diff options
| -rw-r--r-- | www/functions.php | 26 | ||||
| -rw-r--r-- | www/invite.php | 72 | ||||
| -rw-r--r-- | www/login.php | 83 | ||||
| -rw-r--r-- | www/register.php | 86 |
4 files changed, 23 insertions, 244 deletions
diff --git a/www/functions.php b/www/functions.php index 56f11ad..188c3b1 100644 --- a/www/functions.php +++ b/www/functions.php @@ -58,7 +58,14 @@ function login(){ if($_SESSION["login"]){ header("Refresh: 0; /"); } else { - echo $logout; + foreach ($_GET as $argument => $value) { + if(preg_match("/success/",$argument)) + $logout="Successfull loged out!"; + } + + if($logout){ + echo $logout; + } echo "<form method='post' action='/login.php'> <p>Name: <input type='text' name='username'></p> @@ -67,6 +74,7 @@ function login(){ </form>"; } } + exit; } /* --LOGOUT-- */ @@ -148,6 +156,7 @@ function invite(){ echo "END"; } + exit; } /* --REGISTER-- */ @@ -232,11 +241,22 @@ function register(){ </form> "; } + exit; } /* --PAGE NOT FOUND - 404 -- */ -function 404(){ - echo "Sorry, page not found."; +function get_404(){ + echo "Sorry, page not found. <br>"; + select(); + exit; } +function select(){ + $i = 0; + foreach ($_GET as $name => $value) { //value leer? + $args[$i] = $name; + echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; + $i++; + } +} diff --git a/www/invite.php b/www/invite.php deleted file mode 100644 index 2756366..0000000 --- a/www/invite.php +++ /dev/null @@ -1,72 +0,0 @@ -<? - -session_start(); - -if($_SERVER['REQUEST_METHOD'] == 'POST') { - $name=$_SESSION["username"]; - $safe_name = SQLite3::escapeString("$name"); - - $email=$_POST["email"]; - $safe_email=SQLite3::escapeString("$email"); - - $db = new SQLite3("../database/sqlite.db"); - - $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';"); - $invite_ar = $invite_db->fetchArray(SQLITE3_NUM); - $invite = $invite_ar[0]; - - if($invite > 0){ - -/*Generates the invite key => [-_0-9a-zA-Z]{11}*/ - - $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" ); - - $length = count($key_array); - $key = ""; - - for ($i=0;$i<11;$i++){ - $index = mt_rand(0,$length-1); - $key = "$key".$key_array[$index]; - } - - $id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - -/*Generates the new user and decrease the invites*/ - - $invite = $invite - 1; - - echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'"; - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO user (id, name, email, senpai, key, status) VALUES (NULL, NULL, '$safe_email', '$id', '$key', 0); - UPDATE user SET invites='$invite' WHERE id='$id'; - COMMIT;") - ){ - header("Refresh: 0; /invite?reason=success"); - } else { - header("Refresh: 0; /invite?reason=database"); - } - - } else { - header("Refresh: 0; /invite?reason=invites"); - } -} else { - -/*Prints the formular if requested with GET*/ - - foreach ($_GET as $name => $value) { - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - } - - echo "Hallo $name - <form method='post' action='/invite.php'> - <p> E-Mail: <input type='text' name='email'></p> - <input type='hidden' name='username' value='$_SESSION[username]'> - <input type='submit' name='submit' value='invite'> - </form>"; - - echo "END"; -} diff --git a/www/login.php b/www/login.php deleted file mode 100644 index 0c6aeb2..0000000 --- a/www/login.php +++ /dev/null @@ -1,83 +0,0 @@ -<?php -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ - -/*Process the login*/ - -session_start(); - -if($_SERVER['REQUEST_METHOD'] == 'POST') { - -/*___Database Query: Login___*/ - $unsafe_username = $_POST["username"]; - $unsafe_passwort = $_POST["password"]; - $username = SQLite3::escapeString("$unsafe_username"); - $passwort = SQLite3::escapeString("$unsafe_passwort"); - - $db = new SQLite3("../database/sqlite.db"); - $salt_db = $db->query("SELECT salt FROM user WHERE name='$username';"); - while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ - foreach($salt_array as $firstelement){ - $salt=$firstelement; - } - } - - $password = "$salt"."$passwort"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - $real_password_db = $db->query("SELECT password FROM user WHERE name='$username';"); - while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ - foreach($real_password_array as $secondelement){ - $real_password=$secondelement; - } - } - -/*___Login___*/ - if ($real_password == $hash_password) { - - if($db->exec(" - BEGIN TRANSACTION; - INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='$username'), (SELECT datetime()) ); - COMMIT; - ")){ - - $_SESSION["login"] = true; - $_SESSION["username"] = "$unsafe_username"; - - header("Refresh: 0; /"); - - } else { - header("Refresh: 0; login?reason=database"); - } - } else { - header("Refresh: 0; login?reason=failure"); - } -} else { - -/*Prints the GET version*/ - - foreach ($_GET as $argument => $value) { - if(preg_match("/logout/",$argument)){ - session_destroy(); - header("Refresh: 0; /login?success"); - exit; - } else { - if(preg_match("/success/",$argument)) - $logout="Successfull loged out!"; - } - } - - if($_SESSION["login"]){ - header("Refresh: 0; /"); - } else { - echo $logout; - - echo "<form method='post' action='/login.php'> - <p>Name: <input type='text' name='username'></p> - <p>Password: <input type='password' name='password'> - <p><input type='submit' name='submit' value='login'></p> - </form>"; - } -} diff --git a/www/register.php b/www/register.php deleted file mode 100644 index c9de638..0000000 --- a/www/register.php +++ /dev/null @@ -1,86 +0,0 @@ -<?php - -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ - -/*This file handels the registration in the database*/ - -if($_SERVER['REQUEST_METHOD'] == 'POST') { - - session_start(); - - $name = $_POST["name"]; - $cleartext_password = $_POST["pswd"]; - $second_password = $_POST["2ndpswd"]; - $email = $_POST["email"]; - - if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){ - header("Refresh: 0; register?reason=password"); - exit; - } - - if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){ - header("Refresh: 0; register?reason=encoding"); - exit; - } - - $db = new SQLite3("../database/sqlite.db"); - - $safe_name = SQLite3::escapeString("$name"); - $safe_email = SQLite3::escapeString("$email"); - -/*Checks the validation of the registration attempt*/ - - $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';"); - $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM); - $test_status_int = $test_status_arr[0]; - - $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';"); - $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM); - $test_key = $test_key_arr[0]; - - if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){ - header("Refresh: 0; /register?reason=prohibited"); - exit; - } else { - - $id_db = $db->query("SELECT id FROM user WHERE email='$safe_email';"); - $id_ar = $id_db->fetchArray(SQLITE3_NUM); - $id = $id_ar[0]; - -/*Generates the encrypted password and the database transactions*/ - - $salt = uniqid(mt_rand(), true); - $password = "$salt"."$cleartext_password"; - $hash_password = md5($password); - for($i=0;$i<15000;$i++) - $hash_password = md5($hash_password); - - if($db->exec(" - BEGIN TRANSACTION; - UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', invites=5, status=1, register=(SELECT datetime()) WHERE id=$id; - INSERT INTO files (id, parent, owner, name, folder, mime, size, share, extra) VALUES (NULL, 0, $id, '/', 'DIRECTORY', NULL, NULL, 'PUBLIC', NULL); - COMMIT;") - ){ - $_SESSION["login"] = true; - $_SESSION["username"] = $name; - header("Refresh: 0; /register?reason=registration"); - } else { - header("Refresh: 0; /register?reason=database"); - } - } -} else { - foreach ($_GET as $name => $value) { - echo 'Name: ' . $name . ' Value: ' . $value . '<br />'; - } - -echo "<form method='post' action='register.php'> -<p>Name: <input type='text' name='name'></p> -<p>pswd: <input type='password' name='pswd'></p> -<p>2ndpsdw: <input type='password' name='2ndpswd'></p> -<p>key: <input type='text' name='key'></p> -<p>email: <input type='text' name='email'></p> -<p><input type='submit'></p> -</form> -"; -} |