summaryrefslogtreecommitdiff
path: root/www/functions/func_login.php
diff options
context:
space:
mode:
authorHorus32014-03-16 17:58:05 +0100
committerHorus32014-03-16 17:58:05 +0100
commit99e60dae1bb5825a426852860e67b9d00e124161 (patch)
tree4a027844a98682965712795f353f9ed90d3b7488 /www/functions/func_login.php
parenta73cbd964b6d18937468537f04ca63c52c4c8210 (diff)
downloadfiles.iamfabulous.de-99e60dae1bb5825a426852860e67b9d00e124161.tar.gz
Redesigned login and register function.
Diffstat (limited to 'www/functions/func_login.php')
-rwxr-xr-xwww/functions/func_login.php71
1 files changed, 27 insertions, 44 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 46bb6d0..a09b198 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -1,65 +1,48 @@
<?php
function login($db){
- if($_SERVER['REQUEST_METHOD'] == 'POST') {
/*___Database Query: Login___*/
- $username = $_POST["username"];
- $password = $_POST["password"];
- $safe_username = SQLite3::escapeString("$username");
+ $username = $_POST["username"];
+ $password = $_POST["password"];
+ $safe_username = SQLite3::escapeString("$username");
- //$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $password . $pepper;
- $pepper = file_get_contents("../database/pepper.txt");
- $password = $password . $pepper;
-
- $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
- while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
- foreach($real_password_array as $secondelement){
- $real_password=$secondelement;
- }
+ $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
}
+ }
/*___Login___*/
- if (password_verify($password, $real_password)) {
+ if (!password_verify($password, $real_password)) {
+ return "failure";
+ }
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
- COMMIT;
- ")){
- $id = user($db, $username);
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+ COMMIT;
+ ")){
- $_SESSION["login"] = true;
- $_SESSION["username"] = $username;
- $_SESSION["userid"] = $id;
+ $id = user($db, $username);
- header("Refresh: 0; /");
- return true;
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $username;
+ $_SESSION["userid"] = $id;
- } else {
- header("Refresh: 0; login?reason=database&username=" . $username);
- return false;
- }
- } else {
- header("Refresh: 0; login?reason=failure&username=" . $username);
- return false;
- }
- } else {
- if($_SESSION["login"]){
- header("Refresh: 0; /");
- return false;
- }
+ return "success";
- include("login.php");
- return false;
- }
+ } else {
+ return "database";
+ }
}
function logout(){
- $username=$_SESSION["username"];
if(session_destroy()){
- header("Refresh: 0; login?reason=logout&username=" . $username);
- return true;
+ return "logout";
} else {
return false;
}