summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
Diffstat (limited to 'www')
-rw-r--r--www/check.php61
-rw-r--r--www/index.php37
-rw-r--r--www/invite.php67
-rw-r--r--www/login.php60
-rw-r--r--www/register.php79
5 files changed, 255 insertions, 49 deletions
diff --git a/www/check.php b/www/check.php
index 42b8733..2ff5f52 100644
--- a/www/check.php
+++ b/www/check.php
@@ -1,45 +1,20 @@
-<?php
-/* Copyright Maximilian Möhring, 2013
-Licensed under the GPL. Read LICENSE for more Information.*/
-
-/*Process the login*/
-
-session_start();
-
-/*___Database Query: Login___*/
- $unsafe_username = $_POST["username"];
- $unsafe_passwort = $_POST["password"];
- $username = SQLite3::escapeString("$unsafe_username");
- $passwort = SQLite3::escapeString("$unsafe_passwort");
-
- $db_check = new SQLite3("../database/database.db");
- $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';");
- while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
- foreach($salt_array as $firstelement){
- $salt=$firstelement;
- }
- }
-
- $password = "$salt"."$passwort";
- $hash_password = md5($password);
- for($i=0;$i<15000;$i++)
- $hash_password = md5($hash_password);
-
- $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
- while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
- foreach($real_password_array as $secondelement){
- $real_password=$secondelement;
- }
- }
-
-/*___Login___*/
-if ($real_password == $hash_password) {
-
- $_SESSION["login"] = true;
- $_SESSION["username"] = "$unsafe_username";
-
- header("Refresh: 0; index.php");
+<?
+$cleartext_password="password";
+$salt = uniqid(mt_rand(), true);
+$password = "$salt"."$cleartext_password";
+$hash_password = md5($password);
+for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+$db = new SQLite3("../database/sqlite.db");
+
+if($db->exec("CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, senpai INTEGER, key TEXT, status INTEGER, invites INTEGER, salt TEXT, password TEXT, email TEXT UNIQUE);") && $db->exec("BEGIN TRANSACTION; INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', 'admin@iamfabulous.de'); COMMIT;")) {
+ echo "Success!";
} else {
- header("Refresh: 0; login.php?failure");
+ echo "Failure! :( <br>";
+ echo "Salt: $salt, password: $hash_password";
}
-?>
+
+// INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111');
+
+// COMMIT;")
diff --git a/www/index.php b/www/index.php
index 91f7e4d..99c1c85 100644
--- a/www/index.php
+++ b/www/index.php
@@ -2,13 +2,31 @@
session_start();
+echo $_GET[name];
+echo $_GET[folder];
+
+echo "<br><br>Currently loged in as: ";
+echo $_SESSION["username"];
+
+$safe_name=SQLite3::escapeString("$_SESSION[username]");
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+echo "<br><br>";
+echo "You have currently $invite invites.";
+echo "<br><br>";
+
if(empty($_GET)){
-/* if($_SESSION["login"]){
- header("Refresh: 0; $_SESSION['username']");
+ if($_SESSION[login]){
+ header("Refresh: 0; $_SESSION[username]");
} else {
-*/
+
header("Refresh: 0; /login");
-// }
+ }
} else {
#print_r($_GET);
@@ -34,5 +52,12 @@ if(empty($_GET)){
#header("Refresh: 0; /login");
}
-
-
+?>
+<form method="post" action="testreg.php">
+<p>Name: <input type="text" name="name"></p>
+<p>pswd: <input type="text" name="pswd"></p>
+<p>2ndpsdw: <input type="text" name="2ndpswd"></p>
+<p>key: <input type="text" name="key"></p>
+<p>email: <input type="text" name="email"></p>
+<p><input type="submit"></p>
+</form>
diff --git a/www/invite.php b/www/invite.php
new file mode 100644
index 0000000..4a055e3
--- /dev/null
+++ b/www/invite.php
@@ -0,0 +1,67 @@
+<?
+
+session_start();
+
+if($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $name=$_SESSION["username"];
+ $safe_name = SQLite3::escapeString("$name");
+
+ $email=$_POST["email"];
+ $safe_email=SQLite3::escapeString("$email");
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+ if($invite > 0){
+
+/*Generates the invite key*/
+
+ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($key_array);
+ $key = "";
+
+ for ($i=0;$i<11;$i++){
+ $index = mt_rand(0,$length-1);
+ $key = "$key".$key_array[$index];
+ }
+
+ $id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';");
+ $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+ $id = $id_ar[0];
+
+/*Generates the new user and decrease the invites*/
+
+ $invite = $invite - 1;
+
+ echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'";
+
+// $db->exec("INSERT INT0 user (id, name, senpai, key, status, email) VALUES (NULL, '$id', '$key', 0, '$safe_email');");
+// $db->exec("UPDATE user SET invites='$invite' WHERE id='$id';");
+ if($db->exec("INSERT INTO user (id, name, senpai, key, status, email) VALUES (NULL, NULL, '$id', '$key', 0, '$safe_email');") && $db->exec("UPDATE user SET invites='$invite' WHERE id='$id';"))
+ {
+ header("Refresh: 0; /invite?reason=success");
+ } else {
+ header("Refresh: 0; /invite?reason=database");
+ }
+
+ } else {
+ header("Refresh: 0; /invite?reason=invites");
+ }
+} else {
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+ }
+
+ echo "Hallo $name
+ <form method='post' action='/invite.php'>
+ <p> E-Mail: <input type='text' name='email'></p>
+ <input type='hidden' name='username' value='$_SESSION[username]'>
+ <input type='submit' name='submit' value='invite'>
+ </form>";
+
+ echo "ENDE";
+}
diff --git a/www/login.php b/www/login.php
new file mode 100644
index 0000000..c1d3207
--- /dev/null
+++ b/www/login.php
@@ -0,0 +1,60 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Process the login*/
+
+session_start();
+
+if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+/*___Database Query: Login___*/
+ $unsafe_username = $_POST["username"];
+ $unsafe_passwort = $_POST["password"];
+ $username = SQLite3::escapeString("$unsafe_username");
+ $passwort = SQLite3::escapeString("$unsafe_passwort");
+
+ $db_check = new SQLite3("../database/sqlite.db");
+ $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+ while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+ foreach($salt_array as $firstelement){
+ $salt=$firstelement;
+ }
+ }
+
+ $password = "$salt"."$passwort";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+/*___Login___*/
+ if ($real_password == $hash_password) {
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = "$unsafe_username";
+
+ header("Refresh: 0; /");
+ } else {
+ header("Refresh: 0; login?reason=failure");
+ }
+} else {
+
+/*Prints the GET version*/
+
+ if($_SESSION["login"]){
+ header("Refresh: 0; /");
+ } else {
+ echo "<form method='post' action='/login.php'>
+ <p>Name: <input type='text' name='username'></p>
+ <p>Password: <input type='password' name='password'>
+ <p><input type='submit' name='submit' value='login'></p>
+ </form>";
+ }
+}
diff --git a/www/register.php b/www/register.php
new file mode 100644
index 0000000..53fb35c
--- /dev/null
+++ b/www/register.php
@@ -0,0 +1,79 @@
+<?php
+
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*This file handels the registration in the database*/
+
+if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+ session_start();
+
+ $name = $_POST["name"];
+ $cleartext_password = $_POST["pswd"];
+ $second_password = $_POST["2ndpswd"];
+ $email = $_POST["email"];
+
+ if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"]) || $cleartext_password == "" || $second_password == "" || empty($_POST["pswd"]) || empty($_POST["2ndpswd"])){
+ header("Refresh: 0; register?reason=password");
+ exit;
+ }
+
+ if(preg_match("/[^-_0-9a-zA-Z]/", $name) || preg_match("/[^-_0-9a-zA-Z]/", $cleartext_password) || preg_match("/[^-_0-9a-zA-Z@.]/", $email)){
+ header("Refresh: 0; register?reason=encoding");
+ exit;
+ }
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $safe_name = SQLite3::escapeString("$name");
+ $safe_email = SQLite3::escapeString("$email");
+
+/*Checks the validation of the registration attempt*/
+
+ $test_status_db = $db->query("SELECT status FROM user WHERE email='$safe_email';");
+ $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
+ $test_status_int = $test_status_arr[0];
+
+ $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';");
+ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_arr[0];
+
+ if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
+ header("Refresh: 0; /register?reason=prohibited");
+ exit;
+ } else {
+
+
+/*Generates the encrypted password and the database transactions*/
+
+ $salt = uniqid(mt_rand(), true);
+ $password = "$salt"."$cleartext_password";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ if($db->exec("UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email';") && $db->exec("CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, typ TEXT, public TEXT);") && $db->exec("INSERT INTO $safe_name (id, folder, name, typ, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN');")
+ ){
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $name;
+ header("Refresh: 0; /?reason=registration");
+ } else {
+ header("Refresh: 0; /register?reason=database");
+ }
+ }
+} else {
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+ }
+
+echo "<form method='post' action='register.php'>
+<p>Name: <input type='text' name='name'></p>
+<p>pswd: <input type='password' name='pswd'></p>
+<p>2ndpsdw: <input type='password' name='2ndpswd'></p>
+<p>key: <input type='text' name='key'></p>
+<p>email: <input type='text' name='email'></p>
+<p><input type='submit'></p>
+</form>
+";
+}