From 305e2b7c55ffd24a156f5788388e6d4ed2daea14 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 17 Feb 2014 18:41:58 +0100
Subject: handles most of the database stuff
---
www/check.php | 61 +++++++++++++------------------------------
www/index.php | 37 +++++++++++++++++++++-----
www/invite.php | 67 +++++++++++++++++++++++++++++++++++++++++++++++
www/login.php | 60 ++++++++++++++++++++++++++++++++++++++++++
www/register.php | 79 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 255 insertions(+), 49 deletions(-)
create mode 100644 www/invite.php
create mode 100644 www/login.php
create mode 100644 www/register.php
(limited to 'www')
diff --git a/www/check.php b/www/check.php
index 42b8733..2ff5f52 100644
--- a/www/check.php
+++ b/www/check.php
@@ -1,45 +1,20 @@
-query("SELECT salt FROM user WHERE name='$username';");
- while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
- foreach($salt_array as $firstelement){
- $salt=$firstelement;
- }
- }
-
- $password = "$salt"."$passwort";
- $hash_password = md5($password);
- for($i=0;$i<15000;$i++)
- $hash_password = md5($hash_password);
-
- $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
- while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
- foreach($real_password_array as $secondelement){
- $real_password=$secondelement;
- }
- }
-
-/*___Login___*/
-if ($real_password == $hash_password) {
-
- $_SESSION["login"] = true;
- $_SESSION["username"] = "$unsafe_username";
-
- header("Refresh: 0; index.php");
+exec("CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UIQUE, senpai INTEGER, key TEXT, status INTEGER, invites INTEGER, salt TEXT, password TEXT, email TEXT UNIQUE);") && $db->exec("BEGIN TRANSACTION; INSERT INTO user (id, name, senpai, key, status, invites, salt, password, email) VALUES (NULL, 'admin', 0, '11111', 1, 5, '$salt', '$hash_password', 'admin@iamfabulous.de'); COMMIT;")) {
+ echo "Success!";
} else {
- header("Refresh: 0; login.php?failure");
+ echo "Failure! :(
";
+ echo "Salt: $salt, password: $hash_password";
}
-?>
+
+// INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111');
+
+// COMMIT;")
diff --git a/www/index.php b/www/index.php
index 91f7e4d..99c1c85 100644
--- a/www/index.php
+++ b/www/index.php
@@ -2,13 +2,31 @@
session_start();
+echo $_GET[name];
+echo $_GET[folder];
+
+echo "
Currently loged in as: ";
+echo $_SESSION["username"];
+
+$safe_name=SQLite3::escapeString("$_SESSION[username]");
+
+ $db = new SQLite3("../database/sqlite.db");
+
+ $invite_db = $db->query("SELECT invites FROM user WHERE name='$safe_name';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+echo "
";
+echo "You have currently $invite invites.";
+echo "
";
+
if(empty($_GET)){
-/* if($_SESSION["login"]){
- header("Refresh: 0; $_SESSION['username']");
+ if($_SESSION[login]){
+ header("Refresh: 0; $_SESSION[username]");
} else {
-*/
+
header("Refresh: 0; /login");
-// }
+ }
} else {
#print_r($_GET);
@@ -34,5 +52,12 @@ if(empty($_GET)){
#header("Refresh: 0; /login");
}
-
-
+?>
+
diff --git a/www/invite.php b/www/invite.php
new file mode 100644
index 0000000..4a055e3
--- /dev/null
+++ b/www/invite.php
@@ -0,0 +1,67 @@
+query("SELECT invites FROM user WHERE name='$safe_name';");
+ $invite_ar = $invite_db->fetchArray(SQLITE3_NUM);
+ $invite = $invite_ar[0];
+
+ if($invite > 0){
+
+/*Generates the invite key*/
+
+ $key_array = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "_", "-", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9" );
+
+ $length = count($key_array);
+ $key = "";
+
+ for ($i=0;$i<11;$i++){
+ $index = mt_rand(0,$length-1);
+ $key = "$key".$key_array[$index];
+ }
+
+ $id_db = $db->query("SELECT id FROM USER WHERE name='$safe_name';");
+ $id_ar = $id_db->fetchArray(SQLITE3_NUM);
+ $id = $id_ar[0];
+
+/*Generates the new user and decrease the invites*/
+
+ $invite = $invite - 1;
+
+ echo "ID: '$id', KEY: '$key', SAFE_EMAIL: '$safe_email'";
+
+// $db->exec("INSERT INT0 user (id, name, senpai, key, status, email) VALUES (NULL, '$id', '$key', 0, '$safe_email');");
+// $db->exec("UPDATE user SET invites='$invite' WHERE id='$id';");
+ if($db->exec("INSERT INTO user (id, name, senpai, key, status, email) VALUES (NULL, NULL, '$id', '$key', 0, '$safe_email');") && $db->exec("UPDATE user SET invites='$invite' WHERE id='$id';"))
+ {
+ header("Refresh: 0; /invite?reason=success");
+ } else {
+ header("Refresh: 0; /invite?reason=database");
+ }
+
+ } else {
+ header("Refresh: 0; /invite?reason=invites");
+ }
+} else {
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '
';
+ }
+
+ echo "Hallo $name
+ ";
+
+ echo "ENDE";
+}
diff --git a/www/login.php b/www/login.php
new file mode 100644
index 0000000..c1d3207
--- /dev/null
+++ b/www/login.php
@@ -0,0 +1,60 @@
+query("SELECT salt FROM user WHERE name='$username';");
+ while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+ foreach($salt_array as $firstelement){
+ $salt=$firstelement;
+ }
+ }
+
+ $password = "$salt"."$passwort";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+/*___Login___*/
+ if ($real_password == $hash_password) {
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = "$unsafe_username";
+
+ header("Refresh: 0; /");
+ } else {
+ header("Refresh: 0; login?reason=failure");
+ }
+} else {
+
+/*Prints the GET version*/
+
+ if($_SESSION["login"]){
+ header("Refresh: 0; /");
+ } else {
+ echo "";
+ }
+}
diff --git a/www/register.php b/www/register.php
new file mode 100644
index 0000000..53fb35c
--- /dev/null
+++ b/www/register.php
@@ -0,0 +1,79 @@
+query("SELECT status FROM user WHERE email='$safe_email';");
+ $test_status_arr = $test_status_db->fetchArray(SQLITE3_NUM);
+ $test_status_int = $test_status_arr[0];
+
+ $test_key_db = $db->query("SELECT key FROM user WHERE email='$safe_email';");
+ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_arr[0];
+
+ if ($test_status_int != 0 || $email == "" || $test_key != $_POST["key"] || $test_key == ""){
+ header("Refresh: 0; /register?reason=prohibited");
+ exit;
+ } else {
+
+
+/*Generates the encrypted password and the database transactions*/
+
+ $salt = uniqid(mt_rand(), true);
+ $password = "$salt"."$cleartext_password";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ if($db->exec("UPDATE user SET name='$safe_name', salt='$salt', password='$hash_password', status=1, invites=5 WHERE email='$safe_email';") && $db->exec("CREATE TABLE $safe_name (id INTEGER PRIMARY KEY, folder INTEGER, name TEXT, typ TEXT, public TEXT);") && $db->exec("INSERT INTO $safe_name (id, folder, name, typ, public) VALUES (NULL, 0, '/', 'FOLDER', 'HIDDEN');")
+ ){
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = $name;
+ header("Refresh: 0; /?reason=registration");
+ } else {
+ header("Refresh: 0; /register?reason=database");
+ }
+ }
+} else {
+ foreach ($_GET as $name => $value) {
+ echo 'Name: ' . $name . ' Value: ' . $value . '
';
+ }
+
+echo "
+";
+}
--
cgit v1.2.3