summaryrefslogtreecommitdiff
path: root/www/functions/func_login.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_login.php')
-rw-r--r--www/functions/func_login.php63
1 files changed, 63 insertions, 0 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
new file mode 100644
index 0000000..f528076
--- /dev/null
+++ b/www/functions/func_login.php
@@ -0,0 +1,63 @@
+<?
+function login($db){
+ if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ /*___Database Query: Login___*/
+ $username = $_POST["username"];
+ $password = $_POST["password"];
+ $safe_username = SQLite3::escapeString("$username");
+
+ //$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+
+ $pepper = file_get_contents("../database/pepper.txt");
+ $password = $password . $pepper;
+
+ $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+ /*___Login___*/
+ if (password_verify($password, $real_password)) {
+
+ if($db->exec("
+ BEGIN TRANSACTION;
+ INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+ COMMIT;
+ ")){
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $username;
+
+ header("Refresh: 0; /");
+ return true;
+
+ } else {
+ header("Refresh: 0; login?reason=database&username=" . $username);
+ return false;
+ }
+ } else {
+ header("Refresh: 0; login?reason=failure&username=" . $username);
+ return false;
+ }
+ } else {
+ if($_SESSION["login"]){
+ header("Refresh: 0; /");
+ return false;
+ }
+ include("login.php");
+ return false;
+ }
+}
+
+function logout(){
+ $username=$_SESSION["username"];
+ if(session_destroy()){
+ header("Refresh: 0; login?reason=logout&username=" . $username);
+ return true;
+ } else {
+ return false;
+ }
+}