query("SELECT S_PFAD FROM $rcom_style WHERE S_AKTIVE = '1'") as $row) { $s_pfad = $row[0]; } foreach($dbh->query("SELECT M_CAT, M_NAME FROM $rcom_menu WHERE M_PRIVATE = '0'") as $row) { $RCOM_MENU[] = array( 'M_CAT' => $row[0], 'M_NAME' => $row[1], ); } foreach($dbh->query("SELECT L_ID, L_NAME FROM $rcom_link") as $row) { $RCOM_LINK[] = array( 'L_ID' => $row[0], 'L_NAME' => $row[1], ); } if($u_sess == '') {$RCOM_LOGIN = '

User Login:



Passwort:


[register]
';} if($register == 'true'){ $r_nick = ''; $r_mail = ''; $r_mail2 = ''; if(isset($_POST['register'])){ $r_nick = @strip_tags(htmlspecialchars($_POST["r_nick"],ENT_QUOTES)); $r_mail = @strip_tags(htmlspecialchars($_POST["r_mail"],ENT_QUOTES)); $r_mail2 = @strip_tags(htmlspecialchars($_POST["r_mail2"],ENT_QUOTES)); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT U_NICK FROM $rcom_user WHERE u_nick = '$r_nick'") as $row) { $u_nick = $row[0]; } if($u_nick != ''){$ERROR = 'Dieser Benutzer ist bereits registriert.';} elseif($r_nick == ''){$ERROR = 'Du hast keinen Benutzer eingegeben.';} elseif(!preg_match("/^[a-zA-Z0-9]{1,10}+$/s", $r_nick)){$ERROR = 'Der Nickname darf 1-10 Zeichen haben, und aus a-z und 0-9 bestehen';} elseif($r_mail == ''){$ERROR = 'Du hast keine E-Mail eingegeben.';} elseif($r_mail != $r_mail2){$ERROR = 'Die E-Mail Adresse stimmt nicht überein.';} elseif(!preg_match("/^[a-z0-9&\'\.\-_\+]+@[a-z0-9\-]+\.([a-z0-9\-]+\.)*+[a-z]{2}/is", $r_mail)){$ERROR = 'Die E-Mail Adresse ist nicht zulässig.';} elseif($ERROR == ''){ function buildPassword ( $intLength = 6 ){ $strUniqueID = uniqid ( mt_rand (), TRUE ); $strMD5Hash = md5 ( $strUniqueID ); return substr ( $strMD5Hash , 0 , $intLength ); } $GEN_PASS = buildPassword(); $hash = mhash (MHASH_SHA256, $GEN_PASS); $pass = bin2hex($hash); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); $dbh->exec("INSERT INTO $rcom_user (U_ID, U_NICK, U_PASS, U_MAIL, U_COL, U_HP, U_RIGHT, U_LOGIN, U_ONLINE, U_LOCK, U_LASTLOGIN, U_REGED, U_SESS, U_IP) values ('', '$r_nick', '$pass', '$r_mail', '', '', '1', '', '', '', '', '$timestamp', '', '')"); $dbh->query("OPTIMIZE TABLE $rcom_user"); mail($r_mail, 'Passwort', 'Hallo '.$r_nick.' . Dein Passwort lautet: '.$GEN_PASS); header("Location: login.php?register=ok"); $dbh = null; } } try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('ERROR', $ERROR); $tpl -> assign('R_NICK', $r_nick); $tpl -> assign('R_MAIL', $r_mail); $tpl -> assign('R_MAIL2', $r_mail2); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('register.tpl'); } catch(optException $exception) { optErrorHandler($exception); } die; } if($register == 'ok'){ try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('RCOM_LOGIN', $RCOM_LOGIN); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('register_ok.tpl'); } catch(optException $exception) { optErrorHandler($exception); } die; } if(isset($_POST['login'])){ $nick = @strip_tags(htmlspecialchars($_POST["nick"],ENT_QUOTES)); $pass = @strip_tags(htmlspecialchars($_POST["pass"],ENT_QUOTES)); $hash = mhash (MHASH_SHA256, $pass); $pass = bin2hex($hash); $dbh = new PDO('mysql:host='.$DB_HOST.';dbname='.$DB_NAME.'', $DB_USER, $DB_PASS); foreach($dbh->query("SELECT U_NICK, U_PASS, U_COL, U_RIGHT, U_LOGIN, U_LOCK, U_SESS, U_LOCK_TIMESTAMP, U_LOCK_IP FROM $rcom_user WHERE u_nick = '$nick'") as $row) { $u_nick = $row[0]; $u_pass = $row[1]; $u_col = $row[2]; $u_right = $row[3]; $u_login = $row[4]; $u_lock = $row[5]; $u_sess = $row[6]; $u_lock_timestamp = $row[7]; $u_lock_ip = $row[8]; } $IP = $_SERVER["REMOTE_ADDR"]; if($u_login >= 5){ if($IP != $u_lock_ip){ if($u_pass == $pass){ $dbh->query("UPDATE $rcom_user SET U_SESS = '".session_id()."', U_LOGIN = '0', U_ONLINE = '1', U_LASTLOGIN = '$timestamp', U_IP = '$IP', U_LOCK_TIMESTAMP = '' WHERE U_NICK = '$nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); header("Location: index.php"); }else{ $ERROR = 'Passwort wurde zu oft falsch eingegeben!
Versuche es später nochmal.'; $dbh->query("UPDATE $rcom_user SET U_LOGIN = '$u_login' + 1, U_LOCK_TIMESTAMP = '$timestamp', U_LOCK_IP = '$IP' WHERE U_NICK = '$u_nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); } } elseif($timestamp <= $u_lock_timestamp + 1500){ $ERROR = 'Passwort wurde zu oft falsch eingegeben!
Versuche es später nochmal.'; if($u_pass != $pass){ $dbh->query("UPDATE $rcom_user SET U_LOGIN = '$u_login' + 1, U_LOCK_TIMESTAMP = '$timestamp', U_LOCK_IP = '$IP' WHERE U_NICK = '$u_nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); } } elseif($timestamp >= $u_lock_timestamp + 1500){ $ERROR = 'Passwort wurde zu oft falsch eingegeben!
Versuche es später nochmal.'; if($u_pass == $pass){ $dbh->query("UPDATE $rcom_user SET U_SESS = '".session_id()."', U_LOGIN = '0', U_ONLINE = '1', U_LASTLOGIN = '$timestamp', U_IP = '$IP', U_LOCK_TIMESTAMP = '' WHERE U_NICK = '$nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); header("Location: index.php"); } } } elseif($u_lock == 1){$ERROR = 'User Gesperrt!
';} elseif($u_nick == ''){$ERROR = 'Nick oder Passwort falsch!
';} elseif($u_nick != $nick){$ERROR = 'Nick oder Passwort falsch!
';} elseif($u_pass != $pass){ $ERROR = 'Nick oder Passwort falsch!
'; $dbh->query("UPDATE $rcom_user SET U_LOGIN = '$u_login' + 1, U_LOCK_TIMESTAMP = '$timestamp', U_LOCK_IP = '$IP' WHERE U_NICK = '$u_nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); } elseif($ERROR == ''){ $dbh->query("UPDATE $rcom_user SET U_SESS = '".session_id()."', U_LOGIN = '0', U_ONLINE = '1', U_LASTLOGIN = '$timestamp', U_IP = '$IP', U_LOCK_TIMESTAMP = '' WHERE U_NICK = '$nick'"); $dbh->query("OPTIMIZE TABLE $rcom_user"); header("Location: index.php"); } } try { $tpl = new optClass; $tpl -> root = './templates/'.$s_pfad.'/'; $tpl -> compile = './templates_c/'; $tpl -> cache = './cache/'; $tpl -> httpHeaders(OPT_HTML); $tpl -> cacheStatus(true, $CACHE_TIME); $tpl -> debugConsole = $DEBUG_MODE; $tpl -> assign('RCOM_STYLE', $s_pfad); $tpl -> assign('RCOM_MENU', $RCOM_MENU); $tpl -> assign('RCOM_LINK', $RCOM_LINK); $tpl -> assign('ERROR', $ERROR); $tpl -> assign('FOOTER', $FOOTER); $tpl -> parse('login.tpl'); } catch(optException $exception) { optErrorHandler($exception); } $dbh = null; ?>