So, ich hab jetzt alles soweit mal angepasst und hab auch gleich noch einige Fragen:

Also hier die login.class.php .............................. ..............................

<?php
require_once('mysql.class.php');

class Login extends mysql($config){

	protected $UserId         = 0;
	protected $Username       = "";
	protected $Password       = "";
        protected $Aktiv          = FALSE;
	protected $Salt           = "";
	protected $config         = array();

	public function __construct($config) {
		$this->Config = $config;
		
		ini_set('session.use_only_cookies', '1');
		ini_set('session.use_trans_sid', '0');

    if ($this->Config['Notices']) {
      error_reporting(E_ALL|E_STRICT);
      ini_set('display_errors', '1');
    } else {
      error_reporting(0);
      ini_set('display_errors', '0');
    }
	}

	function loginSaveFails() {
		$this->DBCheckCon();  		
		
		$query = "INSERT INTO `".$this->Config['TablePrefix']."failed_logins` (`ip`) VALUES (?)";
	
		if(!$stmt = $this->DBConnection->prepare($query)) {
			$this->DBError = "query Error in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}
		
		$remoteAddr = $_SERVER["REMOTE_ADDR"];
		
		$stmt->bind_param('s', $remoteAddr);
		
		$stmt->execute();
		
		if ($stmt->affected_rows != 1) {
			$this->DBError = 'query Error (' . $stmt->errno . ') '.$stmt->error." in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}
		
		$stmt->close();
		
		return TRUE;
	}
	
	function loginCheckFails() {
		$this->DBCheckCon();
		
		$query = "SELECT `ip`, `time` FROM `".$this->Config['TablePrefix']."failed_logins` WHERE `ip` = ? AND `time` > ?";
		
		$stmt = $this->DBConnection->stmt_init();
		if(!$stmt->prepare($query)) {
			$this->DBError = "query Error in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}
		
		$remoteAddr = $_SERVER["REMOTE_ADDR"];
		$timeDif = (time() - $this->Config['LoginTimeout']);
		
		$stmt->bind_param('si', $remoteAddr, $timeDif);
		
		$stmt->execute();
		
		$stmt->store_result();

		if($stmt->errno != 0) {
			$this->DBError = 'query Error (' . $stmt->errno . ') '.$stmt->error." in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}
		
		$numRows = $stmt->num_rows;

		$stmt->close();
		
		return $numRows;
	}

	function loginTrialsAvailable() {
		if($this->loginCheckFails() < $this->Config['LoginRetrys']) {
			return TRUE;
		} else {
			return FALSE;
		}
	}

	function loginUserAuth($user, $pass, $fromCookie = FALSE) {
		$this->DbCheckCon();

		$query = 'SELECT
                `ID`,
                `UserId`,
                `alias`,
                `password`,
                `aktiv`,
                `salt`,
                `cookie_hash`
              FROM
                `'.$this->Config['TablePrefix'].'user`
              WHERE
                LOWER(`alias`) = LOWER(?)';

		$stmt = $this->DBConnection->stmt_init();
		if(!$stmt->prepare($query)) {
			$this->DBError = 'query Error (' . $stmt->errno . ') '.$stmt->error." in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}

		$stmt->bind_param('s', $user);

		$stmt->execute();

		$stmt->store_result();

		$numRows = $stmt->num_rows;
	
		if($numRows == 1) {				
			$stmt->bind_result($dbId, $dbUserId, $dbAlias, $dbPass, $dbAktiv, $dbSalt, $dbCookieHash);
			
			$stmt->fetch();

			if($fromCookie) {
				if($dbCookieHash != $pass) {
					return FALSE;
				}
			} else {
				if($dbPass != md5($pass.$dbSalt.$this->Config['LoginStaticSalt'])) {
          $this->loginSaveFails();
					return FALSE;
				}
			}

			$this->UserId   = $dbUserId;
			$this->Username = $dbAlias;
			$this->Password = $dbPass;
      $this->Aktiv    = $dbAktiv;
			$this->Salt     = $dbSalt;

			$stmt->close();

			return TRUE;
		}

		return FALSE;
	}


	function loginUser($user, $pass, $stayLoggedIn = FALSE) {
    if(!loginTrialsAvailable()) {
      return FALSE;
    }
    if(!$this->Aktiv) {
      return FALSE;
    }
		$userAuth = $this->loginUserAuth($user, $pass);

		if($userAuth) {
			if($stayLoggedIn) {
				$this->cookieSetup($this->Username, $this->generateHash(32));
			}

			$this->sessionSetup($user);

			usleep(rand(500000,1500000));

			return TRUE;
		}
		sleep(rand(2,4));
		return FALSE;
	}

	function loginCheck() {
		if(isset($_COOKIE[$this->Config['CookieName'].'user_login'])) {
			$string = $_COOKIE[$this->Config['CookieName'].'user_login'];

			$explode = explode($this->Config['CookieSeperator'], $string);

			if(is_array($explode)) {
				$user = $explode[0];
				$hash = $explode[1];
			} else {
				echo "Fehler beim Auslesen des Cookies!";
				return FALSE;
			}

			if($this->loginUserAuth($user, $hash, TRUE)) {
				return TRUE;
			}
		}
		
		if(isset($_SESSION['UserData'])) {
			if(isset($_SESSION['UserData']['Name']) AND $_SESSION['UserData']['Name'] === $this->Username AND isset($_SESSION['UserData']['Login']) AND $_SESSION['UserData']['Login']) {
				return TRUE;
			}
		}
		
		return FALSE;
	}	

	function logout() {
		if(isset($_COOKIE[$this->Config['CookieName'].'user_login'])) {
			$this->cookiesDestroy();
		}

		$this->sessionDestroy();
		
		header('Location: index.php');
	}
	
	function cookieSetup($user, $hash) {
		$cookieString = $user.$this->Config['CookieSeperator'].$hash;
		setcookie($this->Config['CookieName'].'user_login', $cookieString, time() + $this->Config['CookieTimeout'], $this->Config['CookiePath']);

		$query = 'UPDATE `'.$this->Config['TablePrefix'].'user` SET `cookie_hash` = ? WHERE LOWER(`alias`) = LOWER(?)';

		$stmt = $this->DBConnection->stmt_init();
		if(!$stmt->prepare($query)) {

			$this->DBError = "query Error in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			$this->DBDebug();
		}

		$stmt->bind_param('ss', $hash, $user);

		$stmt->execute();

		$stmt->close();
		
		return TRUE;
	}

	function sessionSetup($User) {
		$_SESSION['UserData']['Name']   = $user;
    $_SESSION['UserData']['UserId'] = $this->UserId;
		$_SESSION['UserData']['Login']  = TRUE;
		return TRUE;
	}

	function cookiesDestroy() {
		setcookie($this->Config['CookieName'].'user_login', '', 0, $this->Config['CookiePath']);
		return TRUE;
	}

	function sessionDestroy() {
		$_SESSION = array();
		return TRUE;
	}

  function generateHash($hashSize) {
		$hash = "";
		srand((double)microtime()*1000000);
		for($i=0; $i < $hashSize; $i++) {
			$Number = rand(48,120);
			while (($number >= 58 && $number <= 64) || ($number >= 91 && $number <= 96)) {
				$number = rand(48,120);
			}
			$hash .= chr($number);
		}
		return $hash;
	}
}
?>

---

---

---

---

Die mysql.class.php ...................

<?php
class mysql {
  protected $config         = array();
	protected $dbConnection   = NULL;
	protected $DBSelected     = NULL;
	protected $dbError        = "";

  protected function __construct($config) {
		$this->config = $config;

    if ($this->config['Notices']) {
      error_reporting(E_ALL|E_STRICT);
      ini_set('display_errors', '1');
    } else {
      error_reporting(0);
      ini_set('display_errors', '0');
    }
		
		if($this->dbConnection === NULL) {
			$this->dbConnect();
		} else {
			$this->dbBCheckCon();
		}
	}

  protected function dbConnect() {
		if($this->dbConnection !== NULL) {
			$this->dbBCheckCon();
			return TRUE;
		}

		$this->dbConnection = new mysqli($this->config['DBHost'], $this->config['DBUser'], $this->config['DBPass'], $this->config['DBName']);
		
		if (mysqli_connect_error()) {
			$this->dbError = 'Connect Error (' . mysqli_connect_errno() . ') '.mysqli_connect_error()." in <b>". __CLASS__ ."::". __FUNCTION__ ."</b>";
			
			$this->dbConnection = NULL;

			$this->dbDebug();
			return FALSE;
		}
		return TRUE;
	}
	
	protected function dbBCheckCon() {
		if(!$this->dbConnection->ping()) {
			$this->dbConnection = NULL;
			
			$this->dbConnect();
		}
	}

	protected function dbDebug() {
		if($this->config['Debug']) {
			echo $this->dbError;
		}
		return TRUE;
	}
}
?>

---

---

---

---

und zu guter Letzt die login.php

<?php
$config = array();
$config['TablePrefix']          = '';

$config['Debug']                = 1;
$config['Notices']              = 1;

$Config['DBHost']               = 'localhost';
$Config['DBUser']               = '';
$Config['DBPass']               = '';
$Config['DBName']               = '';

$config['CookieName']           = 'login_';
$config['CookieTimeout']        = 60*60*24*10;
$config['CookieSeperator']      = '|.|?|.|';
$config['CookiePath']           = '/';

$config['LoginRetrys']          = 8;
$config['LoginTimeout']         = 3600;

require_once "login.class.php";

ob_start();

$Login = new login($config);

session_start();

if (!isset( $_SESSION['server_SID'] )) {
	session_unset();
	$_SESSION = array();
	session_destroy();
	session_start();
	session_regenerate_id();
	$_SESSION['server_SID'] = TRUE;
}
if(isset($_GET['logout']) && $_GET['logout'] == "true") {
	$Login->Logout();
}

if(isset($_POST['Submit'])) {
  if(get_magic_quotes_gpc()) {
		$user = stripslashes($_POST['UName']);
		$pass = stripslashes($_POST['UPass']);
	}
	$user = trim(strtolower(($user));
  $pass = trim($pass);

	if($Login->LoginUser($user, $pass, TRUE)) {
		echo "Erfolgreich eingeloggt!";
	} else {
		echo "Einloggen fehlgeschlagen!";
	}
}

if($Login->LoginCheck()) {
	echo "Du bist eingeloggt";
} else {
	echo "Du bist NICHT eingeloggt";
  echo $Form;
}

ob_end_flush();
?>

So zu den Fragen:

-Ich hab da noch immer Probleme mit "protected", "public" usw. Passt das jetzt so wie ich es gemacht habe?

-Zu

ini_set('session.use_only_cookies', '1');
		ini_set('session.use_trans_sid', '0');

würd ich mich auch noch über einen Lösungsvorschlag freuen.

-Wegen dem Entfernen der Stripslashes: ich hab jetzt das ganze in der "login.php" gemacht nur frag ich mich ob es nicht doch besser wäre das mit einer Funktion in der "login.class.php" zu machen...

-die superglobalen Variablen: Ich greif doch eh mit $config darauf zu ?

-das mit dem Update beim Login werd ich noch machen

-Ich speicher jetzt noch zusätzlich fehlgeschlagene Anmeldungen in der DB, hab das aber noch nicht getestet, sollte aber hin hauen.

MfG Naps