From 305e2b7c55ffd24a156f5788388e6d4ed2daea14 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 17 Feb 2014 18:41:58 +0100
Subject: handles most of the database stuff

---
 www/login.php | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 www/login.php

(limited to 'www/login.php')

diff --git a/www/login.php b/www/login.php
new file mode 100644
index 0000000..c1d3207
--- /dev/null
+++ b/www/login.php
@@ -0,0 +1,60 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+/*Process the login*/
+
+session_start();
+
+if($_SERVER['REQUEST_METHOD'] == 'POST') {
+
+/*___Database Query: Login___*/
+	$unsafe_username = $_POST["username"];
+	$unsafe_passwort = $_POST["password"];
+	$username = SQLite3::escapeString("$unsafe_username");
+	$passwort = SQLite3::escapeString("$unsafe_passwort");
+
+        $db_check = new SQLite3("../database/sqlite.db");
+        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+                foreach($salt_array as $firstelement){
+                        $salt=$firstelement;
+                }
+        }
+
+        $password = "$salt"."$passwort";
+        $hash_password = md5($password);
+        for($i=0;$i<15000;$i++)
+                $hash_password = md5($hash_password);
+
+        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                 foreach($real_password_array as $secondelement){
+                        $real_password=$secondelement;
+                }
+        }
+
+/*___Login___*/
+	if ($real_password == $hash_password) {
+
+		$_SESSION["login"] = true;
+		$_SESSION["username"] = "$unsafe_username";
+
+		header("Refresh: 0; /");
+	} else {
+		header("Refresh: 0; login?reason=failure");
+	}
+} else {
+
+/*Prints the GET version*/
+
+	if($_SESSION["login"]){
+		header("Refresh: 0; /");
+	} else {
+		echo "<form method='post' action='/login.php'>
+			<p>Name: <input type='text' name='username'></p>
+			<p>Password: <input type='password' name='password'>
+			<p><input type='submit' name='submit' value='login'></p>
+		</form>";
+	}
+}
-- 
cgit v1.2.3