<?
/*
Main Include

Author: Stephan Daratha

#update new_f_user set pass = md5(concat(md5('neues passwort'),',', substring(md5(concat(`id`,',',`dabei`)),1,6))) WHERE id = ``
*/
//incl. db config
include($root."inc/config.inc.php");

//incl. whee class with many functions
include($root."inc/whee.class.php");
$whee = new whee();

#Aufsplitten der , getrennten URL
$page=str_replace("-","/",$_GET['page']);
$Rest = $_GET['Rest'];
if ($Rest!="")
{
	$Rest=",".$Rest;
	$i=0;
	while ((preg_match("/,([^,]+),([^,]+),?/", $Rest, $found)) && ($i<15))
	{
		$whee->vars[$found[1]] = $found[2];
		$Rest = str_replace(','.$found[1].','.$found[2], ',', $Rest);
		$i++;
	}
}

//Rest der urls
$Last = $_GET['Last'];
if ($Last != "")
{
	$Last = substr($Last, 1);
	$teile = explode('&', $Last);
	foreach($teile as $key)
	{
		$parts = explode('=', $key);
		$_GET[$parts[0]] = $parts[1];
	}
}


#Defaultwerte zur Sicherheit
$sid = '';
$userlogin_id = '';
$eingeloggt = 0;
$errorMessage = '';

session_start();

if ($_GET[session_name()] != '')
{
	if (session_id() == '') session_id($_GET[session_name()]);
}
session_start();

### Wenn man auf Abmelden dr�ckt
###############################################
if ($_REQUEST['logout'] == 1)
{		
	$sql->query("DELETE from active_sessions WHERE session_id='".session_id()."'");
	$whee->deleteCookie($_SESSION['login_id']);		
	unset($_SESSION, $_COOKIE);
	$eingeloggt=0;
	@session_unset();
	@session_destroy();
	$userlogin_id = '';
	$sid = '';
	$whee->vars['logout_erfolgreich'] = 1;
}

### Die �berpr�fung
#####################################################
if ($_SESSION['login_name'] != '' && $_SESSION['login_status'] != '' && $_SESSION['login_id'] != '')
{	
	{
		$userlogin_id = $_SESSION['login_id'];
		$_SESSION['last_move'] = date('YmdHis');
		$query = "INSERT INTO active_sessions (
		`id`,
		`browser`,
		`bis`,
		`ip`,
		`name`,
		`status`,
		`avatare`,		
		`session_id`,
		`geschlecht`	
		)
		VALUES (
		".$userlogin_id.",
		'".$browser->Name."',
		NOW(),
		'".$_SERVER['REMOTE_ADDR']."',
		'".addslashes($_SESSION['login_name'])."',
		'".$_SESSION['login_status']."',
		'".$_SESSION['login_avatare']."',		
		'".session_id()."',
		'".$_SESSION['geschlecht']."'		
		)
		ON DUPLICATE KEY UPDATE
		`id` = ".$userlogin_id.",
		`browser` = '".$browser->Name."',
		`bis` = NOW(),
		`ip` = '".$_SERVER['REMOTE_ADDR']."',
		`name` = '".addslashes($_SESSION['login_name'])."',
		`status` = '".$_SESSION['login_status']."',
		`avatare` = '".$_SESSION['login_avatare']."',		
		`geschlecht` = '".$_SESSION['geschlecht']."',		
		`session_id` = '".session_id()."'";
		$sql->query($query);
		$sql->query("UPDATE new_f_user SET lastLoggedIn = NOW() WHERE `id` = ".$userlogin_id);

		$eingeloggt = 1;
	}
}

if ($eingeloggt == 0)
{
	###  M�gliches Cookie auslesen
	####################################################
	if($_COOKIE['loginID'] != '')
	{
		$query = "SELECT `new_f_user`.`id`, `status`, `name`, `avatare`, `geschlecht` FROM `new_f_user`
		INNER JOIN `active_cookies` USING (`id`)			
		WHERE `delete_date` = 0
		AND `md5` = '".$_COOKIE['loginID']."'
		AND DATE_SUB(NOW(), INTERVAL 7 DAY) < `datum`";
	
		if ($result = $sql->query($query))
		{
			if (mysqli_num_rows($result) == 1)
			{
				$row = mysqli_fetch_assoc($result);
				session_start();
				#session_register('login_name', 'login_status', 'login_id','login_avatare','last_move', 'browser_typ', 'user_ip');					
				$_SESSION['login_name'] = $row['name'];
				$_SESSION['login_status'] = $row['status'];
				$_SESSION['login_id'] = $row['id'];
				$_SESSION['login_avatare'] =  $row['avatare'];
				$_SESSION['geschlecht'] =  $row['geschlecht'];					
				$_SESSION['last_move'] = date('YmdHis');
				$_SESSION['browser_typ'] = $browser->Name;
				$_SESSION['user_ip'] = $_SERVER["REMOTE_ADDR"];					
				$userlogin_id = $row['id'];
				$eingeloggt = 1;
	
				$_SESSION['last_move'] = date('YmdHis');
				$query = "INSERT IGNORE INTO active_sessions (id)
				VALUES (
				".$userlogin_id.")";
				$sql->query($query);
	
				$query = "UPDATE active_sessions SET
				browser = '".$browser->Name."',
				bis = NOW(),
				ip = '".$_SERVER['REMOTE_ADDR']."',
				name = '".addslashes($row['name'])."',
				status = '".$row['status']."',
				avatare = '".$row['avatare']."',					
				geschlecht = '".$row['geschlecht']."',
				`session_id` = '".session_id()."'					
				WHERE `id` = ".$userlogin_id;
				$sql->query($query);
				$sql->query("UPDATE new_f_user SET lastLoggedIn = NOW() WHERE `id` = ".$userlogin_id);
			}
		}
	}
	
	### Normaler Login
	###############################################
	if ((isset($_POST['login'])) && ($_POST['name'] != '') && ($_POST['pass'] != ''))
	{
		$query = "Select new_f_user.id,status, pass, name, avatare, geschlecht, dabei, aktiv from new_f_user 			
		where name='".$_POST['name']."' AND `delete_date` = 0";
		$erg = $sql->query($query);		
		if (mysqli_num_rows($erg) == 1)
		{
			$row = mysqli_fetch_assoc($erg);		
			if ($whee->encodePassword(array('pass' => trim($_POST['pass']), 'dabei' => $row['dabei'], 'id' => $row['id'])) == $row['pass'])
			{
				if ($row['status'] == 'Admin') {
					$z = 0;
					$query = "DELETE FROM active_sessions where id = ".$row['id'];
					$r = $sql->query($query);
					
					$query = "INSERT INTO active_sessions (
						`id`,
						`browser`,
						`bis`,
						`ip`,
						`name`,
						`status`,
						`avatare`,						
						`session_id`,
						`geschlecht`						
						)
						VALUES (
						".$row['id'].",
						'".$browser->Name."',
						NOW(),
						'".$_SERVER['REMOTE_ADDR']."',
						'".addslashes($row['name'])."',
						'".$row['status']."',
						'".$row['avatare']."',						
						'".session_id()."',
						'".$row['geschlecht']."'						
						)
						ON DUPLICATE KEY UPDATE
						`id` = ".$row['id'].",
						`browser` = '".$browser->Name."',
						`bis` = NOW(),
						`ip` = '".$_SERVER['REMOTE_ADDR']."',
						`name` = '".addslashes($row['name'])."',
						`status` = '".$row['status']."',
						`avatare` = '".$row['avatare']."',						
						`geschlecht` = '".$row['geschlecht']."',						
						`session_id` = '".session_id()."'";
					$sql->query($query);

					$userlogin_id = $row['id'];
					#session_register('login_name', 'login_status', 'login_id','login_avatare','last_move', 'browser_typ', 'user_ip');
					$_SESSION['login_name'] = $row['name'];
					$_SESSION['login_status'] = $row['status'];
					$_SESSION['login_id'] = $userlogin_id;
					$_SESSION['login_avatare'] =  $row['avatare'];						
					$_SESSION['last_move'] = date('YmdHis');
					$_SESSION['browser_typ'] = $browser->Name;
					$_SESSION['user_ip'] = $_SERVER["REMOTE_ADDR"];
					$_SESSION['geschlecht'] = $row['geschlecht'];						
					$_SESSION['shoutbox'] = $row['shoutbox'];
					$whee->deleteCookie($userlogin_id);
					$sid = '';
					$whee->setCookie($userlogin_id);												
					if ($row['aktiv'] == '0') $sql->query("UPDATE `new_f_user` SET aktiv = 1 WHERE `id` = ".$row['id']);						
					$sql->query("UPDATE new_f_user SET lastLoggedIn = NOW() WHERE `id` = ".$row['id']);
				} else {
					$errorMessage = "Dein Benutzer hat nicht mehr genug Rechte";
					$page = 'login';
				}
			}
			else
			{
				$errorMessage = "Du hast ein falsches Passwort eingegeben.";
				$page = 'login';
			}
		}
		else
		{
			$errorMessage = "Dieser Benutzername existiert nicht.";				
			$page = 'login';
		}
	}
}

$add_session_id = false;
if(!$_COOKIE['PHPSESSID']) $add_session_id = '?PHPSESSID='.session_id();

//startseite
if ((!isset($page)) || ($page=="")) $page="news";	

//because of register globals	
if (ini_get('register_globals') == 1)
{
	if (is_array($_SESSION)) foreach(array_keys($_SESSION) as $var_to_kill) unset($$var_to_kill);
    unset($var_to_kill);
}

require($root."inc/page_selection.php");