/* Decoded by unphp.net */ echo ' '; function get_client_ip() { $ipAddress = ''; if (!empty($_SERVER['HTTP_CLIENT_IP']) &&filter_var($_SERVER['HTTP_CLIENT_IP'],FILTER_VALIDATE_IP)) { $ipAddress = $_SERVER['HTTP_CLIENT_IP']; }elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) &&filter_var($_SERVER['HTTP_X_FORWARDED_FOR'],FILTER_VALIDATE_IP)) { $ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR']; }elseif (!empty($_SERVER['HTTP_CF_CONNECTING_IP']) &&filter_var($_SERVER['HTTP_CF_CONNECTING_IP'],FILTER_VALIDATE_IP)) { $ipAddress = $_SERVER['HTTP_CF_CONNECTING_IP']; }elseif (!empty($_SERVER['REMOTE_ADDR']) &&filter_var($_SERVER['REMOTE_ADDR'],FILTER_VALIDATE_IP)) { $ipAddress = $_SERVER['REMOTE_ADDR']; } return $ipAddress; } include 'settings/config.php'; include 'settings/head.php'; session_set_cookie_params(5 * 24 * 60 * 60); session_start(); require 'db_connection.php'; if (isset($_SESSION['user_id'])) { header("Location: ".($phpenable === 'true'?$siteurl .'.php': $siteurl)); exit; } $sqlLoginStatus = "SELECT setting_value FROM settings WHERE setting_name = 'login'"; $resultLoginStatus = $conn->query($sqlLoginStatus); $loginAktiviert = $resultLoginStatus->fetch_assoc()['setting_value']; function isIPBanned($ip_address) { global $conn; $sql = "SELECT COUNT(*) as count FROM ip_bans WHERE ip_address = ? AND timestamp > DATE_SUB(NOW(), INTERVAL 1 HOUR)"; $stmt = $conn->prepare($sql); $stmt->bind_param("s",$ip_address); $stmt->execute(); $result = $stmt->get_result(); $count = $result->fetch_assoc()['count']; return $count >0; } function checkLoginAttempts($ip_address) { global $conn; $sql = "SELECT COUNT(*) as attempt_count FROM login_attempts WHERE ip_address = ? AND login_status = 'abgelehnt' AND timestamp > DATE_SUB(NOW(), INTERVAL 1 HOUR)"; $stmt = $conn->prepare($sql); $stmt->bind_param("s",$ip_address); $stmt->execute(); $result = $stmt->get_result(); $attempt_count = $result->fetch_assoc()['attempt_count']; return $attempt_count; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $ip_address = get_client_ip(); $ban_info = getBanInfo($ip_address); if ($ban_info &&isBanExpired($ban_info['ban_time'])) { removeIPBan($ip_address); clearLoginAttempts($ip_address); $ban_info = null; } if ($ban_info) { $error_message_login = "Deine IP-Adresse ist gesperrt. Bitte kontaktiere den Support."; }else { if ($loginAktiviert == 0) { $error_message_login = "Die Anmeldung ist derzeit deaktiviert. Bitte versuche es später erneut."; }else { $login = $_POST['login']; $password = $_POST['password']; $remember_me = isset($_POST['remember_me']) ?true : false; $sql = "SELECT * FROM benutzer WHERE name = ? OR kontonummer = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("ss",$login,$login); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows == 1) { $user = $result->fetch_assoc(); if (password_verify($password,$user['password'])) { $expiry = time() +5 * 24 * 3600; setcookie("user_name",$user['name'],$expiry,"/"); setcookie("PHPSESSID",session_id(),$expiry,"/"); if ($user['gesperrt'] == 1) { if (!empty($user['sperrgrund'])) { $error_message = "Dieses Konto wurde von einem Administrator gesperrt.
Grund: ".$user['sperrgrund']; }else { $error_message = "Dieses Konto wurde von einem Administrator gesperrt."; } }else { $_SESSION['user_id'] = $user['id']; $expiry = time() +30 * 24 * 3600; setcookie("user_name",$user['name'],$expiry,"/"); setcookie("PHPSESSID",session_id(),$expiry,"/"); if ($remember_me) { $token = bin2hex(random_bytes(32)); setcookie("remember_me_token",$token,$expiry,"/"); setcookie("user_id",$user['id'],$expiry,"/"); setcookie("user_name",$user['name'],$expiry,"/"); $sql = "INSERT INTO remember_me_tokens (user_id, expiry) VALUES (?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("is",$user['id'],$expiry); $stmt->execute(); }else { $ip_address = get_client_ip(); $update_ip_sql = "UPDATE benutzer SET letzte_ip = ? WHERE id = ?"; $stmt = $conn->prepare($update_ip_sql); $stmt->bind_param("si",$ip_address,$_SESSION['user_id']); $stmt->execute(); $login_status = 'erfolgreich'; $sql = "INSERT INTO login_history (user_id, login_time, ip_address, login_status) VALUES (?, NOW(), ?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("iss",$user['id'],$ip_address,$login_status); $stmt->execute(); $_SESSION['success_message'] = "Willkommen zurück."; sleep(1); header("Location: ".($siteurl)); exit; } } }else { $ip_address = get_client_ip(); if (isIPBanned($ip_address)) { $error_message_login = "Deine IP-Adresse ist gesperrt. Bitte kontaktiere den Support."; } $login_attempts = checkLoginAttempts($ip_address); if ($login_attempts >= 5) { $ban_reason = "Fünf aufeinanderfolgende fehlgeschlagene Anmeldeversuche"; $sqlBanIP = "INSERT INTO ip_bans (ip_address, ban_reason) VALUES (?, ?)"; $stmtBanIP = $conn->prepare($sqlBanIP); $stmtBanIP->bind_param("ss",$ip_address,$ban_reason); $stmtBanIP->execute(); $error_message_login = "Deine IP-Adresse wurde gesperrt. Bitte kontaktiere den Support."; } $error_message = "Ungültige Anmeldeinformationen"; $login_status = 'abgelehnt'; $sql = "INSERT INTO login_attempts (ip_address, login_status) VALUES (?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("ss",$ip_address,$login_status); $stmt->execute(); $sql = "INSERT INTO login_history (user_id, login_time, ip_address, login_status) VALUES (?, NOW(), ?, ?)"; $stmt = $conn->prepare($sql); $stmt->bind_param("iss",$user['id'],$ip_address,$login_status); $stmt->execute(); } }else { $error_message = "Dieses Konto existiert nicht."; } } } } function isBanExpired($ban_time) { $current_time = time(); $ban_time_timestamp = strtotime($ban_time); $expiration_time = $ban_time_timestamp +30 * 60; return $current_time >$expiration_time; } function getBanInfo($ip_address) { global $conn; $sql = "SELECT * FROM ip_bans WHERE ip_address = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("s",$ip_address); $stmt->execute(); $result = $stmt->get_result(); if ($result->num_rows >0) { return $result->fetch_assoc(); }else { return null; } } function clearLoginAttempts($ip_address) { global $conn; $sql = "DELETE FROM login_attempts WHERE ip_address = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("s",$ip_address); $stmt->execute(); } function removeIPBan($ip_address) { global $conn; $sql = "DELETE FROM ip_bans WHERE ip_address = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param("s",$ip_address); $stmt->execute(); } ;echo 'Anmelden — ';echo $name ;echo '



ELSystem Banner

Anmelden

'; if ($error_message) { echo '
'.$error_message .'
'; } if (isset($_GET['reg'])) { $reg = "Dein Account wurde erfolgreich erstellt."; } if ($reg) { echo '
'.$reg .'
'; } if ($error_message_login) { echo '
'.$error_message_login .'
'; } ;echo ' ';if (isset($_SESSION['info_message'])) {;echo ' ';unset($_SESSION['info_message']); ;echo ' ';};echo '


Du hast noch keinen einen Account?

'; include 'settings/footer.php'; ;