From ea3b8c917cd0a0b13759b697dddd6efc0cf43f6c Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 16 Feb 2014 18:19:44 +0100
Subject: init

---
 www/check.php | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 www/check.php

(limited to 'www/check.php')

diff --git a/www/check.php b/www/check.php
new file mode 100644
index 0000000..42b8733
--- /dev/null
+++ b/www/check.php
@@ -0,0 +1,45 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Process the login*/
+
+session_start();
+
+/*___Database Query: Login___*/
+	$unsafe_username = $_POST["username"];
+	$unsafe_passwort = $_POST["password"];
+	$username = SQLite3::escapeString("$unsafe_username");
+	$passwort = SQLite3::escapeString("$unsafe_passwort");
+
+        $db_check = new SQLite3("../database/database.db");
+        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+                foreach($salt_array as $firstelement){
+                        $salt=$firstelement;
+                }
+        }
+
+        $password = "$salt"."$passwort";
+        $hash_password = md5($password);
+        for($i=0;$i<15000;$i++)
+                $hash_password = md5($hash_password);
+
+        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                 foreach($real_password_array as $secondelement){
+                        $real_password=$secondelement;
+                }
+        }
+
+/*___Login___*/
+if ($real_password == $hash_password) {
+
+	$_SESSION["login"] = true;
+	$_SESSION["username"] = "$unsafe_username";
+
+	header("Refresh: 0; index.php");
+} else {
+	header("Refresh: 0; login.php?failure");
+}
+?>
-- 
cgit v1.2.3