From ea3b8c917cd0a0b13759b697dddd6efc0cf43f6c Mon Sep 17 00:00:00 2001
From: root
Date: Sun, 16 Feb 2014 18:19:44 +0100
Subject: init
---
www/check.php | 45 ++++++++++++++++++++++++++++++++++
www/files.php | 20 +++++++++++++++
www/index.php | 27 +++++++++++++++++++++
www/inreg.php | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 170 insertions(+)
create mode 100644 www/check.php
create mode 100644 www/files.php
create mode 100644 www/index.php
create mode 100644 www/inreg.php
(limited to 'www')
diff --git a/www/check.php b/www/check.php
new file mode 100644
index 0000000..42b8733
--- /dev/null
+++ b/www/check.php
@@ -0,0 +1,45 @@
+query("SELECT salt FROM user WHERE name='$username';");
+ while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+ foreach($salt_array as $firstelement){
+ $salt=$firstelement;
+ }
+ }
+
+ $password = "$salt"."$passwort";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+ while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+ foreach($real_password_array as $secondelement){
+ $real_password=$secondelement;
+ }
+ }
+
+/*___Login___*/
+if ($real_password == $hash_password) {
+
+ $_SESSION["login"] = true;
+ $_SESSION["username"] = "$unsafe_username";
+
+ header("Refresh: 0; index.php");
+} else {
+ header("Refresh: 0; login.php?failure");
+}
+?>
diff --git a/www/files.php b/www/files.php
new file mode 100644
index 0000000..76c6b72
--- /dev/null
+++ b/www/files.php
@@ -0,0 +1,20 @@
+ ";
+#echo $ar[0];
+#echo "
";
+
+if(!isset($_GET)){
+ header("Refresh: 0; /login");
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+ echo 'Name: ' . $name . ' Value: ' . $value . '
';
+}
+
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/index.php b/www/index.php
new file mode 100644
index 0000000..476227c
--- /dev/null
+++ b/www/index.php
@@ -0,0 +1,27 @@
+ ";
+#echo $ar[0];
+#echo "
";
+
+if(empty($_GET)){
+ echo "Nicht gesetzt: $_GET[0]
";
+ header("Refresh: 0; /login");
+} else {
+ echo "Gesetzt: $_GET[0]
";
+}
+
+foreach ($_GET as $name => $value) { //value leer?
+ if(!isset($name)){
+ header("Refresh: 0; /login");
+}
+ echo 'Name: ' . $name . ' Value: ' . $value . '
';
+}
+
+echo "Var $_GET[0] : $_GET[1]";
+echo "Ende";
+
+#header("Refresh: 0; /login");
+
diff --git a/www/inreg.php b/www/inreg.php
new file mode 100644
index 0000000..2e2800d
--- /dev/null
+++ b/www/inreg.php
@@ -0,0 +1,78 @@
+query("SELECT status FROM secure_test where email='$safe_email';");
+ $test_email_arr = $test_email_db->fetchArray(SQLITE3_NUM);
+ $test_email_int = test_$email_arr[0];
+
+ $test_key_db = $db->query("SELECT key FROM secure_test where email='$safe_email';");
+ $test_key_arr = $test_key_db->fetchArray(SQLITE3_NUM);
+ $test_key = $test_key_arr[0];
+
+if (($test_email_int != 0 && !$email == "") || !$test_key == $_POST["key"]){
+ header("Refresh: 0; register.php?reason=prohibited");
+ exit;
+} else {
+
+ if ($_POST["pswd"] == ""){
+ header("Refresh: 0; register.php?reason=empty");
+ exit;
+ } else {
+
+/*Checks if mail is already in use*/
+
+ $email_db = $db->query("SELECT id FROM user where email='$safe_email';");
+ $email_arr = $email_db->fetchArray(SQLITE3_NUM);
+ $email_int = $email_arr[0];
+ $name_db = $db->query("SELECT id FROM user where name='$safe_name';");
+ $name_arr = $name_db->fetchArray(SQLITE3_NUM);
+ $name_int = $name_arr[0];
+
+ if (($email_int > 0 && !$email == "")|| $name_int > 0){
+ header("Refresh: 0; register.php?reason=duplicate");
+ exit;
+ } else {
+
+/*Generates the encrypted password and the database transaction*/
+
+ $salt = uniqid(mt_rand(), true);
+ $password = "$salt"."$cleartext_password";
+ $hash_password = md5($password);
+ for($i=0;$i<15000;$i++)
+ $hash_password = md5($hash_password);
+
+ $result = $db->exec("
+ BEGINN TRANSACTION;
+ INSERT INTO user (id, name, salt, password, email) VALUES (NULL, '$safe_name', '$salt', '$hash_password', '$safe_email');
+ COMMIT;
+ ");
+
+ $_SESSION["username"] = $name;
+ header("Refresh: 0; account.php?reg=1");
+ }
+ }
+}
+?>
--
cgit v1.2.3