From 5b9cbe1d06a47aee4d32099a861f97e8a8b59633 Mon Sep 17 00:00:00 2001
From: oweissbarth
Date: Sun, 16 Mar 2014 17:01:10 +0100
Subject: MVD Login

---
 www/functions/func_login.php | 85 +++++++++++++++++---------------------------
 1 file changed, 33 insertions(+), 52 deletions(-)

(limited to 'www/functions/func_login.php')

diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 86caf40..2f734c5 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -1,65 +1,46 @@
 <?php
-function login($db){
-        if($_SERVER['REQUEST_METHOD'] == 'POST') {
-
-        /*___Database Query: Login___*/
-                $username = $_POST["username"];
-                $password = $_POST["password"];
-                $safe_username = SQLite3::escapeString("$username");
-
-		//$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+function login($username, $password){
+		$db = new SQLite3("../database/sqlite.db");
+		
+		$safe_username = SQLite3::escapeString("$username");
 
 		$pepper = file_get_contents("../database/pepper.txt");
 		$password = $password . $pepper;
 
-                $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
-                while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
-                         foreach($real_password_array as $secondelement){
-                                $real_password=$secondelement;
-                        }   
-                }   
-
-        /*___Login___*/
-                if (password_verify($password, $real_password)) {
-
-                        if($db->exec("
-                                BEGIN TRANSACTION;
-                                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
-                                COMMIT;
-                        ")){
+		$real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+		while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+			foreach($real_password_array as $secondelement){
+				$real_password=$secondelement;
+			}
+		}
+
+		/*___Login___*/
+		if (password_verify($password, $real_password)) {
+
+			if($db->exec("
+				BEGIN TRANSACTION;
+				INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+				COMMIT;
+			")){
 				$id = user($db, $username);
 
-                                $_SESSION["login"] = true;
-                                $_SESSION["username"] = $username;
+				$_SESSION["login"] = true;
+				$_SESSION["username"] = $username;
 				$_SESSION["userid"] = $id;
 
-				header("Refresh: 0; /");
-				return true; 
-
-                        } else {
-                                header("Refresh: 0; login?reason=database&username=" . $username);
-				return false;
-                        }   
-                } else {
-                        header("Refresh: 0; login?reason=failure&username=" . $username);
-			return false;
-                }   
-        } else {
-                if(isset($_SESSION["login"])){
-                        header("Refresh: 0; /");
-			return false;
-                } 
-		include("login.php");
-		return false;
-	}
+				return "success"; 
+			} else {
+					return "database";
+			}
+		} else {
+			return "password";
+		}
 }
 
 function logout(){
-        $username=$_SESSION["username"];
-        if(session_destroy()){
-                header("Refresh: 0; login?reason=logout&username=" . $username);
-                return true;
-        } else {
-                return false;
-        }   
+		if(session_destroy()){
+			return true;
+		} else {
+			return false;
+		}
 }
-- 
cgit v1.2.3