Code:
// User Login/Logout überprüfen und Daten, Rechte abrufen
$user_module = null;
if ((int)$_GET['logout'] == "1")
{
$safe = mysql_query("DELETE FROM __safe WHERE cid='".$_COOKIE[md5('fb_cid')]."' OR sid='".$_SESSION['fb_sid']."' LIMIT 1");
$safe = mysql_query("SELECT id FROM __safe WHERE cid='".$_COOKIE[md5('fb_cid')]."' OR sid='".$_SESSION['fb_sid']."' LIMIT 1");
$sql = mysql_query("UPDATE __user SET _safe='' WHERE _safe='".$sql['id']."' LIMIT 1");
unset($_COOKIE[md5('fb_cid')]);
unset($_SESSION['fb_sid']);
session_destroy();
if ($sql && $safe)
$user_module = 'Erfolgreich ausgeloggt';
}
if (isset($_COOKIE[md5('fb_cid')]) || isset($_SESSION['fb_cid']))
{
$cid = $_COOKIE[md5('fb_cid')];
$sid = $_SESSION['fb_sid'];
$safe = mysql_query("SELECT id FROM __safe WHERE cid='".$cid."' OR sid='".$sid."'");
$sql_safe = mysql_fetch_assoc($safe);
$log = mysql_query("SELECT id, name, pw, _safe FROM __user WHERE _safe = '".$sql_safe['id']."' LIMIT 1");
$user = mysql_fetch_assoc($log);
$rows = mysql_num_rows($log);
if ($log && $user && $rows) $logged = true;
} else if ($_POST['user'] != "" && $_POST['pw'] != "")
{
$name = mysql_real_escape_string($_POST['user']);
$pw = sha1($name.':'.md5($_POST['pw']));
$log = mysql_query("SELECT id, name, pw, _safe FROM __user WHERE name = '".$name."' AND pw = '".$pw."' LIMIT 1");
$user = mysql_fetch_assoc($log);
$rows = mysql_num_rows($log);
if ($log && $user && $rows) $logged = true;
}
if ( $logged == true && !isset($_GET['logout']))
{
$cid = null;
for ($x = 0; $x < 15; $x++)
{
$cid .= rand(0,25);
if ($x == 8)
$sid = md5($rnd);
}
$cid = md5($rnd);
$time = mysql_query("UPDATE __user SET time='".time()."' WHERE id='".$user['id']."'");
$_SESSION['fb_sid'] = $sid;
$sid = mysql_query("UPDATE __safe SET sid='".$sid."' WHERE id='".$user['_safe']."'");
if ((int)$_POST['remind'] == 1)
{
setcookie(md5("cid"),$rnd,time()+(3600*24*7));
$cid = mysql_query("UPDATE __safe SET cid='".$rnd."' WHERE id='".$user['_safe']."'");
}
$recht = mysql_fetch_assoc(mysql_query("SELECT * FROM __recht WHERE id='".$user['rid']."'"));
if (isset($_POST['user']) && isset($_POST['pw']))
$user_module = 'Erfolgreich eingeloggt';
$user_module .= "Hallo ".$user['name'];
if ($recht['view_admincenter'] == "1")
$user_module .= '<ul id="nav"><li><a href="?p=admin">Admin-Bereich</a></li></ul>';
}
else
{
$user_module .=
'<form action="#" method="post" id="login">
<input type="text" name="user" id="user" value="Name" onfocus="if (this.value == \'Name\') { this.value = \'\'; this.style.fontStyle = \'normal\'; }" onblur="if (this.value == \'\') { this.value=\'Name\'; this.style.fontStyle = \'italic\'; }" />
<input type="text" name="pw" id="pw" value="Pass" onfocus="if (this.value == \'Pass\' && this.type == \'text\') { this.value = \'\'; this.type = \'password\'; this.style.fontStyle = \'normal\'; }" onblur="if (this.value == \'\' && this.type == \'password\') { this.value = \'Pass\'; this.type = \'text\'; this.style.fontStyle = \'italic\'; }" />
<input type="submit" id="submit" value="" />
<p>
Angemeldet bleiben?
<input type="checkbox" name="remind" id="remind" value="1" />
</p>
</form>';
}