137 lines
4.7 KiB
PHP
137 lines
4.7 KiB
PHP
<?php
|
|
setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
|
|
|
|
require_once("lib/participoLib/participo.php");
|
|
require_once("config/participo.php");
|
|
|
|
require_once("./local/dbConf.php");
|
|
|
|
$basePath = $config['basePath'];
|
|
require_once($basePath."/config/phpcount.config.php");
|
|
require_once($basePath."/ressourcen/phpLib/phpcount/phpcount.php");
|
|
|
|
|
|
function checkCredentials($username, $password, $db_server, $db_user, $db_password, $db_name){
|
|
sleep(1);
|
|
$mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name);
|
|
if ($mysqli->connect_error) {
|
|
$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
|
|
} else {
|
|
$query = sprintf(
|
|
"SELECT id, loginName, pwHash, config FROM wkParticipo_Users WHERE loginName = '%s'",
|
|
$mysqli->real_escape_string($_POST['f']['username'])
|
|
);
|
|
$result = $mysqli->query($query);
|
|
if ($row = $result->fetch_array(MYSQLI_ASSOC)) {
|
|
if( password_verify( $_POST['f']['password'], $row['pwHash']) ){
|
|
session_start();
|
|
$_SESSION = array(
|
|
'login' => true,
|
|
'user' => array(
|
|
'username' => $row['loginName'],
|
|
'userId' => $row['id'],
|
|
'userConfig' => json_decode($row['config'], true)
|
|
),
|
|
);
|
|
$message['success'] = 'Anmeldung erfolgreich, <a href="index.php">weiter zum Inhalt</a>.';
|
|
PHPCount::AddHit("participo-Login-".$_POST['f']['username']);
|
|
|
|
// Logging Logins
|
|
logLoginsToJsonFile($_SESSION['user']['username']);
|
|
|
|
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/participo?user=' . $_POST['f']['username']);
|
|
} else {
|
|
sleep(5);
|
|
$message['error'] = 'Das Kennwort ist nicht korrekt.';
|
|
}
|
|
}
|
|
}
|
|
return $message;
|
|
}
|
|
|
|
/**
|
|
* Log the Login of an user into a logFile
|
|
*
|
|
* @param string $userName name of the user
|
|
* @param string $fileName filename to log to
|
|
* @return void
|
|
*/
|
|
function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){
|
|
try{
|
|
$lastLogins = json_decode(file_get_contents($fileName), true);
|
|
if(!array_key_exists($userName, $lastLogins))
|
|
$lastLogins[$userName] = [];
|
|
if(!array_key_exists('lastLogins', $lastLogins[$userName]))
|
|
$lastLogins[$userName]['lastLogins'] = [];
|
|
$lastLogins[$userName]['lastLogins'] = array_merge( array( date('Y-m-d H:i:s') ), $lastLogins[$userName]['lastLogins'] );
|
|
file_put_contents($fileName, json_encode($lastLogins));
|
|
}
|
|
catch (Exception $e){
|
|
// silently ignore errors
|
|
}
|
|
}
|
|
|
|
if (isset($_SESSION['login'])) {
|
|
header('Location: http://' . $_SERVER['HTTP_HOST'] . '/index.php');
|
|
}
|
|
else{
|
|
if (!empty($_POST)) {
|
|
if (
|
|
empty($_POST['f']['username']) ||
|
|
empty($_POST['f']['password'])
|
|
) {
|
|
$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
|
|
} else {
|
|
|
|
$message = checkCredentials($_POST['f']['username'], $_POST['f']['password'], $db_server, $db_user, $db_password, $db_name);
|
|
if( !isset($message['error']) )
|
|
$message['notice'] = "OnlineApps - cwsvJudo";
|
|
}
|
|
}
|
|
}
|
|
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8" />
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
|
|
|
<!-- Materialize: Compiled and minified CSS -->
|
|
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">
|
|
<!-- Materialize: Compiled and minified JavaScript -->
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/js/materialize.min.js"></script>
|
|
|
|
<title>Login des Achievementsystemes der Judoka des Chemnitzer WSV</title>
|
|
<meta name="description" content="Loginseite der Online-Apps der Judoka des CWSV">
|
|
</head>
|
|
<body class="container">
|
|
<h1>Loginseite der Online-Apps der Judoka des CWSV</h1>
|
|
<?php echo(htmlRetMessage($message));?>
|
|
<form action="./login.php" method="post">
|
|
<fieldset>
|
|
<legend>Benutzerdaten</legend>
|
|
<div>
|
|
<label for="username">Benutzername</label>
|
|
<input id="username"type="text" name="f[username]" <?php echo isset($_POST['f']['username']) ? ' value="' . htmlspecialchars($_POST['f']['username']) . '"' : '' ?> />
|
|
</div>
|
|
<div>
|
|
<label for="password">Kennnwort</label>
|
|
<input id="password" type="password" name="f[password]" />
|
|
</div>
|
|
</fieldset>
|
|
<fieldset>
|
|
<div>
|
|
<button type="submit" name="submit" value="Anmelden">Anmelden</button>
|
|
</div>
|
|
</fieldset>
|
|
<fieldset class="notice"><legend>Hinweise</legend>
|
|
<ul style="padding-left: inherit;">
|
|
<li style="list-style-type: circle;" >Logindaten sind über den Übungsleiter zu beantragen.</li>
|
|
<li style="list-style-type: circle;" >Dieses Projekt ist in mehr oder weniger aktiven Entwicklung. Sollte mal was nicht funktionieren, kann es sein, dass ich gerade daran herumschreibe. Also ruhig zu einem späteren Zeitpunkt noch einmal probieren.</li>
|
|
</ul>
|
|
</fieldset>
|
|
</form>
|
|
</body>
|
|
</html>
|