Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- if (isset($_POST['username'],$_POST['password']))
- {
- if($_POST['username'] == "") {UCP_Framework::getTPL()->assign("error", "Du hast keinen Namen eingegeben."); return false;}
- else if($_POST['password'] == "") {UCP_Framework::getTPL()->assign("error", "Du hast kein Passwort eingegeben."); return false;}
- $username = UCP_Framework::getDB()->escapeString($_POST['username']);
- $password = UCP_Framework::getDB()->escapeString($_POST['password']);
- $config = UCP_Framework::getConfig();
- $mysqli = new mysqli($config->server, $config->benutzer, $config->passwort, $config->datenbank);
- if ($stmt = $mysqli->prepare("SELECT id, username, password, frak FROM ". $config->usertable ." WHERE ". $config->userName ." = ? LIMIT 1"))
- {
- $stmt->bind_param('s', $username);
- $stmt->execute();
- $stmt->store_result();
- $stmt->bind_result($user_id, $dbusername, $db_password, $frak);
- $stmt->fetch();
- $pw = md5($password);
- if ($stmt->num_rows == 1) {
- if ($db_password == $pw) { //Passwort stimmt ?
- $user_browser = $_SERVER['HTTP_USER_AGENT'];
- $user_id = preg_replace("/[^0-9]+/", "", $user_id);
- $_SESSION['user_id'] = $user_id;
- $username = preg_replace("/[^a-zA-Z0-9_\-]+/","", $username);
- $frak = preg_replace("/[^0-9]+/", "", $frak);
- $_SESSION['frak'] = $frak;
- $_SESSION['username'] = $username;
- $_SESSION['login_string'] = hash('sha512', $pw . $user_browser);
- header('Location: index.php?page=Login');
- return true;
- } else { UCP_Framework::getTPL()->assign("error", "Das Passwort war nicht korrekt."); }
- } else { UCP_Framework::getTPL()->assign("error", "Dieser Account existiert nicht."); }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement