diff options
| author | root | 2014-02-17 18:41:58 +0100 |
|---|---|---|
| committer | root | 2014-02-17 18:41:58 +0100 |
| commit | 305e2b7c55ffd24a156f5788388e6d4ed2daea14 (patch) | |
| tree | 62e44e22b04f7270f8d20b9216a576f0844df6f7 /www/login.php | |
| parent | 859cd34c42c3df72dcd20ab09d508108b5be4865 (diff) | |
| download | files.iamfabulous.de-305e2b7c55ffd24a156f5788388e6d4ed2daea14.tar.gz | |
handles most of the database stuff
Diffstat (limited to 'www/login.php')
| -rw-r--r-- | www/login.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/www/login.php b/www/login.php new file mode 100644 index 0000000..c1d3207 --- /dev/null +++ b/www/login.php @@ -0,0 +1,60 @@ +<?php +/* Copyright Maximilian Möhring, 2013 +Licensed under the GPL. Read LICENSE for more Information.*/ + +/*Process the login*/ + +session_start(); + +if($_SERVER['REQUEST_METHOD'] == 'POST') { + +/*___Database Query: Login___*/ + $unsafe_username = $_POST["username"]; + $unsafe_passwort = $_POST["password"]; + $username = SQLite3::escapeString("$unsafe_username"); + $passwort = SQLite3::escapeString("$unsafe_passwort"); + + $db_check = new SQLite3("../database/sqlite.db"); + $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';"); + while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ + foreach($salt_array as $firstelement){ + $salt=$firstelement; + } + } + + $password = "$salt"."$passwort"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';"); + while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ + foreach($real_password_array as $secondelement){ + $real_password=$secondelement; + } + } + +/*___Login___*/ + if ($real_password == $hash_password) { + + $_SESSION["login"] = true; + $_SESSION["username"] = "$unsafe_username"; + + header("Refresh: 0; /"); + } else { + header("Refresh: 0; login?reason=failure"); + } +} else { + +/*Prints the GET version*/ + + if($_SESSION["login"]){ + header("Refresh: 0; /"); + } else { + echo "<form method='post' action='/login.php'> + <p>Name: <input type='text' name='username'></p> + <p>Password: <input type='password' name='password'> + <p><input type='submit' name='submit' value='login'></p> + </form>"; + } +} |