summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
Diffstat (limited to 'www')
-rw-r--r--www/check.php45
-rw-r--r--www/files.php20
-rw-r--r--www/index.php27
-rw-r--r--www/inreg.php78
4 files changed, 170 insertions, 0 deletions
diff --git a/www/check.php b/www/check.php
new file mode 100644
index 0000000..42b8733
--- /dev/null
+++ b/www/check.php
@@ -0,0 +1,45 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Process the login*/
+
+session_start();
+
+/*___Database Query: Login___*/
+ $unsafe_username = $_POST["username"];
+ $unsafe_passwort = $_POST["password"];
+ $username = SQLite3::escapeString("$unsafe_username");
+ $passwort = SQLite3::escapeString("$unsafe_passwort");
+
+ $db_check = new SQLite3("../database/database.db");
+ $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+ while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+ foreach($salt_array as $firstelement){
+ $salt=$firstelement;
+ }
+ }
+
+ $password = "$salt"."$passwort";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+/*___Login___*/
+if ($real_password == $hash_password) {
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = "$unsafe_username";
+
+ header("Refresh: 0; index.php");
+} else {
+ header("Refresh: 0; login.php?failure");
+}
+?>
diff --git a/www/files.php b/www/files.php
new file mode 100644
index 0000000..76c6b72
--- /dev/null
+++ b/www/files.php
@@ -0,0 +1,20 @@
+<?
+
+#print_r($_GET);
+#$ar =array($_GET);
+#echo "<br> ";
+#echo $ar[0];
+#echo "<br> ";
+
+if(!isset($_GET)){
+ header("Refresh: 0; /login");
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+}
+
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/index.php b/www/index.php
new file mode 100644
index 0000000..476227c
--- /dev/null
+++ b/www/index.php
@@ -0,0 +1,27 @@
+<?
+
+#print_r($_GET);
+#$ar =array($_GET);
+#echo "<br> ";
+#echo $ar[0];
+#echo "<br> ";
+
+if(empty($_GET)){
+ echo "Nicht gesetzt: $_GET[0] <br>";
+ header("Refresh: 0; /login");
+} else {
+ echo "Gesetzt: $_GET[0] <br>";
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+ if(!isset($name)){
+ header("Refresh: 0; /login");
+}
+ echo 'Name: ' . $name . ' Value: ' . $value . '<br />';
+}
+
+echo "Var $_GET[0] : $_GET[1]";
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/inreg.php b/www/inreg.php
new file mode 100644
index 0000000..2e2800d
--- /dev/null
+++ b/www/inreg.php
@@ -0,0 +1,78 @@
+<?php
+
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*This file handels the registration in the database*/
+
+session_start();
+
+$name = $_POST["name"];
+$cleartext_password = $_POST["pswd"];
+$second_password = $_POST["2ndpswd"];
+$email = $_POST["email"];
+
+if(($cleartext_password != $second_password) || !isset($_POST["pswd"]) || !isset($_POST["2ndpswd"])){
+ header("Refresh: 0; register.php?reason=password");
+ exit;
+}
+
+$db = new SQLite3("../database/database.db");
+
+ $safe_name = SQLite3::escapeString("$name");
+ $safe_email = SQLite3::escapeString("$email");
+
+/*Checks the validation of the registration attempt*/
+
+ $test_email_db = $db->query("SELECT status FROM secure_test where email='$safe_email';");
+ $test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM);
+ $test_email_int = test_$email_arr[0];
+
+ $test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';");
+ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_arr[0];
+
+if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){
+ header("Refresh: 0; register.php?reason=prohibited");
+ exit;
+} else {
+
+ if ($_POST["pswd"] == ""){
+ header("Refresh: 0; register.php?reason=empty");
+ exit;
+ } else {
+
+/*Checks if mail is already in use*/
+
+ $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
+ $email_arr = $email_db->fetchArray(SQLITE3_NUM);
+ $email_int = $email_arr[0];
+ $name_db = $db->query("SELECT id FROM user where name='$safe_name';");
+ $name_arr = $name_db->fetchArray(SQLITE3_NUM);
+ $name_int = $name_arr[0];
+
+ if (($email_int > 0 && !$email == "")|| $name_int > 0){
+ header("Refresh: 0; register.php?reason=duplicate");
+ exit;
+ } else {
+
+/*Generates the encrypted password and the database transaction*/
+
+ $salt = uniqid(mt_rand(), true);
+ $password = "$salt"."$cleartext_password";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $result = $db->exec("
+ BEGINN TRANSACTION;
+ INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
+ COMMIT;
+ ");
+
+ $_SESSION["username"] = $name;
+ header("Refresh: 0; account.php?reg=1");
+ }
+ }
+}
+?>