Follow along with the video below to see how to install our site as a web app on your home screen.
Anmerkung: This feature may not be available in some browsers.
Asterixus schrieb:Als ich dann PHP auf PHP5 geupdatet habe (vor zwei Monaten), waren diese aus und SQL-Injections waren an der Tagesordnung.
<?php
session_start();
ERROR_REPORTING(E_ALL);
if(isset($_POST['login']) == true){
$user_name = $_POST['user_name'];
$user_pass = md5($_POST['user_pass']);
session_register('status');
session_register('user_name');
session_register('group');
session_register('id');
session_register('error_message');
//Datebankverbindung herstellen
$dbconnect = mysql_connect($server, $user, $passwort) or die(mysql_errno() .":". mysql_error());
$dbselect = mysql_select_db($datenbank) or die(mysql_errno() .":". mysql_error());
$sql = "SELECT id,user_name, user_pass, user_group, user_logins FROM team_user WHERE user_name ='".mysql_escape_string($user_name)."'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_object($result);
if($user_name !== $row->user_name AND $user_pass !== $row->user_pass){
$status = 0;
$group = "0";
echo "<center><font color=\"red\"><b>Es ist ein Fehler aufgetreten:</b></font><br />Der Username oder das Passwort ist leer oder unbekannt!</center>";
}elseif($user_name === $row->user_name && $user_pass === $row->user_pass){
$sql_1 = "SELECT * FROM team_online";
$result_1 = mysql_query($sql_1) or die(mysql_error());
$row_1 = mysql_fetch_object($result_1);
//if($row_1->id == $_SESSION["id"]){
// header("Location:index.php?action=error");
// $error_message = "<center><b>Fehler, Sie sind schon eingeloggt, wenden Sie sich an den Administrator!</b></center>";
//}else{
$id = $row->id;
$status = "1";
$group = $row->user_group;
$sql = "INSERT INTO team_online (user_id, user_name) VALUES ('".$id."', '".$user_name."')";
$result = mysql_query($sql);
if($result == true){
$row->user_logins = $row->user_logins + "1";
$sql_2 = "UPDATE team_user SET user_logins = '".$row->user_logins."' WHERE user_name = '".mysql_escape_string($user_name)."'";
$result_2 = mysql_query($sql_2) or die(mysql_error());
}
//Leitet weiter in den Adminbereich, wenn die UserGruppe stimmt
if ($_SESSION['group'] !== "1"){
header("Location:index.php?action=admin");
}else{
header("Location:index.php");
}
}
}
?>
<link href="../styles.css" rel="stylesheet" type="text/css" />
<div class="headline">Login</div>
<div class="content">
<center>
<form action="?action=login" method="post">
<table summary="" border="0">
<tr>
<td align="left">Benutzername:</td>
<td width="5px"></td>
<td align="left">
<input type="text" name="user_name" value="Username"
onblur="if(this.value == '') this.value = 'Username';"
onfocus="if(this.value == 'Username') this.value = '';">
</td>
</tr>
<tr>
<td align="left">Passwort:</td>
<td width="5px"></td>
<td align="left">
<input type="password" name="user_pass" value="password"
onblur="if(this.value == '') this.value = 'Passwort';"
onfocus="if(this.value == 'Passwort') this.value = '';" />
</td>
</tr>
<tr>
<td colspan="3" align="center">
<input type="submit" class="button" name="login" value="Login">
</td>
</tr>
</table>
</form>
</center>
<div class="info_box" align="center">
<img src="images/info.gif" alt="Info" height="20px">
<b><font color="red" size="+1">Achtung</font></b>
Bitte beachten Sie die Groß- und Kleinschreibweise!
</div>
<?php
echo $_SESSION["status"]."-".$_SESSION['user_name']."-".$_SESSION['group']."-".$_SESSION['id'];
?>