init

4 files changed, 170 insertions, 0 deletions

diff --git a/www/check.php b/www/check.php
new file mode 100644
index 0000000..42b8733
--- /dev/null
+++ b/www/check.php
@@ -0,0 +1,45 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Process the login*/
+
+session_start();
+
+/*___Database Query: Login___*/
+	$unsafe_username = $_POST["username"];
+	$unsafe_passwort = $_POST["password"];
+	$username = SQLite3::escapeString("$unsafe_username");
+	$passwort = SQLite3::escapeString("$unsafe_passwort");
+
+        $db_check = new SQLite3("../database/database.db");
+        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+                foreach($salt_array as $firstelement){
+                        $salt=$firstelement;
+                }
+        }
+
+        $password = "$salt"."$passwort";
+        $hash_password = md5($password);
+        for($i=0;$i<15000;$i++)
+                $hash_password = md5($hash_password);
+
+        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                 foreach($real_password_array as $secondelement){
+                        $real_password=$secondelement;
+                }
+        }
+
+/*___Login___*/
+if ($real_password == $hash_password) {
+
+	$_SESSION["login"] = true;
+	$_SESSION["username"] = "$unsafe_username";
+
+	header("Refresh: 0; index.php");
+} else {
+	header("Refresh: 0; login.php?failure");
+}
+?>
diff --git a/www/files.php b/www/files.php
new file mode 100644
index 0000000..76c6b72
--- /dev/null
+++ b/www/files.php
@@ -0,0 +1,20 @@
+<?
+
+#print_r($_GET);
+#$ar =array($_GET);
+#echo "<br> ";
+#echo $ar[0];
+#echo "<br> ";
+
+if(!isset($_GET)){
+	header("Refresh: 0; /login");
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+    echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+}
+
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/index.php b/www/index.php
new file mode 100644
index 0000000..476227c
--- /dev/null
+++ b/www/index.php
@@ -0,0 +1,27 @@
+<?
+
+#print_r($_GET);
+#$ar =array($_GET);
+#echo "<br> ";
+#echo $ar[0];
+#echo "<br> ";
+
+if(empty($_GET)){
+	echo "Nicht gesetzt: $_GET[0] <br>";
+	header("Refresh: 0; /login");
+} else {
+	echo "Gesetzt: $_GET[0] <br>";
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+	if(!isset($name)){
+        header("Refresh: 0; /login");
+}
+    echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+}
+
+echo "Var $_GET[0] : $_GET[1]";
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/inreg.php b/www/inreg.php
new file mode 100644
index 0000000..2e2800d
--- /dev/null
+++ b/www/inreg.php
@@ -0,0 +1,78 @@
+<?php
+
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*This file handels the registration in the database*/
+
+session_start();
+
+$name = $_POST["name"];
+$cleartext_password = $_POST["pswd"];
+$second_password = $_POST["2ndpswd"];
+$email = $_POST["email"];
+
+if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){
+	header("Refresh: 0; register.php?reason=password");
+	exit;
+}
+
+$db = new SQLite3("../database/database.db");
+
+	$safe_name =  SQLite3::escapeString("$name");
+	$safe_email =  SQLite3::escapeString("$email");
+
+/*Checks the validation of the registration attempt*/
+
+	$test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';");
+	$test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM);
+	$test_email_int = test_$email_arr[0];
+
+	$test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';");
+	$test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+	$test_key = $test_key_arr[0];
+
+if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){
+	header("Refresh: 0; register.php?reason=prohibited");
+	exit;
+} else {
+
+	if ($_POST["pswd"] == ""){
+		header("Refresh: 0; register.php?reason=empty");
+		exit;
+	} else {
+
+/*Checks if mail is already in use*/
+
+	        $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
+		$email_arr = $email_db->fetchArray(SQLITE3_NUM);
+		$email_int = $email_arr[0];
+		$name_db  = $db->query("SELECT id FROM user where name='$safe_name';");
+		$name_arr = $name_db->fetchArray(SQLITE3_NUM);
+		$name_int = $name_arr[0];
+
+		if (($email_int > 0 && !$email == "")|| $name_int > 0){
+			header("Refresh: 0; register.php?reason=duplicate");
+			exit;
+		} else {
+
+/*Generates the encrypted password and the database transaction*/
+
+			$salt = uniqid(mt_rand(), true);
+			$password = "$salt"."$cleartext_password";
+			$hash_password = md5($password);
+			for($i=0;$i<15000;$i++)
+				$hash_password = md5($hash_password);
+
+		        $result = $db->exec("
+					BEGINN TRANSACTION;
+					INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
+					COMMIT;
+				       ");
+
+			$_SESSION["username"] = $name;
+			header("Refresh: 0; account.php?reg=1");
+		}
+	}
+}
+?>