Files
awo-hamburg-intranet/module/intranet/intranet_functions.inc.php
Moritz Weinmann 2e75ff7d59 Statistik: Login-Tracking auf pro-User-Deduplizierung umstellen
main_contact_id wird jetzt mitgespeichert + UNIQUE (login_date, main_contact_id).
Damit zählt ein User der sich mehrfach ein-/ausloggt trotzdem nur einmal pro Tag.
Im Chart bleibt nur die anonyme Tagessumme sichtbar.

ALTER TABLE stat_login_daily
  ADD COLUMN main_contact_id INT NOT NULL DEFAULT 0 AFTER login_date,
  ADD UNIQUE KEY uq_user_day (login_date, main_contact_id);

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-22 08:59:44 +02:00

234 lines
9.5 KiB
PHP

<?
function track_anonymous_login($contact_id) {
$id = (int)$contact_id;
if ($id <= 0) return;
@mysqli_query($GLOBALS['mysql_con'],
"INSERT IGNORE INTO stat_login_daily (login_date, main_contact_id) VALUES (CURDATE(), $id)"
);
}
support_login_listener();
if(isset($_SESSION['login_id']) && $_SESSION['login_id'] != 0){
// if ($_SESSION['login_id'] == "827") {
// $_SESSION['login_id'] = "351";
// }
check_if_read_collection($_GET['collection_id']);
update_contact_last_interaction($_SESSION['login_id']);
}else{
if (($_GET["action"] == 'intranet_forgot_password') || ($_GET["action"] == 'intranet_password_remind') || ($_GET["action"] == 'intranet_password_code') || ($_GET["action"] == 'intranet_set_password') || ($_GET["action"] == 'intranet_set_password_finished')){
die(require_once("intranet_password.php"));
}else if (($_GET["action"] == 'intranet_register')){
die(require_once("intranet_register.php"));
}else{
die(require_once("intranet_login.php"));
}
}
function support_login_listener() {
$_SESSION["login_error"] = "";
$translation = \DynCom\mysyde\common\classes\Registry::get("translation");
switch ($_GET["action"]) {
case "intranet_logout":
$_SESSION['login_id'] = 0;
header('location:/');
break;
case "intranet_login":
if(($_POST["input_login"]<>'') && ($_POST["input_password"]<>'')) {
$login = $_POST["input_login"];
$password_hash = md5($_POST["input_password"]);
$query = "SELECT * from main_contact WHERE shortcut = '$login'";
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
if (@mysqli_num_rows($result) > 0) {
while ($main_contact = @mysqli_fetch_array($result)) {
if($main_contact['password'] == $password_hash){
if($main_contact['active'] == 0){
$_SESSION["login_error"] = "Dieser Account wurde noch nicht freigeschalten.";
}else{
$_SESSION['login_id'] = $main_contact['id'];
track_anonymous_login($main_contact['id']);
header('location:/');
}
}else{
$_SESSION["login_error"] = "Das eingegebene Passwort ist nicht korrekt.";
}
}
}else{
$_SESSION["login_error"] = "Die eingegebene E-Mail ist nicht vorhanden.";
}
}
break;
case "change_mandant":
$current_mandant_id = (int)$_GET['id'];
if ($current_mandant_id <= 0) {
$current_mandant_id = (int)$GLOBALS['main_contact']['master_mandant_id'];
}
$query = "UPDATE main_contact
SET current_mandant_id = {$current_mandant_id}
WHERE id = " . (int)$GLOBALS['main_contact']['id'];
mysqli_query($GLOBALS['mysql_con'], $query);
header('location:' . $_SERVER['HTTP_REFERER']);
exit;
case "intranet_register_finish":
$password_hash = md5($_POST["input_password"]);
$email = $_POST["input_email"];
$birthday = new DateTime($_POST["input_birthday"]);
$query = "INSERT INTO main_contact SET
name = '".$_POST['input_name']."',
address = '".$_POST['input_address']."',
post_code = '".$_POST['input_post_code']."',
city = '".$_POST['input_city']."',
birthday = '".$birthday->format('Y-m-d')."',
phone_no = '".$_POST['input_phone_no']."',
email = '".$email."',
password = '".$password_hash."',
image = '',
active = '0'";
@mysqli_query($GLOBALS['mysql_con'], $query);
return true;
case "intranet_password_code":
$translation = \DynCom\mysyde\common\classes\Registry::get("translation");
if($_POST["input_login"]<>'') {
$email = $_POST["input_login"];
$query = "SELECT * FROM main_contact WHERE email = '".$email."' LIMIT 1";
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
if(@mysqli_num_rows($result) < 1){
$_SESSION['login_error'] = 'Falsche E-Mail';
}else{
unset($_SESSION['login_error']);
$user = @mysqli_fetch_assoc($result);
$randomString = time().$user['id'].rand(9999,999999);
$queryUpd = "UPDATE main_contact SET password_recovery_code = '" . $randomString . "' WHERE id = '" . $user["id"] . "' LIMIT 1";
$message = '<p> Hallo '.$user['name'].',<br>Unten ist Ihr Passwort-Wiederherstellungscode<br></p>';
$message .= "<p><strong>".$randomString."</strong></p>";
$contactform_header["subject"] = "E-Mail zur Passwortwiederherstellung";
$contactform_header["sender_email"] = 'support@'.$_SERVER['HTTP_HOST'];
$contactform_header["recipient_email"] = $user['email'];
$contactform_header["sender_name"] = "Support Team";
$contactform_header["recipient_name"] = $user['name'];
if (mail_create( $contactform_header["subject"],
$message,
$contactform_header["sender_email"],
$contactform_header["recipient_email"],
$contactform_header["sender_name"],
$contactform_header["recipient_name"],
TRUE,
"")) {
mail_send();
@mysqli_query($GLOBALS['mysql_con'], $queryUpd);
$_SESSION['user_email'] = $email;
}else{
$_SESSION['login_error'] = "Unbekannter Fehler aufgetreten, versuchen Sie es erneut";
}
}
}
break;
case "intranet_set_password":
$email = $_SESSION['user_email'];
$code = $_POST['password_recovery_code'];
$query = "SELECT * FROM main_contact WHERE email = '".$email."' AND password_recovery_code = '".$code."' LIMIT 1";
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
if(@mysqli_num_rows($result) < 1){
$_GET['action'] = 'intranet_password_code';
header('Location: /?action='.$_GET['action'] );
$_SESSION['login_error'] = 'Falsche E-Mail oder Code';
}else{
unset($_SESSION['login_error']);
$user = @mysqli_fetch_assoc($result);
$queryUpd = "UPDATE main_contact SET password_recovery_code = '' WHERE id = '" . $user["id"] . "' LIMIT 1";
@mysqli_query($GLOBALS['mysql_con'], $queryUpd);
$_SESSION['code_set'] = 1;
}
break;
case "intranet_set_password_finished":
if($_POST['input_password'] <> '' && $_POST['input_password_2'] <> ''){
$email = $_SESSION['user_email'];
$query = "SELECT * FROM main_contact WHERE email = '".$email."' LIMIT 1";
if ($_POST["input_password"] <> $_POST["input_password_2"]) {
$_SESSION['forget_error'] = $translation->get("user_error2");
}else if (strlen($_POST["input_password"]) < 6) {
$_SESSION['forget_error'] = $translation->get("user_error3");
}else{
unset($_SESSION['forget_error']);
$result = @mysqli_query($GLOBALS['mysql_con'], $query);
$user = @mysqli_fetch_assoc($result);
$password = md5($_POST["input_password"]);
$queryUpd = "UPDATE main_contact SET password = '".$password."' WHERE id = '" . $user["id"] . "' LIMIT 1";
if(@mysqli_query($GLOBALS['mysql_con'], $queryUpd)){
$_SESSION['success_status'] = $translation->get("user_msg_success2");
unset($_SESSION['user_email']);
unset($_SESSION['code_set']);
header('Location: /?action=');
}else{
$_SESSION['forget_error'] = 'Das Passwort kann nicht aktualisiert werden. Versuchen Sie es nochmal.';
}
}
}
default:
break;
}
}
function update_contact_password($main_contact_id, $password){
$password_hash = md5($password);
$query = "UPDATE main_contact SET
password_recovery_code = '" . $password_hash . "'
WHERE id = '" . $main_contact_id . "' LIMIT 1";
@mysqli_query($GLOBALS['mysql_con'],$query);
}
function update_contact_last_interaction($main_contact_id){
$last_interaction = new DateTime();
$query = "UPDATE main_contact SET last_interaction = '" . $last_interaction->format('Y-m-d H:i:s') . "' WHERE id = '" . $main_contact_id . "' LIMIT 1";
@mysqli_query($GLOBALS['mysql_con'],$query);
}
function check_if_read_collection($collection_id){
$current_date = new DateTime();
$query = "SELECT * FROM main_collection_read WHERE main_collection_id = '".$collection_id."' AND main_contact_id = '".$GLOBALS['main_contact']['id']."'";
$result = mysqli_query($GLOBALS["mysql_con"], $query);
if (@mysqli_num_rows($result) == 0) {
$query = "INSERT INTO main_collection_read (main_collection_id, main_contact_id, read_on) VALUES (
'".$collection_id."',
'".$GLOBALS['main_contact']['id']."',
'".$current_date->format('Y-m-d H:i:s')."'
)";
$result = mysqli_query($GLOBALS["mysql_con"], $query);
}
}
function get_permission_state($permission_code, $mandant_id, $contact_id)
{
$return = 0;
$stmt_permission = mysqli_prepare($GLOBALS["mysql_con"], "SELECT * FROM main_permission WHERE code = ?");
mysqli_stmt_bind_param($stmt_permission, "s", $permission_code);
mysqli_stmt_execute($stmt_permission);
$result_permission = mysqli_stmt_get_result($stmt_permission);
$permission = mysqli_fetch_array($result_permission);
mysqli_stmt_close($stmt_permission);
if ($permission['default_active'] == 1) {
$return = 1;
}
$stmt_contact = mysqli_prepare($GLOBALS["mysql_con"], "SELECT * FROM main_contact_permission WHERE main_contact_id = ? AND main_mandant_id = ? AND main_permission_id = ?");
mysqli_stmt_bind_param($stmt_contact, "iii", $contact_id, $mandant_id, $permission['id']);
mysqli_stmt_execute($stmt_contact);
$result_contact = mysqli_stmt_get_result($stmt_contact);
$contact = mysqli_fetch_array($result_contact);
if (mysqli_num_rows($result_contact) == 1) {
$return = $contact['active'];
}
mysqli_stmt_close($stmt_contact);
return $return;
}