Ich habe ja schon mal versucht userid (rot) zu nickname zu ändern, da ich man sich ja mit dem nickname und nicht mit der userid einloggt. Klappte aber auch nicht.Code:<? /* Datei : session.lib.php Änderungen in dieser Datei nur dann vornehmen wenn Sie wissen was Sie tun! */ @session_start(); // Variabeln definieren if (!isset($_SESSION['login'])) $_SESSION['login'] = ""; if (!isset($_SESSION['werber'])) $_SESSION['werber'] = "0"; if (!isset($_SESSION['uid'])) $_SESSION['uid'] = "0"; if (!isset($_POST['nickname'])) $_POST['nickname'] = ""; if (!isset($_POST['passwort'])) $_POST['passwort'] = ""; if (!isset($_POST['checkid'])) $_POST['checkid'] = ""; if (!isset($_POST['autologin'])) $_POST['autologin'] = ""; if (!isset($_GET['logout'])) $_GET['logout'] = ""; if (!isset($_GET['ref'])) $_GET['ref'] = "0"; if ($_SESSION['werber'] == "0") $_SESSION['werber'] = (int)$_GET['ref']; // Seiteneinstellungen laden... $pageconfig = mysql_fetch_array(db_query("SELECT * FROM ".$db_prefix."_seitenkonfig LIMIT 1")); if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) { setCookie('uid','',time()-86400*30); setCookie('passwort','',time()-86400*30); setCookie('autologin','',time()-86400*30); $_SESSION['uid'] = ""; $_SESSION['passwort'] = ""; $_SESSION['login'] = ""; header ("location: ".$domain."/wartung.php"); die(); } // Login if ($_POST['checkid'] == 'Login' && $_POST['userid'] && $_POST['passwort'] && $_POST['login_pin'] == $_SESSION['pin_login']) { $_POST['nickname'] = addslashes($_POST['nickname']); $login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM ".$db_prefix."_userdaten u LEFT JOIN ".$db_prefix."_kontodaten k ON k.uid=u.uid WHERE u.nickname='".$_POST['nickname']."' AND k.passwort='".md5($_POST['passwort'])."' LIMIT 1"); if (mysql_num_rows($login_check)) { $login_check = mysql_fetch_array($login_check); // Wenn User noch nicht freigeschaltet! if ($login_check['status'] == 0) { $_SESSION['uid'] = ""; $_SESSION['passwort'] = ""; $_SESSION['login'] = ""; $_GET['content'] = '/error/kein_zutritt'; } // Wenn beim User alles O.K. ist! if ($login_check['status'] == 1) { db_query("UPDATE ".$db_prefix."_kontodaten SET login_ip='".$ip."' , loginzeit='".time()."' WHERE uid=".$login_check['uid']." and passwort='".md5($_POST['passwort'])."' LIMIT 1"); if ($_POST['autologin'] == 'true') { setCookie('uid',$login_check['uid'],time()+86400*30); setCookie('passwort',$login_check['passwort'],time()+86400*30); setCookie('autologin','true',time()+86400*30); } $_SESSION['uid'] = $login_check['uid']; $_SESSION['passwort'] = $login_check['passwort']; $_SESSION['login'] = "true"; header ("location: ".$domain); die(); } // Wenn User gesperrt wurde! if ($login_check['status'] == 2) { $_SESSION['uid'] = ""; $_SESSION['passwort'] = ""; $_SESSION['login'] = ""; $_GET['content'] = '/error/user_gesperrt'; } // Wenn es den User garnicht giebt } else { $_GET['content'] = '/error/kein_zutritt'; } } else { if ($_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt'; } // Autologin if ($_SESSION['login'] != 'true' && isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) { $_COOKIE['uid'] = (int)$_COOKIE['uid']; $_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']); $login_check = db_query("SELECT `uid`,`passwort`,`status`,`hinweis` FROM ".$db_prefix."_kontodaten WHERE uid=".$_COOKIE['uid']." and passwort='".$_COOKIE['passwort']."' LIMIT 1"); if (mysql_num_rows($login_check)) { $login_check = mysql_fetch_array($login_check); if ($login_check['status'] == 1) { db_query("UPDATE ".$db_prefix."_kontodaten SET login_ip='".$ip."' , loginzeit='".time()."' WHERE uid=".$_COOKIE['uid']." and passwort='".$_COOKIE['passwort']."' LIMIT 1"); $_SESSION['uid'] = $login_check['uid']; $_SESSION['passwort'] = $login_check['passwort']; $_SESSION['login'] = "true"; } } } // Logout if ($_GET['logout'] == 'true') { setCookie('uid','',time()-86400*30); setCookie('passwort','',time()-86400*30); setCookie('autologin','',time()-86400*30); $_SESSION['uid'] = ""; $_SESSION['passwort'] = ""; $_SESSION['login'] = ""; header ("location: ".$domain); die(); } if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])){ db_query ("UPDATE ".$db_prefix."_kontodaten SET last_active = ".time()." WHERE uid = ".$_SESSION['uid']." AND passwort = '".$_SESSION['passwort']."' LIMIT 1"); } ?>