diff options
| author | root | 2014-02-17 18:41:58 +0100 |
|---|---|---|
| committer | root | 2014-02-17 18:41:58 +0100 |
| commit | 305e2b7c55ffd24a156f5788388e6d4ed2daea14 (patch) | |
| tree | 62e44e22b04f7270f8d20b9216a576f0844df6f7 /www/check.php | |
| parent | 859cd34c42c3df72dcd20ab09d508108b5be4865 (diff) | |
| download | files.iamfabulous.de-305e2b7c55ffd24a156f5788388e6d4ed2daea14.tar.gz | |
handles most of the database stuff
Diffstat (limited to 'www/check.php')
| -rw-r--r-- | www/check.php | 61 |
1 files changed, 18 insertions, 43 deletions
diff --git a/www/check.php b/www/check.php index 42b8733..2ff5f52 100644 --- a/www/check.php +++ b/www/check.php @@ -1,45 +1,20 @@ -<?php -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ - -/*Process the login*/ - -session_start(); - -/*___Database Query: Login___*/ - $unsafe_username = $_POST["username"]; - $unsafe_passwort = $_POST["password"]; - $username = SQLite3::escapeString("$unsafe_username"); - $passwort = SQLite3::escapeString("$unsafe_passwort"); - - $db_check = new SQLite3("../database/database.db"); - $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';"); - while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ - foreach($salt_array as $firstelement){ - $salt=$firstelement; - } - } - - $password = "$salt"."$passwort"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';"); - while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ - foreach($real_password_array as $secondelement){ - $real_password=$secondelement; - } - } - -/*___Login___*/ -if ($real_password == $hash_password) { - - $_SESSION["login"] = true; - $_SESSION["username"] = "$unsafe_username"; - - header("Refresh: 0; index.php"); +<? +$cleartext_password="password"; +$salt = uniqid(mt_rand(), true); +$password = "$salt"."$cleartext_password"; +$hash_password = md5($password); +for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + +$db = new SQLite3("../database/sqlite.db"); + +if($db->exec("CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, senpai INTEGER, key TEXT, status INTEGER, invites INTEGER, salt TEXT, password TEXT, email TEXT UNIQUE);") && $db->exec("BEGIN TRANSACTION; INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', 'admin@iamfabulous.de'); COMMIT;")) { + echo "Success!"; } else { - header("Refresh: 0; login.php?failure"); + echo "Failure! :( <br>"; + echo "Salt: $salt, password: $hash_password"; } -?> + +// INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111'); + +// COMMIT;") |