summaryrefslogtreecommitdiff
path: root/www/functions/func_login.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_login.php')
-rwxr-xr-xwww/functions/func_login.php85
1 files changed, 33 insertions, 52 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 86caf40..2f734c5 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -1,65 +1,46 @@
<?php
-function login($db){
- if($_SERVER['REQUEST_METHOD'] == 'POST') {
-
- /*___Database Query: Login___*/
- $username = $_POST["username"];
- $password = $_POST["password"];
- $safe_username = SQLite3::escapeString("$username");
-
- //$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+function login($username, $password){
+ $db = new SQLite3("../database/sqlite.db");
+
+ $safe_username = SQLite3::escapeString("$username");
$pepper = file_get_contents("../database/pepper.txt");
$password = $password . $pepper;
- $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
- while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
- foreach($real_password_array as $secondelement){
- $real_password=$secondelement;
- }
- }
-
- /*___Login___*/
- if (password_verify($password, $real_password)) {
-
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
- COMMIT;
- ")){
+ $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+ /*___Login___*/
+ if (password_verify($password, $real_password)) {
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+ COMMIT;
+ ")){
$id = user($db, $username);
- $_SESSION["login"] = true;
- $_SESSION["username"] = $username;
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $username;
$_SESSION["userid"] = $id;
- header("Refresh: 0; /");
- return true;
-
- } else {
- header("Refresh: 0; login?reason=database&username=" . $username);
- return false;
- }
- } else {
- header("Refresh: 0; login?reason=failure&username=" . $username);
- return false;
- }
- } else {
- if(isset($_SESSION["login"])){
- header("Refresh: 0; /");
- return false;
- }
- include("login.php");
- return false;
- }
+ return "success";
+ } else {
+ return "database";
+ }
+ } else {
+ return "password";
+ }
}
function logout(){
- $username=$_SESSION["username"];
- if(session_destroy()){
- header("Refresh: 0; login?reason=logout&username=" . $username);
- return true;
- } else {
- return false;
- }
+ if(session_destroy()){
+ return true;
+ } else {
+ return false;
+ }
}