query($sql)) die($db->error); switch($mode){ case 0: return (int)$db->affected_rows; case 1: if( !$res->num_rows ) return 0; $row = $res->fetch_row(); return $row[0]; case 2: return (int)$res->num_rows; } } function check( $wert, $format, $max=0 ){ if($wert) $wert = trim( $wert ); if( (!$wert) || preg_match( '/[<>\"\';]/',$wert ) ){ switch( $format ){ case 's': return ''; case 'd': return '0000-00-00'; default: return 0; } } if( $max and strlen($wert) > $max ) $wert = substr( $wert, 0, $max ); if( 's' == $format ) return $wert; if( 'd' == $format ){ $a = preg_split( '/\D+/', $wert ); if( 2 == count($a) ){ $a[] = date('Y'); } if( 2 > count($a) ){ return '0000-00-00'; } if( strlen($a[2]) < 2 ){ $a[2] = date('Y'); } if( strlen($a[2]) < 4 ){ $a[2] = 2000 + (int)$a[2]; } return sprintf("%d-%02d-%02d",$a[2],$a[1],$a[0]); } if( 'f' == $format ) return (float)preg_replace( '/,/','.', $wert); return (int)$wert; } $host = 'Adresse des Datenbankservers'; $user = 'Benutzer'; $pass = 'Passwort'; $bank = 'Datenbankname'; $db = new mysqli($host, $user, $pass, $bank); if( mysqli_connect_errno() ){ die( 'Verbindung zur Datenbank fehlgeschlagen '. mysqli_connect_error().'('.mysqli_connect_errno().')'); } unset($host,$user,$bank); $db->set_charset("utf8"); $sql = "delete from hosts where time_to_sec(timediff(now(),seit)) > 3600"; ask(0); $str = file_get_contents("php://input"); $id = ord($str[0]); $str = substr($str,1); $t = array(); $sql = "select pass,crkey from user where id=$id"; if( 0 == ask() ) die("ERROR 1"); $row = $res->fetch_row(); $pass = $row[0]; $cryptKey = $row[1]; $sql = "select host,session from hosts where id=$id"; if( 0 == ask() ){ $in = dencode($str,false); $len = strlen($pass); $pass1 = substr($in,0,$len); if( 0 != strcmp($pass1,$pass) ) die("ERROR 2"); $sessionKey = trim(substr($in,$len)); $sql = "insert hosts (id,host,session) values($id,\"$userhost\",\"$sessionKey\")"; ask(0); $t['tpl'] = 'login'; } else { $row = $res->fetch_row(); if( 0 != strcmp($userhost,$row[0]) ) die("ERROR 3"); $sessionKey = $row[1]; $in = dencode($str); $a = explode('&',$in); foreach($a as $b){ $c = explode('=',$b); $t[$c[0]] = $c[1]; } unset($a,$b,$c,$in,$len); $sql = "update hosts set seit=default where id=$id"; ask(0); } if(!isset($t['tpl'])) die("template fehlt"); $tpl = check($t['tpl'],'s'); if( !file_exists('includes/'.$tpl.'.inc') ) die('konnte includes/'.$tpl.'.inc nicht finden
'); include 'includes/'.$tpl.'.inc'; if( strlen($ret) ) echo '<<'. dencode($ret); ?>