<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/

/*Process the login*/

session_start();

/*___Database Query: Login___*/
	$unsafe_username = $_POST["username"];
	$unsafe_passwort = $_POST["password"];
	$username = SQLite3::escapeString("$unsafe_username");
	$passwort = SQLite3::escapeString("$unsafe_passwort");

        $db_check = new SQLite3("../database/database.db");
        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
                foreach($salt_array as $firstelement){
                        $salt=$firstelement;
                }
        }

        $password = "$salt"."$passwort";
        $hash_password = md5($password);
        for($i=0;$i<15000;$i++)
                $hash_password = md5($hash_password);

        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
                 foreach($real_password_array as $secondelement){
                        $real_password=$secondelement;
                }
        }

/*___Login___*/
if ($real_password == $hash_password) {

	$_SESSION["login"] = true;
	$_SESSION["username"] = "$unsafe_username";

	header("Refresh: 0; index.php");
} else {
	header("Refresh: 0; login.php?failure");
}
?>