From 8970954933ecf4b5c842027faa7c52f85cc25fe2 Mon Sep 17 00:00:00 2001
From: Horus3
Date: Wed, 12 Mar 2014 02:50:30 +0100
Subject: Structure in functions. Stronger hash algorith for password safety,
 also pepper.

---
 www/functions/func_login.php | 63 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 www/functions/func_login.php

(limited to 'www/functions/func_login.php')

diff --git a/www/functions/func_login.php b/www/functions/func_login.php
new file mode 100644
index 0000000..f528076
--- /dev/null
+++ b/www/functions/func_login.php
@@ -0,0 +1,63 @@
+<?
+function login($db){
+        if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+        /*___Database Query: Login___*/
+                $username = $_POST["username"];
+                $password = $_POST["password"];
+                $safe_username = SQLite3::escapeString("$username");
+
+		//$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
+
+		$pepper = file_get_contents("../database/pepper.txt");
+		$password = $password . $pepper;
+
+                $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
+                while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                         foreach($real_password_array as $secondelement){
+                                $real_password=$secondelement;
+                        }   
+                }   
+
+        /*___Login___*/
+                if (password_verify($password, $real_password)) {
+
+                        if($db->exec("
+                                BEGIN TRANSACTION;
+                                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
+                                COMMIT;
+                        ")){
+
+                                $_SESSION["login"] = true;
+                                $_SESSION["username"] = $username;
+
+				header("Refresh: 0; /");
+				return true; 
+
+                        } else {
+                                header("Refresh: 0; login?reason=database&username=" . $username);
+				return false;
+                        }   
+                } else {
+                        header("Refresh: 0; login?reason=failure&username=" . $username);
+			return false;
+                }   
+        } else {
+                if($_SESSION["login"]){
+                        header("Refresh: 0; /");
+			return false;
+                } 
+		include("login.php");
+		return false;
+	}
+}
+
+function logout(){
+        $username=$_SESSION["username"];
+        if(session_destroy()){
+                header("Refresh: 0; login?reason=logout&username=" . $username);
+                return true;
+        } else {
+                return false;
+        }   
+}
-- 
cgit v1.2.3