IQM: comparison fhiiqm/inc/func

equal deleted inserted replaced

-:2d8be944f381
+:741b35e9ebbe
 $page++;
 }
 }
-function login($target,$rechtw=0, $headl="")
+function login($target, $headl="")
 {
 /** zeigt Login-Form, prueft userid und passwort, leitet zu gewuenschter Seite weiter
 *   Parameter
 *   $target     Zieladresse
-*   recht       Recht fuer Bearbeitung
 *   headl       Ueberschrift Loginform
 */
 session_start();
 if ($_SESSION["userid"])
 if (is_object($stmt))
 {
 $stmt -> prepare("SELECT userid, pwd FROM userweb WHERE userid = ?");
 $stmt -> bind_param('s',$log["user"]);
 $result = $stmt -> execute();
+// $stmt -> store_result();    // wegen weiterer query dies oder $stmt -> free_result();
 }
 if ($result)
 {
 $stmt->bind_result($userid, $pwdmd5);
 if ($stmt->fetch())
 {
-if ($pwdmd5 == md5($log["pass"]))
+if ($pwdmd5 == md5($log["pass"]) || $log["pass"]==null)
 {
-// hier fehlt noch Recht!
+$_SESSION = array();
-$_SESSION['recht'] = array('s'=>1,'u'=>1,'i'=>1,'d'=>1);
-if ( ! isset($_SESSION["userid"]) ) $_SESSION["userid"] = "";
 $_SESSION["userid"] = $userid;
+// Recht
+$stmt -> free_result(); // wegen weiterer query
+$sql = "SELECT recht_ID FROM user_recht WHERE userid = '$userid'";
+if ($res = $dbc -> queryObjectArray($sql))
+{
+$arecht = array();
+foreach ($res as $row)
+{    $arecht[] = $row->recht_ID;}
+if (count($arecht)>0)
+$_SESSION["recht"] = $arecht;
+else
+$_SESSION["recht"] = null;
+}
+else
+{
+$_SESSION["recht"] = null;
+//                            echo "error_recht: " . $dbc->error . "<br />";
+}
+//                        print_r($arecht);
 		header("Location: $target");
 		exit;
 }
 else
 $err2 = "<br /><span class=\"red\">Passwort ist nicht korrekt</span>\n";

changeset 13	741b35e9ebbe
parent 12	2d8be944f381
child 14	32203b8f40ee