diff options
| -rwxr-xr-x | www/functions/func_login.php | 85 | ||||
| -rwxr-xr-x | www/index.php | 2 | ||||
| -rwxr-xr-x | www/login.php | 20 |
3 files changed, 51 insertions, 56 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php index 86caf40..2f734c5 100755 --- a/www/functions/func_login.php +++ b/www/functions/func_login.php @@ -1,65 +1,46 @@ <?php -function login($db){ - if($_SERVER['REQUEST_METHOD'] == 'POST') { - - /*___Database Query: Login___*/ - $username = $_POST["username"]; - $password = $_POST["password"]; - $safe_username = SQLite3::escapeString("$username"); - - //$hash = password_hash($_GET["password"], PASSWORD_DEFAULT); +function login($username, $password){ + $db = new SQLite3("../database/sqlite.db"); + + $safe_username = SQLite3::escapeString("$username"); $pepper = file_get_contents("../database/pepper.txt"); $password = $password . $pepper; - $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';"); - while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ - foreach($real_password_array as $secondelement){ - $real_password=$secondelement; - } - } - - /*___Login___*/ - if (password_verify($password, $real_password)) { - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) ); - COMMIT; - ")){ + $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';"); + while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ + foreach($real_password_array as $secondelement){ + $real_password=$secondelement; + } + } + + /*___Login___*/ + if (password_verify($password, $real_password)) { + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) ); + COMMIT; + ")){ $id = user($db, $username); - $_SESSION["login"] = true; - $_SESSION["username"] = $username; + $_SESSION["login"] = true; + $_SESSION["username"] = $username; $_SESSION["userid"] = $id; - header("Refresh: 0; /"); - return true; - - } else { - header("Refresh: 0; login?reason=database&username=" . $username); - return false; - } - } else { - header("Refresh: 0; login?reason=failure&username=" . $username); - return false; - } - } else { - if(isset($_SESSION["login"])){ - header("Refresh: 0; /"); - return false; - } - include("login.php"); - return false; - } + return "success"; + } else { + return "database"; + } + } else { + return "password"; + } } function logout(){ - $username=$_SESSION["username"]; - if(session_destroy()){ - header("Refresh: 0; login?reason=logout&username=" . $username); - return true; - } else { - return false; - } + if(session_destroy()){ + return true; + } else { + return false; + } } diff --git a/www/index.php b/www/index.php index 25a63e4..ae3a98c 100755 --- a/www/index.php +++ b/www/index.php @@ -22,7 +22,7 @@ if(empty($_GET)){ if(empty($_GET["name"])){ switch($_GET["task"]){ case("login"): - login($db); + header("Refresh: 0; /login.php"); break; case("logout"): logout(); diff --git a/www/login.php b/www/login.php index 3207703..0e281e5 100755 --- a/www/login.php +++ b/www/login.php @@ -18,10 +18,11 @@ */ ?> -<?php include("static/header.html");?> +<?php include("static/header.html"); +require_once("include.php");?> <link rel="stylesheet" type="text/css" href="/static/login.css"> - + <?php if(!isset($_POST['login'])){?> <div class="login-area"> <h1 class="login-area"> Log in </h1> <div class="login-area" id="login-info-bar"> @@ -36,7 +37,7 @@ '; }?> </div> - <form id="login-form" method='post' action='/login'> + <form id="login-form" method='post' action='login.php'> <?php if(isset($_GET['reason']) && $_GET['reason'] == 'failure' && isset($_GET['username'])){ echo '<input type="text" placeholder="username" name="username" id="username-input" class="login-input" value="'.$_GET['username'].'"required> '; @@ -50,5 +51,18 @@ <a href="recover-password.php" id="recover-password-link">recover password</a> </form> </div> + + <?php + }else{ + $username = $_POST['username']; + $password = $_POST['password']; + if(($result=login($username, $password)=="success")){ + header("Refresh: 0; /"); + }else{ + echo $result; + exit; + header("Refresh: 0; /login.php?reason=".$result."&username=".$username); + } + }?> <?php include("static/footer.html");?> |