
+
81
+    $result = db_query("SELECT password FROM system.subusers WHERE username=?", array($login));
82
+    if (@$result->rowCount() > 0) {
83
+        $entry = $result->fetch(PDO::FETCH_OBJ);
84
+        $db_password = $entry->password;
85
+        // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
86
+        if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin) {
87
+            logger(LOG_INFO, "session/checkuser", "login", "logged in virtual subuser »{$login}«.");
88
+            return ROLE_SUBUSER;
89
+        }
90
+        logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing subuser »{$login}«.");
91
+    }
92
+
93
+
94
+    // Mail-Account
95
+    $account = $login;
96
+    if (! strstr($account, '@')) {
97
+        $account .= '@'.config('masterdomain');
90 98
     }
91
-    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing subuser »{$login}«.");
92
-  }
93
-
94
-
95
-  // Mail-Account
96
-  $account = $login;
97
-  if (! strstr($account, '@')) {
98
-    $account .= '@'.config('masterdomain');
99
-  }
100
-  if (!$i_am_admin && have_module('webmailtotp')) {
101
-    require_once('modules/webmailtotp/include/totp.php');
102
-    if (account_has_totp($account)) {
103
-      if (check_webmail_password($account, $password)) {
104
-        $_SESSION['totp_username'] = $account;
105
-        $_SESSION['totp'] = True;
106
-        show_page('webmailtotp-login');
107
-        die();
108
-      } else {
109
-        return NULL;
110
-      }
99
+    if (!$i_am_admin && have_module('webmailtotp')) {
100
+        require_once('modules/webmailtotp/include/totp.php');
101
+        if (account_has_totp($account)) {
102
+            if (check_webmail_password($account, $password)) {
103
+                $_SESSION['totp_username'] = $account;
104
+                $_SESSION['totp'] = true;
105
+                show_page('webmailtotp-login');
106
+                die();
107
+            } else {
108
+                return null;
109
+            }
110
+        }
111 111
     }
112
-  }
113
-  $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account=?", array($account));
114
-  if (@$result->rowCount() > 0)
115
-  {
116
-    $entry = $result->fetch(PDO::FETCH_OBJ);
117
-    $db_password = $entry->cryptpass;
118
-    $hash = crypt($password, $db_password);
119
-    if ($hash == $db_password || $i_am_admin)
120
-    {
121
-      logger(LOG_INFO, "session/checkuser", "login", "logged in e-mail-account »{$account}«.");
122
-      return ROLE_MAILACCOUNT;
112
+    $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account=?", array($account));
113
+    if (@$result->rowCount() > 0) {
114
+        $entry = $result->fetch(PDO::FETCH_OBJ);
115
+        $db_password = $entry->cryptpass;
116
+        $hash = crypt($password, $db_password);
117
+        if ($hash == $db_password || $i_am_admin) {
118
+            logger(LOG_INFO, "session/checkuser", "login", "logged in e-mail-account »{$account}«.");
119
+            return ROLE_MAILACCOUNT;
120
+        }
121
+        logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing e-mail-account »{$account}«.");
123 122
     }
124
-    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing e-mail-account »{$account}«.");
125
-  }
126 123
   
127
-  // virtueller Mail-Account
128
-  $account = $login;
129
-  $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", array($account));
130
-  if (@$result->rowCount() > 0)
131
-  {
132
-    $entry = $result->fetch(PDO::FETCH_OBJ);
133
-    $db_password = $entry->cryptpass;
134
-    $hash = crypt($password, $db_password);
135
-    if ($hash == $db_password || $i_am_admin)
136
-    {
137
-      logger(LOG_INFO, "session/checkuser", "login", "logged in virtual e-mail-account »{$account}«.");
138
-      return ROLE_VMAIL_ACCOUNT;
124
+    // virtueller Mail-Account
125
+    $account = $login;
126
+    $result = db_query("SELECT cryptpass FROM mail.courier_virtual_accounts WHERE account=?", array($account));
127
+    if (@$result->rowCount() > 0) {
128
+        $entry = $result->fetch(PDO::FETCH_OBJ);
129
+        $db_password = $entry->cryptpass;
130
+        $hash = crypt($password, $db_password);
131
+        if ($hash == $db_password || $i_am_admin) {
132
+            logger(LOG_INFO, "session/checkuser", "login", "logged in virtual e-mail-account »{$account}«.");
133
+            return ROLE_VMAIL_ACCOUNT;
134
+        }
135
+        logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing virtual e-mail-account »{$account}«.");
139 136
     }
140
-    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing virtual e-mail-account »{$account}«.");
141
-  }
142 137
   
143 138
 
144 139
 
145
-  // Nothing?
146
-  return NULL;
140
+    // Nothing?
141
+    return null;
147 142
 }
148 143
 
149 144
 
150 145
 function get_customer_info($customer)
151 146
 {
152
-  if (! $_SESSION['role'] & ROLE_CUSTOMER)
153
-    return array();
154
-  $ret = array();
155
-  $customerno = (int) $customer;
156
-  if ($customerno != 0)
157
-  {
158
-    DEBUG('Looking up customerinfo for customer no. '.$customerno);
159
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id=?", array($customerno));
160
-  }
161
-  else
162
-  {
163
-    $username = $customer;
164
-    DEBUG('looking up customer info for username '.$username);
165
-    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
166
-  }
167
-  if (@$result->rowCount() == 0)
168
-    system_failure("Konnte Kundendaten nicht auslesen!");
169
-  $data = $result->fetch();
170
-  DEBUG($data);
171
-  $ret['customerno'] = $data['id'];
172
-  $ret['title'] = $data['anrede'];
173
-  $ret['company'] = $data['firma'];
174
-  $ret['name'] = $data['name'];
175
-  $ret['email'] = $data['email'];
147
+    if (! $_SESSION['role'] & ROLE_CUSTOMER) {
148
+        return array();
149
+    }
150
+    $ret = array();
151
+    $customerno = (int) $customer;
152
+    if ($customerno != 0) {
153
+        DEBUG('Looking up customerinfo for customer no. '.$customerno);
154
+        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden WHERE id=?", array($customerno));
155
+    } else {
156
+        $username = $customer;
157
+        DEBUG('looking up customer info for username '.$username);
158
+        $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name, COALESCE(email,email_rechnung,email_extern) AS email FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
159
+    }
160
+    if (@$result->rowCount() == 0) {
161
+        system_failure("Konnte Kundendaten nicht auslesen!");
162
+    }
163
+    $data = $result->fetch();
164
+    DEBUG($data);
165
+    $ret['customerno'] = $data['id'];
166
+    $ret['title'] = $data['anrede'];
167
+    $ret['company'] = $data['firma'];
168
+    $ret['name'] = $data['name'];
169
+    $ret['email'] = $data['email'];
176 170
   
177
-  return $ret;
171
+    return $ret;
178 172
 }
179 173
 
180 174
 
181 175
 function get_subuser_info($username)
182 176
 {
183
-  $result = db_query("SELECT uid, modules FROM system.subusers WHERE username=?", array($username));
184
-  if ($result->rowCount() < 1)
185
-  {
186
-    logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
187
-    system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
188
-  }
189
-  $data = $result->fetch();
190
-  $userinfo = get_user_info($data['uid']);
191
-  $userinfo['modules'] = $data['modules'];
192
-  return $userinfo;
177
+    $result = db_query("SELECT uid, modules FROM system.subusers WHERE username=?", array($username));
178
+    if ($result->rowCount() < 1) {
179
+        logger(LOG_ERR, "session/checkuser", "login", "error reading subuser's data: »{$username}«");
180
+        system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
181
+    }
182
+    $data = $result->fetch();
183
+    $userinfo = get_user_info($data['uid']);
184
+    $userinfo['modules'] = $data['modules'];
185
+    return $userinfo;
193 186
 }
194 187
 
195 188
 
196 189
 function get_user_info($username)
197 190
 {
198
-  $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
191
+    $result = db_query("SELECT kunde AS customerno, username, uid, homedir, name, server
199 192
                       FROM system.v_useraccounts WHERE username=:username OR uid=:username", array(":username" => $username));
200
-  if ($result->rowCount() < 1)
201
-  {
202
-    logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
203
-    system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
204
-  }
205
-  $val = @$result->fetch(PDO::FETCH_OBJ);
206
-  return array(
193
+    if ($result->rowCount() < 1) {
194
+        logger(LOG_ERR, "session/checkuser", "login", "error reading user's data: »{$username}«");
195
+        system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator');
196
+    }
197
+    $val = @$result->fetch(PDO::FETCH_OBJ);
198
+    return array(
207 199
           'username'      => $val->username,
208 200
           'customerno'    => $val->customerno,
209 201
           'uid'           => $val->uid,
... ...
@@ -215,133 +207,123 @@ function get_user_info($username)
215 207
 
216 208
 function set_customer_verified($customerno)
217 209
 {
218
-  $customerno = (int) $customerno;
219
-  db_query("UPDATE kundendaten.kunden SET status=0 WHERE id=?", array($customerno));
220
-  logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0.");
210
+    $customerno = (int) $customerno;
211
+    db_query("UPDATE kundendaten.kunden SET status=0 WHERE id=?", array($customerno));
212
+    logger(LOG_INFO, "session/checkuser", "register", "set customer's status to 0.");
221 213
 }
222 214
 
223 215
 function set_customer_lastlogin($customerno)
224 216
 {
225
-  $customerno = (int) $customerno;
226
-  db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id=?", array($customerno));
217
+    $customerno = (int) $customerno;
218
+    db_query("UPDATE kundendaten.kunden SET lastlogin=NOW() WHERE id=?", array($customerno));
227 219
 }
228 220
 
229 221
 function set_customer_password($customerno, $newpass)
230 222
 {
231
-  $customerno = (int) $customerno;
232
-  $newpass = sha1($newpass);
233
-  db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", array(":newpass" => $newpass, ":customerno" => $customerno));
234
-  logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
223
+    $customerno = (int) $customerno;
224
+    $newpass = sha1($newpass);
225
+    db_query("UPDATE kundendaten.kunden SET passwort=:newpass WHERE id=:customerno", array(":newpass" => $newpass, ":customerno" => $customerno));
226
+    logger(LOG_INFO, "session/checkuser", "pwchange", "changed customer's password.");
235 227
 }
236 228
 
237 229
 function set_subuser_password($subuser, $newpass)
238 230
 {
239
-  $args = array(":subuser" => $subuser,
231
+    $args = array(":subuser" => $subuser,
240 232
                 ":uid" => (int) $_SESSION['userinfo']['uid'],
241 233
                 ":newpass" => sha1($newpass));
242
-  db_query("UPDATE system.subusers SET password=:newpass WHERE username=:subuser AND uid=:uid", $args);
243
-  logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
234
+    db_query("UPDATE system.subusers SET password=:newpass WHERE username=:subuser AND uid=:uid", $args);
235
+    logger(LOG_INFO, "session/checkuser", "pwchange", "changed subuser's password.");
244 236
 }
245 237
 
246 238
 function set_systemuser_password($uid, $newpass)
247 239
 {
248
-  $uid = (int) $uid;
249
-  require_once('inc/base.php');
250
-  if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1)
251
-  {
252
-    $rounds = rand(1000, 5000);
253
-    $salt = "rounds=".$rounds."$".random_string(8);
254
-    $newpass = crypt($newpass, "\$6\${$salt}\$");
255
-  }
256
-  else
257
-  {
258
-    $salt = random_string(8);
259
-    $newpass = crypt($newpass, "\$1\${$salt}\$");
260
-  }
261
-  db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
262
-  logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
240
+    $uid = (int) $uid;
241
+    require_once('inc/base.php');
242
+    if (defined("CRYPT_SHA512") && CRYPT_SHA512 == 1) {
243
+        $rounds = rand(1000, 5000);
244
+        $salt = "rounds=".$rounds."$".random_string(8);
245
+        $newpass = crypt($newpass, "\$6\${$salt}\$");
246
+    } else {
247
+        $salt = random_string(8);
248
+        $newpass = crypt($newpass, "\$1\${$salt}\$");
249
+    }
250
+    db_query("UPDATE system.passwoerter SET passwort=:newpass WHERE uid=:uid", array(":newpass" => $newpass, ":uid" => $uid));
251
+    logger(LOG_INFO, "session/checkuser", "pwchange", "changed user's password.");
263 252
 }
264 253
 
265 254
 
266
-function user_for_mailaccount($account) 
255
+function user_for_mailaccount($account)
267 256
 {
268
-  $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account=?", array($account));
269
-  if ($result->rowCount() != 1) {
270
-    system_failure('Diese Adresse ist herrenlos?!');
271
-  }
272
-  $tmp = $result->fetch();
273
-  return $tmp['uid'];
257
+    $result = db_query("SELECT uid FROM mail.courier_mailaccounts WHERE account=?", array($account));
258
+    if ($result->rowCount() != 1) {
259
+        system_failure('Diese Adresse ist herrenlos?!');
260
+    }
261
+    $tmp = $result->fetch();
262
+    return $tmp['uid'];
274 263
 }
275 264
 
276 265
 function user_for_vmail_account($account)
277 266
 {
278
-  $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)=?", array($account));
279
-  if ($result->rowCount() != 1) {
280
-    system_failure('Diese Adresse ist herrenlos?!');
281
-  }
282
-  $tmp = $result->fetch();
283
-  return $tmp['useraccount'];
267
+    $result = db_query("SELECT useraccount FROM mail.v_vmail_accounts WHERE CONCAT_WS('@', local, domainname)=?", array($account));
268
+    if ($result->rowCount() != 1) {
269
+        system_failure('Diese Adresse ist herrenlos?!');
270
+    }
271
+    $tmp = $result->fetch();
272
+    return $tmp['useraccount'];
284 273
 }
285 274
 
286 275
 
287 276
 function setup_session($role, $useridentity)
288 277
 {
289
-  session_regenerate_id();
290
-  $_SESSION['role'] = $role;
291
-  if ($role & ROLE_SUBUSER)
292
-  {
293
-    DEBUG("We are a sub-user");
294
-    $info = get_subuser_info($useridentity);
295
-    $_SESSION['userinfo'] = $info;
296
-    $_SESSION['restrict_modules'] = explode(',', $info['modules']);
297
-    $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
298
-    $_SESSION['subuser'] = $useridentity;
299
-    $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", array($info['username']));
300
-    if ($entry = $data->fetch()) {
301
-      if ($entry['kundenaccount'] == 1) {
302
-        $customer = get_customer_info($_SESSION['userinfo']['username']);
303
-        $_SESSION['customerinfo'] = $customer;
304
-        $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
305
-      }
278
+    session_regenerate_id();
279
+    $_SESSION['role'] = $role;
280
+    if ($role & ROLE_SUBUSER) {
281
+        DEBUG("We are a sub-user");
282
+        $info = get_subuser_info($useridentity);
283
+        $_SESSION['userinfo'] = $info;
284
+        $_SESSION['restrict_modules'] = explode(',', $info['modules']);
285
+        $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
286
+        $_SESSION['subuser'] = $useridentity;
287
+        $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", array($info['username']));
288
+        if ($entry = $data->fetch()) {
289
+            if ($entry['kundenaccount'] == 1) {
290
+                $customer = get_customer_info($_SESSION['userinfo']['username']);
291
+                $_SESSION['customerinfo'] = $customer;
292
+                $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_CUSTOMER | ROLE_SUBUSER;
293
+            }
294
+        }
295
+        logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
306 296
     }
307
-    logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
308
-  }
309
-  if ($role & ROLE_SYSTEMUSER)
310
-  {
311
-    DEBUG("We are system user");
312
-    $info = get_user_info($useridentity);
313
-    $_SESSION['userinfo'] = $info;
314
-    logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
315
-    $useridentity = $info['customerno'];
316
-  }
317
-  if ($role & ROLE_CUSTOMER)
318
-  {
319
-    $info = get_customer_info($useridentity);
320
-    $_SESSION['customerinfo'] = $info;
321
-    if (!isset($_SESSION['admin_user'])) {
322
-      set_customer_lastlogin($info['customerno']);
297
+    if ($role & ROLE_SYSTEMUSER) {
298
+        DEBUG("We are system user");
299
+        $info = get_user_info($useridentity);
300
+        $_SESSION['userinfo'] = $info;
301
+        logger(LOG_INFO, "session/start", "login", "logged in user »{$info['username']}«");
302
+        $useridentity = $info['customerno'];
303
+    }
304
+    if ($role & ROLE_CUSTOMER) {
305
+        $info = get_customer_info($useridentity);
306
+        $_SESSION['customerinfo'] = $info;
307
+        if (!isset($_SESSION['admin_user'])) {
308
+            set_customer_lastlogin($info['customerno']);
309
+        }
310
+        logger(LOG_INFO, "session/start", "login", "logged in customer no »{$info['customerno']}«");
311
+    }
312
+    if ($role & ROLE_MAILACCOUNT) {
313
+        $id = $useridentity;
314
+        if (! strstr($id, '@')) {
315
+            $id .= '@'.config('masterdomain');
316
+        }
317
+        $uid = user_for_mailaccount($id);
318
+        $_SESSION['mailaccount'] = $id;
319
+        $_SESSION['userinfo'] = get_user_info($uid);
320
+        DEBUG("We are mailaccount: {$_SESSION['mailaccount']}");
321
+    }
322
+    if ($role & ROLE_VMAIL_ACCOUNT) {
323
+        $id = $useridentity;
324
+        $uid = user_for_vmail_account($id);
325
+        $_SESSION['mailaccount'] = $id;
326
+        $_SESSION['userinfo'] = get_user_info($uid);
327
+        DEBUG("We are virtual mailaccount: {$_SESSION['mailaccount']}");
323 328
     }
324
-    logger(LOG_INFO, "session/start", "login", "logged in customer no »{$info['customerno']}«");
325
-  }
326
-  if ($role & ROLE_MAILACCOUNT)
327
-  {
328
-    $id = $useridentity;
329
-    if (! strstr($id, '@'))
330
-      $id .= '@'.config('masterdomain');
331
-    $uid = user_for_mailaccount($id);
332
-    $_SESSION['mailaccount'] = $id;
333
-    $_SESSION['userinfo'] = get_user_info($uid);
334
-    DEBUG("We are mailaccount: {$_SESSION['mailaccount']}");
335
-  }
336
-  if ($role & ROLE_VMAIL_ACCOUNT)
337
-  {
338
-    $id = $useridentity;
339
-    $uid = user_for_vmail_account($id);
340
-    $_SESSION['mailaccount'] = $id;
341
-    $_SESSION['userinfo'] = get_user_info($uid);
342
-    DEBUG("We are virtual mailaccount: {$_SESSION['mailaccount']}");
343
-  }
344
-
345 329
 }
346
-
347
-?>
Browse code

Copyright year update

Bernd Wurst authored on 13/01/2018 06:07:05
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on 08/02/2014 05:45:07
Showing 1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

String 'NULL' eliminiert

Bernd Wurst authored on 07/02/2014 14:21:11
Showing 1 changed files
... ...
@@ -36,7 +36,7 @@ function find_role($login, $password, $i_am_admin = False)
36 36
   // System-User?
37 37
   $uid = (int) $login;
38 38
   if ($uid == 0)
39
-    $uid = 'NULL';
39
+    $uid = NULL;
40 40
   $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
41 41
   if (@$result->rowCount() > 0)
42 42
   {
Browse code

Modul subusers auf prepared statements umgestellt / Typo

Bernd Wurst authored on 06/02/2014 09:18:48
Showing 1 changed files
... ...
@@ -297,7 +297,7 @@ function setup_session($role, $useridentity)
297 297
     $_SESSION['role'] = ROLE_SYSTEMUSER | ROLE_SUBUSER;
298 298
     $_SESSION['subuser'] = $useridentity;
299 299
     $data = db_query("SELECT kundenaccount FROM system.useraccounts WHERE username=?", array($info['username']));
300
-    if ($entry = $data->fetch) {
300
+    if ($entry = $data->fetch()) {
301 301
       if ($entry['kundenaccount'] == 1) {
302 302
         $customer = get_customer_info($_SESSION['userinfo']['username']);
303 303
         $_SESSION['customerinfo'] = $customer;
Browse code

Bugfix: Werte dürfen nicht auf "" stehen, wenn kein maybe_null mehr benutzt wird

Bernd Wurst authored on 03/02/2014 17:24:57
Showing 1 changed files
... ...
@@ -32,7 +32,6 @@ define('ROLE_SUBUSER', 32);
32 32
 
33 33
 function find_role($login, $password, $i_am_admin = False)
34 34
 {
35
-  $login = db_escape_string($login);
36 35
   // Domain-Admin?  <not implemented>
37 36
   // System-User?
38 37
   $uid = (int) $login;
Browse code

* Weitere Module auf prepared-statements umgestellt * Warnung beim Aufruf von db_escape_string() und maybe_null() hinzugefügt

Bernd Wurst authored on 03/02/2014 16:57:44
Showing 1 changed files
... ...
@@ -38,7 +38,7 @@ function find_role($login, $password, $i_am_admin = False)
38 38
   $uid = (int) $login;
39 39
   if ($uid == 0)
40 40
     $uid = 'NULL';
41
-  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
41
+  $result = db_query("SELECT username, passwort AS password, kundenaccount AS `primary`, status, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid=:uid OR username=:login LIMIT 1;", array(":uid" => $uid, ":login" => $login));
42 42
   if (@$result->rowCount() > 0)
43 43
   {
44 44
     $entry = $result->fetch(PDO::FETCH_OBJ);
... ...
@@ -68,9 +68,9 @@ function find_role($login, $password, $i_am_admin = False)