blob: f528076199f61efce674c1f3306861a5986001b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
<?
function login($db){
if($_SERVER['REQUEST_METHOD'] == 'POST') {
/*___Database Query: Login___*/
$username = $_POST["username"];
$password = $_POST["password"];
$safe_username = SQLite3::escapeString("$username");
//$hash = password_hash($_GET["password"], PASSWORD_DEFAULT);
$pepper = file_get_contents("../database/pepper.txt");
$password = $password . $pepper;
$real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
foreach($real_password_array as $secondelement){
$real_password=$secondelement;
}
}
/*___Login___*/
if (password_verify($password, $real_password)) {
if($db->exec("
BEGIN TRANSACTION;
INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT datetime()) );
COMMIT;
")){
$_SESSION["login"] = true;
$_SESSION["username"] = $username;
header("Refresh: 0; /");
return true;
} else {
header("Refresh: 0; login?reason=database&username=" . $username);
return false;
}
} else {
header("Refresh: 0; login?reason=failure&username=" . $username);
return false;
}
} else {
if($_SESSION["login"]){
header("Refresh: 0; /");
return false;
}
include("login.php");
return false;
}
}
function logout(){
$username=$_SESSION["username"];
if(session_destroy()){
header("Refresh: 0; login?reason=logout&username=" . $username);
return true;
} else {
return false;
}
}
|
