blob: 42b8733171aa1b7a0fc909bb6e80bc50ca92ccf5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/
/*Process the login*/
session_start();
/*___Database Query: Login___*/
$unsafe_username = $_POST["username"];
$unsafe_passwort = $_POST["password"];
$username = SQLite3::escapeString("$unsafe_username");
$passwort = SQLite3::escapeString("$unsafe_passwort");
$db_check = new SQLite3("../database/database.db");
$salt_db = $db_check->query("SELECT salt FROM user WHERE name='$username';");
while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
foreach($salt_array as $firstelement){
$salt=$firstelement;
}
}
$password = "$salt"."$passwort";
$hash_password = md5($password);
for($i=0;$i<15000;$i++)
$hash_password = md5($hash_password);
$real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
foreach($real_password_array as $secondelement){
$real_password=$secondelement;
}
}
/*___Login___*/
if ($real_password == $hash_password) {
$_SESSION["login"] = true;
$_SESSION["username"] = "$unsafe_username";
header("Refresh: 0; index.php");
} else {
header("Refresh: 0; login.php?failure");
}
?>
|
