steven/jb-data.de
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
jb-data.de/index.php
steven 72a26edcff init
2025-08-11 22:23:30 +02:00

274 lines
9.6 KiB
PHP
Raw Permalink Blame History

<?php
// neu 2022
error_reporting(E_ALL); ini_set('display_errors','0');
// echo'<pre>'; print_r($check_ip); echo'</pre>';
require('lib/config.php');
session_name(CONFIG_SESSION);
session_start();
//setlocale(LC_TIME, 'de_DE', 'deu_deu');
//setlocale(LC_TIME, 'de_DE', 'deu_deu');
$realtime=time(); // zeit fuer fuss
$userip=$_SERVER['REMOTE_ADDR'];// ip fuer fuss
date_default_timezone_set('Europe/Berlin'); // Default Time Zone
//date_default_timezone_set('UTC');
define('SITE_ACCESS',true);
// vars
$loginerror='';
if(!isset($_SESSION['login'])) { $_SESSION['login']=0; }
/*
$_SESSION['login']= 1 = Paasswort sms Login Falsch
2 = Handynummer gesperrt
3 = Handynummer nicht freigeschaltet
4 = Handynummer Okay nun Passwort eingeben
5 = Handynummer nicht im System gefunden
6 = Blitzlogin falsch
7 = 2. SMS von FT1
8 = 2. SMS von FT2
9 = 2. SMS von FT1 und FT2
*/
// Mysql
require('lib/mysql.class.php');
$GLOBALS['mysql'] = new mysql(CONFIG_MYSQL_HOST,CONFIG_MYSQL_USER,CONFIG_MYSQL_PW,CONFIG_MYSQL_DB);
mysqli_set_charset($mysql, 'utf8');
$GLOBALS['mysql']->sql("SET NAMES 'utf8'");
// SMS-System
include('lib/class.mysms.php');
include('lib/core.class.php');
require('lib/cms.class.php');
require('lib/sms.class.php');
$GLOBALS['sms'] = new sms;
$GLOBALS['cms'] = new cms;
$GLOBALS['core'] = new core;
// --- Logout
if(isset($_POST['logout']) OR isset($_GET['logout'])) {
session_destroy();
$_SESSION['login']=0;
header('Location: https://www.jb-data.de'); exit();
require('login.php');
exit();
}
// --- IP für Blitzlogin abrufen
$check_ip = $GLOBALS['mysql']->query_single("SELECT * FROM ipcheck WHERE ip4 = '".$_SERVER['REMOTE_ADDR']."'"); $iptest=0;
if($check_ip['num_rows']>0) {
$iptest=$check_ip['num_rows']; $ipname=$check_ip['name'];
}
// --- Blitz-login
if(isset($_POST['login_pass'])) {
$check_nutzer = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE login_pass='".$_POST['login_pass']."'");
if($check_nutzer['num_rows']>0) {
$_SESSION['benutzer']=$check_nutzer['id'];
$_SESSION['login']=99;
$_SESSION['uid']=$check_nutzer['id'];
} else {
$_SESSION['login']=6; // fehler code fehlt noch
echo "blitz PW falsch ";
require('login.php');
exit();
}
}
// --- eingebene Handynummer prüfen
if(isset($_POST['handynummer']) && $_SESSION['login']==0) {
//Rufnummer formatieren. nochmal prüfen mit der null
$temp=$_POST['handynummer'];
if($_POST['handynummer'][0]==0) { $temp = substr($temp, 1,strlen($temp)); }
$temp ="+49".$temp;
$sms_nummer[0] = $temp;
$check_nutzer = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE nummer = '".$temp."'");
if($check_nutzer['num_rows'] >0) {
$_SESSION['uid']=$check_nutzer['id'];
if($check_nutzer['logintyp'] ==99) { $_SESSION['login']=2; require('login.php'); exit(); } // gesperrt
if($check_nutzer['logintyp'] == 0) { $_SESSION['login']=2; require('login.php'); exit(); } // nicht freigeschaltet
//PIN generieren
$smscode=mt_rand(10000, 99999); $GLOBALS['mysql']->insert("UPDATE benutzer SET session_pass='".$smscode."' WHERE id='".$check_nutzer['id']."'");
//SMS-Versand
$smsdata = $GLOBALS['mysql']->query_single("SELECT * FROM gateway WHERE id=1");
$_SESSION['benutzer']=$check_nutzer['id'];
$_SESSION['username']="EDV-System";
$_SESSION['sms_sender']=$check_nutzer['name'];
$_SESSION['api_key']=$smsdata['api-key'];
$_SESSION['password']=$smsdata['password'];
$_SESSION['msisdn']=$smsdata['nummer'];
$_SESSION['sender_id']=$smsdata['id'];
$MessageText = "Dein SMS-Code für JB-Data.de lautet: $smscode";
$GLOBALS['sms']->sendsms($MessageText,$sms_nummer);
$_SESSION['login']=4;
require('login.php');
exit();
} else {
$_SESSION['login']=5; require('login.php'); exit();
require('login.php');
exit();
}
}
// --- eingegebenes SMS-Passwort prüfen
if(isset($_POST['pin'])) {
$check_nutzer = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE id = '".$_SESSION['uid']."'");
if($_POST['pin']==$check_nutzer['session_pass']) {
$_SESSION['login']=99;
header('Location: https://www.jb-data.de'); exit();
} else {
$_SESSION['login']=1;
require('login.php');
exit();
}
}
// --- 2. SMS
if (isset($_GET['replay_sms1']) OR isset($_GET['replay_sms2'])) {
if($_SESSION['login']==9) { require('login.php'); exit(); }
if($_SESSION['login']==8 && isset($_GET['replay_sms1'])) { require('login.php'); exit(); }
if($_SESSION['login']==7 && isset($_GET['replay_sms2'])) { require('login.php'); exit(); }
$check_nutzer = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE id = '".$_SESSION['uid']."'");
if($check_nutzer['num_rows']>0) {
$MessageText = "Dein SMS-Code für JT-Data.de lautet: ".$check_nutzer['session_pass'];
$sms_nummer[0] = $check_nutzer['nummer'];
$_SESSION['uid']=$check_nutzer['id'];
//SMS-Versand
if (isset($_GET['replay_sms1'])) { $smsdata = $GLOBALS['mysql']->query_single("SELECT * FROM gateway WHERE id=2"); }
$_SESSION['username']="EDV-System";
$_SESSION['sms_sender']=$check_nutzer['name'];
$_SESSION['api_key']=$smsdata['api-key'];
$_SESSION['password']=$smsdata['password'];
$_SESSION['msisdn']=$smsdata['nummer'];
$_SESSION['sender_id']=$smsdata['id'];
$GLOBALS['sms']->sendsms($MessageText,$sms_nummer);
} else { // fehler - Session zurücksetzten
session_destroy();
$_SESSION['login']=0;
require('login.php');
exit();
}
if (isset($_GET['replay_sms1'])) {
if($_SESSION['login']==4) { $_SESSION['login']=8; }
if($_SESSION['login']==7) { $_SESSION['login']=9; }
}
require('login.php');
exit();
}
// ---
if ($_SESSION['login']==99) {
$check_nutzer = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE id = '".$_SESSION['benutzer']."'");
$GLOBALS['mysql']->insert("UPDATE benutzer SET session_update='".time()."', session_start='".time()."', session_id='".session_id()."' WHERE id='".$_SESSION['benutzer']."'");
$_SESSION['logtyp']=$check_nutzer['logintyp'];
$_SESSION['login']=time();
$_SESSION['benutzer']=$check_nutzer['id'];
$_SESSION['username']=$check_nutzer['name'];
$_SESSION['sms_sender']=$check_nutzer['name'];
$_SESSION['sender_id']=1;
$_SESSION['logtyp']=$check_nutzer['logintyp'];
$_SESSION['gateway']=1;
}
//----------------------------------------------------------------------------------------------
if ($_SESSION['login']>99) {
$session_time = time()-3600;
$check_session = $GLOBALS['mysql']->query_single("SELECT * FROM benutzer WHERE session_id = '".session_id()."' AND session_update > '".$session_time."'");
if($check_session['num_rows'] > 0) {
if(!isset($_SESSION['arrayload'])){
$GLOBALS['arrayload']=1;
$GLOBALS['a_touren'] = $GLOBALS['mysql']->query_array("SELECT * FROM touren ORDER BY id");
$GLOBALS['a_fahrzg'] = $GLOBALS['mysql']->query_array("SELECT * FROM fahrzeuge ORDER BY id");
$GLOBALS['a_fahrer'] = $GLOBALS['mysql']->query_array("SELECT * FROM mitarbeiter ORDER BY id");
$GLOBALS['a_planbz'] = $GLOBALS['mysql']->query_array("SELECT * FROM planer_bez ORDER BY id");
$GLOBALS['a_planbf'] = $GLOBALS['mysql']->query_array("SELECT * FROM fplaner_bez ORDER BY id");
//----------------------------------------------------------------------------------------------
//neu als Session als ID sort.
$_SESSION['ma_aktiv'] = $GLOBALS['mysql']->query_id("SELECT * FROM mitarbeiter WHERE aktiv!=0 ORDER BY id");
$_SESSION['ma_all'] = $GLOBALS['mysql']->query_id("SELECT * FROM mitarbeiter ORDER BY id");
$_SESSION['pbz'] = $GLOBALS['mysql']->query_id("SELECT * FROM planer_bez ORDER BY id");
$_SESSION['car'] = $GLOBALS['mysql']->query_id("SELECT * FROM fahrzeuge ORDER BY id");
$_SESSION['fbz'] = $GLOBALS['mysql']->query_id("SELECT * FROM fplaner_bez ORDER BY id");
$_SESSION['tour'] = $GLOBALS['mysql']->query_id("SELECT * FROM touren ORDER BY id");
//----------------------------------------------------------------------------------------------
}
$GLOBALS['mysql']->insert("UPDATE benutzer SET session_update='".time()."' WHERE id='".$check_session['id']."'");
} else {
$GLOBALS['mysql']->insert("UPDATE benutzer SET session_pass=' ' WHERE id='".$check_session['id']."'");
session_destroy(); $_SESSION['login']=0;
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httpsonly"]
);
}
require('login.php');
exit();
}
//------------------------------------------------------------
require 'lib/Smarty.class.php';
$template = new Smarty();
$template->setTemplateDir('template/');
$template->setConfigDir('config/');
$template->setCompileDir('compile/');
$template->setCacheDir('cache/');
//------------------------------------------------------------
if(isset($_GET['s']) AND file_exists('scripts/'.$_GET['s'].'.php')){
require('scripts/'.$_GET['s'].'.php');
} else {
$_GET['s']='home';
require('scripts/ue_home2024.php');
}
//------------------------------------------------------------
$template->assign('m1',$_SESSION['m1']);
$template->assign('m2', $_SESSION['m2']);
$template->assign('username', $_SESSION['username']);
$template->assign('kuerzel', $check_session['kuerzel']);
$template->display('index91.tpl');
// --- Start Login
} else {
$_SESSION['login']=0;
$error=0; $status=0;
require('login.php');
exit();
}
//------------------------------------------------------------
// $smarty->testInstall();
// require ("lib/fuss.tpl");
//----------------------------------------------------------------------------------------------
if($_SESSION['login']==0) {
require('login.php');
exit();
}
?>
Reference in a new issue View git blame Copy permalink