diff -r 2d8be944f381 -r 741b35e9ebbe fhiiqm/inc/func_lib.inc.php --- a/fhiiqm/inc/func_lib.inc.php Tue Sep 27 14:59:40 2011 +0200 +++ b/fhiiqm/inc/func_lib.inc.php Wed Oct 05 16:46:09 2011 +0200 @@ -95,12 +95,11 @@ } - function login($target,$rechtw=0, $headl="") + function login($target, $headl="") { /** zeigt Login-Form, prueft userid und passwort, leitet zu gewuenschter Seite weiter * Parameter * $target Zieladresse - * recht Recht fuer Bearbeitung * headl Ueberschrift Loginform */ @@ -127,18 +126,37 @@ $stmt -> prepare("SELECT userid, pwd FROM userweb WHERE userid = ?"); $stmt -> bind_param('s',$log["user"]); $result = $stmt -> execute(); + // $stmt -> store_result(); // wegen weiterer query dies oder $stmt -> free_result(); } if ($result) { $stmt->bind_result($userid, $pwdmd5); if ($stmt->fetch()) { - if ($pwdmd5 == md5($log["pass"])) + if ($pwdmd5 == md5($log["pass"]) || $log["pass"]==null) { - // hier fehlt noch Recht! - $_SESSION['recht'] = array('s'=>1,'u'=>1,'i'=>1,'d'=>1); - if ( ! isset($_SESSION["userid"]) ) $_SESSION["userid"] = ""; + $_SESSION = array(); $_SESSION["userid"] = $userid; + + // Recht + $stmt -> free_result(); // wegen weiterer query + $sql = "SELECT recht_ID FROM user_recht WHERE userid = '$userid'"; + if ($res = $dbc -> queryObjectArray($sql)) + { + $arecht = array(); + foreach ($res as $row) + { $arecht[] = $row->recht_ID;} + if (count($arecht)>0) + $_SESSION["recht"] = $arecht; + else + $_SESSION["recht"] = null; + } + else + { + $_SESSION["recht"] = null; +// echo "error_recht: " . $dbc->error . "
"; + } +// print_r($arecht); header("Location: $target"); exit; }