Überarbeitete Version der 1. Version. Es bestehen noch grosse Feher in einzelnen Skripten.

scripts/login/login.php

@@ -1,8 +1,8 @@
 <?php
 
-if (session_status() !== PHP_SESSION_ACTIVE) {
-    session_start();
-}
+require_once __DIR__ . '/../session_functions.php';
+
+ini_wkvs_session();
 
 if (!isset($error)) {
     $error = '';
@@ -24,8 +24,6 @@ if ($_SESSION['lockout_time_'. $logintype] > time()) {
     $error = "Zu viele fehlgeschlagene Anmeldeversuche. Bitte warte $minutes Minute(n).";
 } elseif (isset($_POST[$logintype.'_login_submit'])) {
 
-    $token = "QQa2UMbEYW8oOL7wz9DjtqECVCikSZsDuSdmzxiadEXFsKyujEUyQOW1AYMD2OqU8VXxClIRweRuWLzvBrZpPYL41e89Rs96tM7Lq1KpjA5E2mg2UfgvztheGRV";
-
     require __DIR__ .'/../db/db-verbindung-script-guest.php';
 
     require __DIR__ . "/../db/db-tables.php";
@@ -35,8 +33,9 @@ if ($_SESSION['lockout_time_'. $logintype] > time()) {
     $password = trim($_POST['access_passcode']);
 
     // Prepare statement
-    $stmt = $guest->prepare("SELECT * FROM $tableInternUsers WHERE username = ? LIMIT 1");
-    $stmt->bind_param("s", $username);
+    $stmt = $guest->prepare("SELECT * FROM $tableInternUsers WHERE username = ? AND login_active = ? LIMIT 1");
+    $loginActive = 1;
+    $stmt->bind_param("ss", $username, $loginActive);
     $stmt->execute();
     $result = $stmt->get_result();
     $user = $result->fetch_assoc();
@@ -60,7 +59,7 @@ if ($_SESSION['lockout_time_'. $logintype] > time()) {
         if (password_verify($password, $user['password_hash']) && in_array($logintype, $freigabe_values)) {
             foreach ($freigabe_values as $freigabe) {
                 $_SESSION['access_granted_'. $freigabe] = true;
-                $_SESSION['passcode'. $freigabe .'_id'] = $user['id'];
+                $_SESSION['user_id_'. $freigabe] = $user['id'];
                 $_SESSION['lockout_time_'. $freigabe] = 0;
                 $_SESSION['login_attempts_'. $freigabe] = 0;
             }