So da alles was ich versucht habe nicht funzt hier mal meine alg.php
<?php
# Copyright by Manuel
# Support www.ilch.de
defined ('main') or die ( 'no direct access' );
##
###
####
##### W E I T E R L E I T U N G S F U N K T I O N
function wd ($wdLINK,$wdTEXT,$wdZEIT=3) {
global $lang;
if (!is_array($wdLINK)) {
$urls = '<a href="'.$wdLINK.'">'.$lang['forward2'].'</a>';
$wdURL = $wdLINK;
} else {
$urls = '';
$i = 0;
foreach($wdLINK as $k => $v) {
if ( $i == 0 ) {
$wdURL = $v;
}
$urls .= '<a href="'.$v.'">'.$k.'</a><br />';
$i++;
}
}
$tpl = new tpl ( 'weiterleitung.htm' );
$ar = array
(
'LINK' => $urls,
'URL' => $wdURL,
'ZEIT' => $wdZEIT,
'TEXT' => $wdTEXT
);
$tpl->set_ar_out ( $ar, 0 );
unset($tpl);
}
##
###
####
##### g e t R e c h t
function getrecht ($RECHT, $USERRECHT) {
if ( empty ( $USERRECHT ) ) {
return (false);
} else {
if($USERRECHT <= $RECHT) {
return (true);
} else {
return (false);
}
}
}
##
###
####
##### g e t U s e r N a m e
function get_n($uid) {
$row = db_fetch_object(db_query("SELECT name FROM prefix_user WHERE id = '".$uid."'"));
return $row->name;
}
##
###
####
##### wochentage sonntag 0 samstag 6
function wtage ($tag) {
$wtage = array('Sonntag','Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag');
return ($wtage[$tag]);
}
##
###
####
##### monate in deutsch
function getDmon ($mon) {
$monate = array('Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember');
return($monate[$mon-1]);
}
##
###
####
##### a l l g e m e i n e s A r r a y
function getAllgAr () {
# v1 = schluessel
# v2 = wert
# v3 = feldtyp
# v4 = kurze beschreibung wenn n�tig
$ar = array();
$abf = "SELECT schl, wert FROM `prefix_config`";
$erg = db_query($abf);
while($row = db_fetch_assoc($erg) ) {
$ar[$row['schl']] = $row['wert'];
}
return $ar;
}
##
###
####
##### UserRang ermitteln
function userrang ($post,$uid) {
global $global_user_rang_array;
if (!isset($global_user_rang_array[$uid])) {
if (!isset($global_user_rang_array)) {
$global_user_rang_array = array();
}
if ( empty($uid) ) {
$rRang = 'Gast';
} else {
$rRang = @db_result(db_query("SELECT bez FROM prefix_user LEFT JOIN prefix_ranks ON prefix_ranks.id = prefix_user.spezrank WHERE prefix_user.id = ".$uid),0);
}
if ( empty($rRang) ) {
$post = ( $post == 0 ? 1 : $post );
$rRang = @db_result(db_query("SELECT bez FROM `prefix_ranks` WHERE spez = 0 AND min <= ".$post." ORDER BY min DESC LIMIT 1"),0);
} elseif ( $rRang != 'Gast' ) {
$rRang = '<i><b>'.$rRang.'</b></i>';
}
$global_user_rang_array[$uid] = $rRang;
}
return ($global_user_rang_array[$uid]);
}
##
###
####
##### makiert suchwoerter
function markword($text,$such) {
$erg = '<span style="background-color: #EBF09B;">';
$erg .= $such."</span>";
$text = str_replace($such,$erg,$text);
return $text;
}
##
###
####
##### gibt die smiley lilste zurueck
function getsmilies () {
global $lang;
$zeilen = 3; $i = 0;
$b = '<script language="JavaScript" type="text/javascript">function moreSmilies () { var x = window.open("about:blank", "moreSmilies", "width=250,height=200,status=no,scrollbars=yes,resizable=yes"); ';
$a = '';
$erg = db_query('SELECT emo, ent, url FROM `prefix_smilies`');
while ($row = db_fetch_object($erg) ) {
$b .= 'x.document.write ("<a href=\"javascript:opener.put(\''.addslashes(addslashes($row->ent)).'\')\">");';
$b .= 'x.document.write ("<img style=\"border: 0px; padding: 5px;\" src=\"include/images/smiles/'.$row->url.'\" title=\"'.$row->emo.'\"></a>");';
if ($i<12) {
# float einbauen
if($i%$zeilen == 0 AND $i <> 0) { $a .= '<br /><br />'; }
$a .= '<a href="javascript:put(\''.addslashes($row->ent).'\')">';
$a .= '<img style="margin: 2px;" src="include/images/smiles/'.$row->url.'" border="0" title="'.$row->emo.'"></a>';
}
$i++;
}
$b .= ' x.document.write("<br /><br /><center><a href=\"javascript:window.close();\">'.$lang['close'].'</a></center>"); x.document.close(); }</script>';
if ($i>12) { $a .= '<br /><br /><center><a href="javascript:moreSmilies();">'.$lang['more'].'</a></center>'; }
$a = $b.$a;
return ($a);
}
##
###
####
##### generey key with x length
function genkey ( $anz ) {
$letterArray = array ('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','1','2','3','4','5','6','7','8','9','0','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9','0');
$key = '';
for ($i=0;$i < $anz ; $i ++)
{
mt_srand((double)microtime()*1000000);
$zufallZahl = mt_rand(0,62);
$key .= $letterArray[$zufallZahl];
}
return ( $key );
}
function icmail ($mail, $bet, $txt, $from = '', $html = false) {
global $allgAr;
include_once('include/includes/class/phpmailer/class.phpmailer.php');
$mailer = new PHPMailer();
if (empty($from)) {
$mailer->From = $allgAr['adminMail'];
$mailer->FromName = $allgAr['allg_default_subject'];
} elseif ( preg_match('%(.*) <([\w\.-]*@[\w\.-]*)>%i', $from, $tmp) ) {
$mailer->From = trim($tmp[2]);
$mailer->FromName = trim($tmp[1]);
} elseif (preg_match('%([\w\.-]*@[\w\.-]*)%i', $from, $tmp)) {
$mailer->From = trim($tmp[1]);
$mailer->FromName = '';
}
if ($allgAr['mail_smtp']) { //SMTP Versand
$smtpser = @db_result(db_query('SELECT `t1` FROM `prefix_allg` WHERE `k` = "smtpconf"'));
if (empty($smtpser)) {
echo '<span style="font-size: 2em; color: red;">Mailversand muss konfiguriert werden!</span><br />';
} else {
$smtp = unserialize($smtpser);
$mailer->IsSMTP();
$mailer->Host = $smtp['smtp_host'];
$mailer->SMTPAuth = ($smtp['smtp_auth'] == 'no' ? false : true);
if ($smtp['smtp_auth'] == 'ssl' or $smtp['smtp_auth'] == 'tls') {
$mailer->SMTPSecure = $smtp['smtp_auth'];
}
if (!empty($smtp['smtp_port'])) {
$mailer->Port = $smtp['smtp_port'];
}
$mailer->AddReplyTo($mailer->From, $mailer->FromName);
if ($smtp['smtp_changesubject'] and $mailer->From != $smtp['smtp_email']) {
$bet = '(For ' .$mailer->FromName . ' - '. $mailer->From .') '. $bet;
$mailer->From = $smtp['smtp_email'];
}
$mailer->Username = $smtp['smtp_login'];
require_once('include/includes/class/AzDGCrypt.class.inc.php');
$cr64 = new AzDGCrypt(DBDATE.DBUSER.DBPREF);
$mailer->Password = $cr64->decrypt($smtp['smtp_pass']);
if ($smtp['smtp_pop3beforesmtp'] == 1) {
include_once('include/includes/class/phpmailer/class.pop3.php');
$pop = new POP3();
$pop3port = !empty($smpt['smtp_pop3port']) ? $smpt['smtp_pop3port'] : 110;
$pop->Authorise($smpt['smtp_pop3host'], $pop3port, 5, $mailer->Username, $mailer->Password, 1);
}
}
//$mailer->SMTPDebug = true;
}
if (is_array($mail)) {
if ($mail[0] != 'bcc') {
array_shift($mail);
foreach ($mail as $m){
$mailer->AddBCC(escape_for_email($m));
}
$mailer->AddAddress($mailer->From);
} else {
foreach ($mail as $m){
$mailer->AddAddress(escape_for_email($m));
}
}
} else {
$mailer->AddAddress(escape_for_email($mail));
}
$mailer->Subject = escape_for_email($bet, true);
$txt = str_replace("\r", "\n", str_replace("\r\n", "\n", $txt));
if ($html) {
$mailer->IsHTML(true);
$mailer->AltBody = strip_tags($txt);
}
$mailer->Body = $txt;
if ($mailer->Send()) {
return true;
} else {
if (is_coadmin()) {
echo "<h2 style=\"color:red;\">Mailer Error: " . $mailer->ErrorInfo . '</h2>';
}
return false;
}
}
function html_enc_substr($text, $start, $length) {
if (version_compare(PHP_VERSION, '5.3.4') !== -1) {
$trans_tbl = get_html_translation_table(HTML_ENTITIES, ILCH_ENTITIES_FLAGS, ILCH_CHARSET);
} else {
$trans_tbl = get_html_translation_table(HTML_ENTITIES, ILCH_ENTITIES_FLAGS);
}
$trans_tbl = array_flip($trans_tbl);
return(htmlentities(substr(strtr($text, $trans_tbl), $start, $length), ILCH_ENTITIES_FLAGS, ILCH_CHARSET));
}
function get_datum ($d) {
if (strpos($d,'.') !== FALSE) { $d = str_replace('.','-',$d); }
if (strpos($d,'/') !== FALSE) { $d = str_replace('/','-',$d); }
if (is_numeric(substr($d,-4))) {
list($t,$m,$j) = explode('-', $d);
} elseif (is_numeric(substr($d,0,4))) {
list($j,$m,$t) = explode('-', $d);
}
$d = $j.'-'.$m.'-'.$t;
return ($d);
}
/**
* Add "http" to url if no "http/https" given.
*
* @param string $homepage
* @return string
*/
function get_homepage($homepage) {
$homepage = trim($homepage);
if (!empty($homepage)
&& substr($homepage, 0, 7) !== 'http://'
&& substr($homepage, 0, 8) !== 'https://'
) {
$homepage = 'http://'.$homepage;
}
return $homepage;
}
function get_wargameimg ($img) {
if (file_exists('include/images/wargames/'.$img.'.gif')) {
return ('<img src="include/images/wargames/'.$img.'.gif" alt="'.$img.'" border="0">');
} elseif (file_exists('include/images/wargames/'.$img.'.jpg')) {
return ('<img src="include/images/wargames/'.$img.'.jpg" alt="'.$img.'" border="0">');
} elseif (file_exists('include/images/wargames/'.$img.'.jpeg')) {
return ('<img src="include/images/wargames/'.$img.'.jpeg" alt="'.$img.'" border="0">');
} elseif (file_exists('include/images/wargames/'.$img.'.png')) {
return ('<img src="include/images/wargames/'.$img.'.png" alt="'.$img.'" border="0">');
}
return ('');
}
function iurlencode_help ($a) {
if (preg_match("/(http:|https:|ftp:)/", $a[0])) {
return ($a[0]);
}
return (rawurlencode($a[1]).substr($a[0], -1));
}
function iurlencode ($s) {
return (preg_replace_callback("/([^\/]+|\/[^\.])[\.\/]/", 'iurlencode_help', $s));
/*
$x = 'false';
if (preg_match ('/(http:|https:|ftp:)[^:]+:[^@]+@./', $s)) {
$x = preg_replace('/([^:]+:[^@]+@)./',"\\1",$s);
$s = str_replace($x,'',$s);
} elseif (substr($s, 0, 7) == 'http://') {
$s = substr ($s, 7);
$x = 'http://';
} elseif (substr($s, 0, 8) == 'https://') {
$s = substr ($s, 8);
$x = 'https://';
} elseif (substr($s, 0, 6) == 'ftp://') {
$s = substr ($s, 6);
$x = 'ftp://';
}
$a = explode('/', $s);
$r = '';
for ($i=0;$i<count($a);$i++) {
$r .= rawurlencode($a[$i]).'/';
}
if ($x !== 'false') {
$r = $x.$r;
}
$r = substr($r, 0, -1);
return ($r);
*/
}
/**
* Prüft, ob der Antispamcode richtig eingegeben wurde
* Der NoPictureMode fügt ein Hidden Feld ein, um Cross Site Request Forgery Attacken zu unterbinden, der NoPictureMode
* wird automatisch genutzt, wenn kein Bildabfrage statt findet, kann aber auch erzwungen werden
*
* @global array $allgAr
* @param string $m Modulname, um unterschiedliche Antispamfelder auf einer Seite zu ermöglichen
* @param boolean $nopictures NoPictureMode erzwingen
* @return boolean
*/
function chk_antispam($m, $nopictures = false)
{
global $allgAr;
if (!$nopictures && is_numeric($allgAr['antispam']) && has_right($allgAr['antispam'])) {
$nopictures = true;
}
$valid = false;
if ($nopictures && isset($_POST['antispam_id'])) {
$antispamId = $_POST['antispam_id'];
if (isset($_SESSION['antispam'][$antispamId]) && $_SESSION['antispam'][$antispamId]) {
$valid = true;
unset($_SESSION['antispam'][$antispamId]);
}
} elseif (isset($_POST['captcha_code']) && isset($_POST['captcha_id'])) {
require_once 'include/includes/captcha/Captcha.php';
$controller = new Captcha();
$captchaCode = strtoupper($_POST['captcha_code']);
$valid = $controller->isValid($captchaCode, $_POST['captcha_id']);
}
return $valid;
}
/**
* Erzeugt HTML Code für ein Formularfeld, welches für einen Antibot-Schutz dienen oder vor CSFR Attacken schützen soll
* Beschreibung zum NoPictureMode bitte der chk_antispam Funktion entnehmen
*
* @global array $allgAr
* @param string $m Modulname
* @param integer $t Type, der angibt wie das Formularfeld formatiert wird (0, 1 oder > 10 als Breite für das label) siehe Code :P
* @param boolean $nopictures Erzwing NoPictureMode
* @return string
*/
function get_antispam($m, $t, $nopictures = false)
{
global $allgAr, $ILCH_BODYEND_ADDITIONS;
static $addedJavascript = false;
if ($addedJavascript === false) {
$ILCH_BODYEND_ADDITIONS .= '<script type="text/javascript" src="include/includes/js/captcha.js"></script>' . "\n";
$addedJavascript = true;
}
if (!$nopictures && $t < 0 || (is_numeric($allgAr['antispam']) && has_right($allgAr['antispam']))) {
$nopictures = true;
}
$id = uniqid($m . '_', true);
if ($nopictures) {
$_SESSION['antispam'][$id] = true;
return '<input type="hidden" name="antispam_id" value="' . $id . '" />';
}
include 'include/includes/captcha/settings.php';
$helpText = 'Geben Sie diese Zeichen in das direkt daneben stehende Feld ein.';
$seperator = ' ';
if ($t == 0) {
$seperator = '<br />';
$helpText = 'Geben Sie diese Zeichen in das direkt darunter stehende Feld ein.';
}
$img = '<img width="' . $imagewidth . '" height="' . $imageheight . '" src="include/includes/captcha/captchaimg.php?id='
. $id . '&nocache=' . time() . '" alt="captchaimg" title="' . $helpText . '" class="captchaImage">'
. $seperator . '<input class="captcha_code" name="captcha_code" type="text" maxlength="5" size="8" title="Geben Sie die Zeichen aus dem Bild ein">'
. '<input type="hidden" name="captcha_id" value="' . $id . '" />';
;
if ($t == 1) {
$img = '<tr><td class="Cmite"><b>Antispam</b></td><td class="Cnorm">' . $img . '</td></tr>';
} elseif ($t > 10) {
$img = '<label style="float:left; width: ' . $t . 'px; ">Antispam</label>' . $img . '<br/>';
}
return $img;
}
// Funktion scandir für PHP 4
if (version_compare(phpversion(), '5.0.0') == -1) {
function scandir($dir)
{
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) $files[] = $filename;
sort($files);
return $files;
}
}
// Funktion array_fill_keys < PHP 5.2
if (version_compare(phpversion(), '5.2.0') == -1) {
function array_fill_keys($target, $value = '') {
if(is_array($target)) {
foreach($target as $key => $val) {
$filledArray[$val] = is_array($value) ? $value[$key] : $value;
}
}
return $filledArray;
}
}
// Funktion, die die Größe aller Dateien im Ordner zusammenrechnet
function dirsize($dir)
{
if (!is_dir($dir)) {
return -1;
}
$size = 0;
$files = array_slice(scandir($dir), 2);
foreach ($files as $filenr => $file) {
if (is_dir($dir . $file)) {
$size += dirsize($dir . $file . '/');
} else {
$size += @filesize($dir . $file);
}
}
return $size;
}
//Rechnet bytes in KB oder MB um
function nicebytes($bytes){
if ($bytes<1000000) {
return round($bytes/1024,2).' KB';
} else {
return round($bytes/(1024*1024),2).' MB';
}
}
?>
und hier die user php.
<?php
# hier werden alle user spezifischen funktionen
# definert...
function user_identification () {
user_auth();
user_login_check();
user_update_database();
user_check_url_rewrite();
}
function user_auth () {
debug ('user - auth gestartet'. session_id());
$cn = session_und_cookie_name();
if (!user_key_in_db()
OR !isset($_SESSION['authid'])
OR (isset($_SESSION['authsess']) AND $_SESSION['authsess'] != $cn)) {
debug ('user - nicht in db oder nicht authid');
user_set_guest_vars();
user_set_user_online ();
# wenn cn cookie vorhanden
# dann checken ob er sich damit einloggen darf
if (isset($_COOKIE[$cn])) {
user_auto_login_check();
}
# gruppen, und modulzugehoerigkeit setzten
user_set_grps_and_modules();
}
}
function user_check_url_rewrite() {
global $allgAr;
if ( !loggedin() AND $allgAr['show_session_id'] == 0 ) {
# loescht die sessionid von allen urls
# auch urls wie formulare usw. damit
# suchmaschienen bots nicht iritiert sind ;)
# output_reset_rewrite_vars ist eine php funktion
# nicht unnoetig dannach suchen ;) ...
output_reset_rewrite_vars ();
}
}
function user_update_database () {
$dif = date('Y-m-d H:i:s', time() - 7200);
db_query("UPDATE prefix_online SET uptime = now() WHERE sid = '".session_id()."'");
db_query("DELETE FROM prefix_online WHERE uptime < '". $dif."'");
if ( loggedin() ) {
db_query("UPDATE prefix_user SET llogin = '".time()."' WHERE id = '".$_SESSION['authid']."'");
}
}
function user_set_user_online () {
global $allgAr;
if (0 == db_result(db_query("SELECT COUNT(*) FROM prefix_online WHERE sid = '".session_id()."'"),0) ) {
db_query("INSERT INTO prefix_online (sid,uptime,ipa) VALUES ('".session_id()."',now(),'".getip()."')");
}
$_SESSION['authgfx'] = $allgAr['gfx'];
}
function user_key_in_db() {
if ( 1 == db_result(db_query("SELECT COUNT(*) FROM prefix_online WHERE sid = '".session_id()."'"),0) ) {
return ( true );
} else {
return ( false );
}
}
function session_und_cookie_name () {
return (md5(dirname($_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"]).DBPREF));
}
function user_pw_crypt($plainPassword) {
if (version_compare(PHP_VERSION, '5.0') !== -1) {
$pwCrypt = new PwCrypt();
return $pwCrypt->cryptPasswd($plainPassword);
}
return md5($plainPassword);
}
function user_pw_check($plainPassword, &$passwordHash, $userId = false) {
if (version_compare(PHP_VERSION, '5.0') !== -1) {
$pwCrypt = new PwCrypt();
$correct = $pwCrypt->checkPasswd($plainPassword, $passwordHash);
if ($correct && $userId !== false && $pwCrypt->checkHashStrength($passwordHash)) {
$passwordHash = $pwCrypt->cryptPasswd($plainPassword);
if ($passwordHash) {
db_query('UPDATE `prefix_user` SET `pass` = "' . $passwordHash . '" WHERE `id` = ' . $userId);
}
}
return $correct;
}
return md5($plainPassword) === $passwordHash;
}
function user_set_cookie($id, $cryptedPassword) {
$cookieString = $id . '=' . md5(DBUSER . $cryptedPassword);
setcookie($_SESSION['authsess'], $cookieString , strtotime('+1 year'), '/' );
}
function user_cookie_check($cookieHash, $cryptedPassword) {
return md5(DBUSER . $cryptedPassword) == $cookieHash;
}
function user_login_check () {
if ( isset ($_POST['user_login_sub']) AND isset ($_POST['name']) AND isset ($_POST['pass']) ) {
debug ('posts vorhanden');
$name = escape_nickname($_POST['name']);
if ($name != $_POST['name'] OR strlen($_POST['name']) > 15) {
return false;
}
$erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE name = BINARY '".$name."'");
if ( db_num_rows($erg) == 1 ) {
debug ('user gefunden');
$row = db_fetch_assoc($erg);
if (user_pw_check($_POST['pass'], $row['pass'], $row['id']) ) {
debug ('passwort stimmt ... '.$row['name']);
$_SESSION['authname'] = $row['name'];
$_SESSION['authid'] = $row['id'];
$_SESSION['authright'] = $row['recht'];
$_SESSION['lastlogin'] = $row['llogin'];
$_SESSION['authsess'] = session_und_cookie_name();
db_query("UPDATE prefix_online SET uid = ".$_SESSION['authid']." WHERE sid = '".session_id()."'");
user_set_cookie($row['id'], $row['pass']);
user_set_grps_and_modules();
return (true);
}
}
global $menu;
$menu->set_url (0, 'user');
$menu->set_url (1, 'login');
}
return ( false );
}
function user_auto_login_check () {
$cn = session_und_cookie_name();
$dat = explode('=',$_COOKIE[$cn]);
$id = $pw = 0;
if (isset($dat[0])) { $id = escape($dat[0], 'integer'); }
if (isset($dat[1])) { $pw = $dat[1]; }
debug (' pw ' . $pw );
debug (' id ' . $id );
$erg = db_query("SELECT name,id,recht,pass,llogin FROM prefix_user WHERE id = ".$id);
if (db_num_rows($erg) == 1) {
debug ('benutzer gefunden');
$row = db_fetch_assoc($erg);
if (user_cookie_check($pw, $row['pass'])) {
debug ('passwoerter stimmen');
debug ($row['name']);
$_SESSION['authname'] = $row['name'];
$_SESSION['authid'] = $row['id'];
$_SESSION['authright'] = $row['recht'];
$_SESSION['lastlogin'] = $row['llogin'];
$_SESSION['authsess'] = $cn;
db_query("UPDATE prefix_online SET uid = ".$_SESSION['authid']." WHERE sid = '".session_id()."'");
user_set_cookie($row['id'], $row['pass']);
return (true);
}
}
user_logout ();
return (false);
}
function user_set_guest_vars() {
$_SESSION['authname'] = 'Gast';
$_SESSION['authid'] = 0;
$_SESSION['authright'] = 0;
$_SESSION['lastlogin'] = time();
$_SESSION['authgrp'] = array();
$_SESSION['authmod'] = array();
$_SESSION['authsess'] = session_und_cookie_name();
}
function user_markallasread () {
$_SESSION['lastlogin'] = time();
}
function user_logout () {
#global $allgAr;
#$_SESSION = array();
#$_SESSION['authgfx'] = $allgAr['gfx'];
user_set_guest_vars();
db_query("UPDATE prefix_online SET uid = ".$_SESSION['authid']." WHERE sid = '".session_id()."'");
setcookie(session_und_cookie_name(), "", time()-999999999999, "/" );
#if (isset($_COOKIE[session_name()])) {
# setcookie(session_name(), '', time()-99999999999931104000, '/');
#}
#setcookie(session_und_cookie_name(), "", time()-999999999999, "/" );
#session_destroy();
}
function user_set_grps_and_modules() {
$_SESSION['authgrp'] = array();
$_SESSION['authmod'] = array();
$_SESSION['adminaccess'] = array();
if (loggedin()) {
$erg = db_query('SELECT gid FROM prefix_groupusers WHERE uid = ' . $_SESSION['authid']);
while ($row = db_fetch_assoc($erg)) {
$_SESSION['authgrp'][$row['gid']] = true;
}
$erg = db_query('SELECT DISTINCT m.url, m.gshow '
. 'FROM prefix_modulerights mr '
. 'INNER JOIN prefix_modules m ON m.id = mr.mid '
. 'WHERE mr.uid = ' . $_SESSION['authid']);
while ($row = db_fetch_assoc($erg)) {
$_SESSION['authmod'][$row['url']] = true;
if ($row['gshow']) {
$_SESSION['adminaccess'][$row['url']] = true;
}
}
}
}
function loggedin () {
if ( has_right(-1) ) { return ( true ); } else { return ( false ); }
}
function is_admin () {
if ( has_right(-9) ) { return ( true ); } else { return ( false ); }
}
function is_coadmin () {
if ( has_right(-8) ) { return ( true ); } else { return ( false ); }
}
function is_siteadmin ($m = NULL) {
if ( has_right(-7) ) { return ( true ); }
if ( !is_null($m) AND has_right(NULL, $m)) { return (true); }
return ( false );
}
# diese funktion liefert immer true wenn es ein admin ist.
# wenn kein kein admin wird geprueft ob der user
# entweder ein angegebenes recht oder in einer angegebene
# gruppe ist. oder ob er fals angegben das modulrecht hat.
# wenn eines von diesen 3 kriterien stimmt wird true ansonsten
# wenn keins uebereinstimmt false zurueck gegeben.
function has_right ($recht,$modul = '') {
if ( !is_array($recht) AND !is_null($recht) ) {
$recht = array ( $recht );
}
if ( $_SESSION['authright'] == -9 ) {
return ( true );
}
if ( !is_null($recht) ) {
foreach ( $recht as $v ) {
if ( ($v <= 0 AND $v >= $_SESSION['authright'] ) OR (isset($_SESSION['authgrp'][$v]) AND $_SESSION['authgrp'][$v] === true) ) {
return (true);
}
}
}
if ( !empty($modul) AND isset($_SESSION['authmod'][$modul]) AND $_SESSION['authmod'][$modul] === true ) {
return ( true );
}
return (false);
}
### admin
# wenn der 2. parameter weggelassen wird oder auf true gesetzt wird
# dann wird ein login formular angezeigt, wenn der user kein admin ist.
# wird der parameter auf false gesetzt wird das login formular nicht angezeigt.
# erste parameter ist das menu objekt...
function user_has_admin_right($menu, $sl = true) {
if ($_SESSION['authright'] <= -8) { # co leader...
return true;
} else {
$uri_to_check1 = $menu->get(0);
$uri_to_check2 = $menu->get(1);
if (count($_SESSION['adminaccess']) < 1 OR !loggedin()) {
if ($sl === true) {
if (!loggedin()) {
$tpl = new tpl('user/login.htm');
$tpl->set_out('WDLINK', 'admin.php', 0);
} else {
echo '<strong>Keine Berechtigung!</strong> <a href="index.php">Startseite</a>';
}
}
return false;
} elseif ((isset($_SESSION['adminaccess'][$uri_to_check1]) AND $_SESSION['adminaccess'][$uri_to_check1] == true)
|| (isset($_SESSION['adminaccess'][$uri_to_check1 . '-' . $uri_to_check2]) AND $_SESSION['adminaccess'][$uri_to_check1 . '-' . $uri_to_check2] == true)
) {
return true;
} elseif (count($_SESSION['adminaccess']) > 0 AND loggedin()) {
if ($sl === true) {
foreach ($_SESSION['adminaccess'] as $k => $v) {
$x = $k;
break;
}
$x = explode('-', $x);
$menu->set_url(0, $x[0]);
if (isset($x[1])) {
$menu->set_url(1, $x[1]);
}
}
return true;
}
}
return false;
}
function user_regist ($name, $mail, $pass) {
global $allgAr, $lang;
$erg = db_query("SELECT id FROM prefix_user WHERE name = BINARY '".$name."'");
if (db_num_rows($erg) > 0) {
return (false);
}
if ( $allgAr['forum_regist_user_pass'] == 0 ) {
$new_pass = genkey(8);
} else {
$new_pass = $pass;
}
$passwordHash = user_pw_crypt($new_pass);
$confirmlinktext = '';
# confirm insert in confirm tb not confirm insert in user tb
if ( $allgAr['forum_regist_confirm_link'] == 1 ) {
# confirm link + text ... bit of shit put it in languages file
$page = $_SERVER["HTTP_HOST"].$_SERVER["SCRIPT_NAME"];
$id = md5 (uniqid (rand()));
$confirmlinktext = "\n".$lang['registconfirm']."\n\n".sprintf($lang['registconfirmlink'], $page, $id );
db_query("INSERT INTO prefix_usercheck (`check`,name,email,pass,datime,ak)
VALUES ('".$id."','".$name."','".$mail."','".$passwordHash."',NOW(),1)");
} else {
db_query("INSERT INTO prefix_user (name,pass,recht,regist,llogin,email,status,opt_mail,opt_pm)
VALUES('".$name."','".$passwordHash."',-1,'".time()."','".time()."','".$mail."',1,1,1)");
$userid = db_last_id();
}
$regmail = sprintf($lang['registemail'],$name, $confirmlinktext, $name, $new_pass);
icmail($mail,'Anmeldung',$regmail); # email an user
return (true);
}
function user_remove($uid){
$row = @db_fetch_object(db_query("SELECT recht,avatar FROM prefix_user WHERE id = ".$uid));
if ( $uid <> 1 AND ($_SESSION['authid'] == $uid OR $_SESSION['authid'] == 1 OR (is_coadmin() AND $_SESSION['authright'] < $row->recht))) {
db_query("DELETE FROM prefix_user WHERE id = ".$uid);
db_query("DELETE FROM prefix_userfields WHERE uid = ".$uid);
db_query("DELETE FROM prefix_groupusers WHERE uid = ".$uid);
db_query("DELETE FROM prefix_modulerights WHERE uid = ".$uid);
db_query("DELETE FROM prefix_pm WHERE eid = ".$uid);
db_query("DELETE FROM prefix_online WHERE uid = ".$uid);
//Usergallery entfernen
$sql = db_query("SELECT id,endung FROM prefix_usergallery WHERE uid = ".$uid);
while( $r = db_fetch_object($sql) ){
@unlink("include/images/usergallery/img_$r->id.$r->endung");
@unlink("include/images/usergallery/img_thumb_$r->id.$r->endung");
}
db_query("DELETE FROM prefix_usergallery WHERE uid = ".$uid);
//Avatar
@unlink($row->avatar);
}
}
function sendpm ($sid,$eid,$ti,$te,$status = 0) {
if (is_array($eid)) {
db_query("INSERT INTO `prefix_pm` (`sid`,`eid`,`time`,`titel`,`txt`,`status`) ".
"SELECT ".$sid.",`prefix_user`.`id`,'".time()."','".$ti."','".$te."',".$status." FROM `prefix_user` WHERE `prefix_user`.`id` IN (" . implode(',', $eid) . ")");
} else {
db_query("INSERT INTO `prefix_pm` (`sid`,`eid`,`time`,`titel`,`txt`,`status`) VALUES (".$sid.",".$eid.",'".time()."','".$ti."','".$te."',".$status.")");
}
}
?>
Wäre toll wenn da jemand ne Lösung weis ??
Zuletzt modifiziert von xRebellx am 06.02.2014 - 10:53:28