<?phpif($_POST['action']=='login') { public function login($username, $

1. <?php
2. if($_POST['action']=='login') {
3.  
4.     public function login($username, $password, $hash = true, $post = false) {
5.         if (!$hash) {
6.             $password = $this->hash($password);
7.         }
8.         $this->services->prepare("SELECT *
9.                                FROM anope_ns_core
10.                                WHERE display = :username
11.                                LIMIT 1")
12.                 ->bindValue('username', $username)
13.                 ->execute();
14.         if ($this->services->num_rows() == 1 && $user = $this->services->fetch_assoc()) {
15.             if (substr(bin2hex($user['pass']), 0, 40) === $password) {
16.                 $user['password'] = substr(bin2hex($user['pass']), 0, 40);
17.                 $this->_loggedIn = true;
18.                 foreach ($user as $key => $value) {
19.                     $this->_information[$key] = $value;
20.                     $_SESSION['user'][$key] = $value;
21.                 }
22.                 setcookie('FServices', $user['display'] . '|' . hash('sha512', $user['display'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 2592000, '/', '', '', 1);
23.                 return true;
24.             } else {
25.                 return false;
26.             }
27.         }
28.         return false;
29.     }
30. }
31.    
32. ?>
33.  
34. <?php
35. // Session starten
36. session_start ();
37.  
38. if($_POST['action']=='login')
39. {
40.     // Datenbankverbindung aufbauen
41.     $connectionid = mysql_connect ('localhost', '', '');
42.     if (!mysql_select_db ('anope', $connectionid))
43.         die ('Database not available');
44.        
45.     $sql = "SELECT * FROM anope_ns_core WHERE display = '".$_POST['user']."' LIMIT 1";
46.     if (mysql_num_rows($result) == 1 && $result = mysql_query ($sql))
47.     {
48.         if (substr(bin2hex($result['pass']), 0, 40) === md5($_POST['pass'])) {
49.       // Benutzerdaten in ein Array auslesen.
50.       $data = mysql_fetch_array ($result);
51.    
52.       // Sessionvariablen erstellen und registrieren
53.       $_SESSION["user_id"] = $data["nc_id"];
54.       $_SESSION["user_email"] = $data["email"];
55.       // $_SESSION["user_nachname"] = $data["Nachname"];
56.       // $_SESSION["user_vorname"] = $data["Vorname"];
57.         $_SESSION["login"] = true;
58.         header("Location: intern.php");
59.         }
60.         else
61.         {
62.             die('invalid login');
63.         }
64.     }
65.     else
66.     {
67.         ?>
68.         <html>
69. <head>
70.   <title>Login</title>
71. </head>
72.  
73. <body>
74.  <h2 color="red">Error: Username or Password wrong!</h2>
75. <form action="login.php" method="post">
76.   Username: <input type="text" name="user" size="20" /><br />
77.   Password: <input type="password" name="pass" size="20" /><br />
78.   <input type="hidden" name="action" value="login" />
79.   <input type="submit" value="Login" />
80. </form>
81. </body>
82. </html>
83. <?
84.  
85.     }
86. }
87. else
88. {
89.     ?>
90.     <html>
91. <head>
92.   <title>Login</title>
93. </head>
94.  
95. <body>
96.  
97. <form action="login.php" method="post">
98.   Username: <input type="text" name="user" size="20" /><br />
99.   Password: <input type="password" name="pass" size="20" /><br />
100.   <input type="hidden" name="action" value="login" />
101.   <input type="submit" value="Login" />
102. </form>
103. </body>
104. </html>
105. <?    
106. }
107. ?>