Structure in functions. Stronger hash algorith for password safety, also pepper.

author: Horus3 2014-03-12 02:50:30 +0100
committer: Horus3 2014-03-12 02:50:30 +0100
commit: 8970954933ecf4b5c842027faa7c52f85cc25fe2 (patch)
tree: e502119b624197871550d72d55c2e9a9f2a4f05b /www/functions/func_login.php
parent: 0148c370ea13ee0469bd67260cf8c9fe9c97677d (diff)
download: files.iamfabulous.de-8970954933ecf4b5c842027faa7c52f85cc25fe2.tar.gz
1 files changed, 63 insertions, 0 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
new file mode 100644
index 0000000..f528076
--- /dev/null
+++ b/www/functions/func_login.php
@@ -0,0 +1,63 @@
+<?
+function login($db){
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+        /*___Database Query: Login___*/
+                $username = $_POST["username"];
+                $password = $_POST["password"];
+                $safe_username = SQLite3::escapeString("$username");
+
+		//$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+
+		$pepper = file_get_contents("../database/pepper.txt");
+		$password = $password . $pepper;
+
+                $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+                while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                         foreach($real_password_array as $secondelement){
+                                $real_password=$secondelement;
+                        }   
+                }   
+
+        /*___Login___*/
+                if (password_verify($password, $real_password)) {
+
+                        if($db->exec("
+                                BEGIN TRANSACTION;
+                                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+                                COMMIT;
+                        ")){
+
+                                $_SESSION["login"] = true;
+                                $_SESSION["username"] = $username;
+
+				header("Refresh: 0; /");
+				return true; 
+
+                        } else {
+                                header("Refresh: 0; login?reason=database&username=" . $username);
+				return false;
+                        }   
+                } else {
+                        header("Refresh: 0; login?reason=failure&username=" . $username);
+			return false;
+                }   
+        } else {
+                if($_SESSION["login"]){
+                        header("Refresh: 0; /");
+			return false;
+                } 
+		include("login.php");
+		return false;
+	}
+}
+
+function logout(){
+        $username=$_SESSION["username"];
+        if(session_destroy()){
+                header("Refresh: 0; login?reason=logout&username=" . $username);
+                return true;
+        } else {
+                return false;
+        }   
+}
author	Horus3	2014-03-12 02:50:30 +0100
committer	Horus3	2014-03-12 02:50:30 +0100
commit	8970954933ecf4b5c842027faa7c52f85cc25fe2 (patch)
tree	e502119b624197871550d72d55c2e9a9f2a4f05b /www/functions/func_login.php
parent	0148c370ea13ee0469bd67260cf8c9fe9c97677d (diff)
download	files.iamfabulous.de-8970954933ecf4b5c842027faa7c52f85cc25fe2.tar.gz