diff options
| author | Horus3 | 2014-02-09 17:21:59 +0100 |
|---|---|---|
| committer | Horus3 | 2014-02-09 17:21:59 +0100 |
| commit | 65dc06eab2305800ad862b4621807fd7d4f7fe8d (patch) | |
| tree | c8efcc90589d30ecbe838fc7822c8d031cbececa /member_login.php | |
| download | jungegemeinde-65dc06eab2305800ad862b4621807fd7d4f7fe8d.tar.gz | |
Init
Diffstat (limited to 'member_login.php')
| -rw-r--r-- | member_login.php | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/member_login.php b/member_login.php new file mode 100644 index 0000000..1d3b6d9 --- /dev/null +++ b/member_login.php @@ -0,0 +1,104 @@ +<?php include('auth.php'); +include("header.php"); + +$name = $_SESSION["username"]; + +if ($_SESSION["username"] == "jg-adlershof"){ + $account ="<td><a href='member_login.php'>Login</a></td> + <td>|</td> + <td><a href='register.php'>Register</a></td> + <td>|</td> +" ; + $name = "Gast"; + +} else { + header("Location: account.php"); + exit; + $account ="<td><a href='account.php'>Account</a></td> + <td>|</td> +"; +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $username = $_POST["username"]; + $passwort = $_POST["password"]; + + $safe_username = SQLite3::escapeString("$username"); + $safe_passwort = SQLite3::escapeString("$passwort"); + + $db_check = new SQLite3("/var/www/jungegemeinde/database/share.db"); + $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$safe_username';"); + while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ + foreach($salt_array as $firstelement){ + $salt=$firstelement; + } + } + + $password = "$salt"."$passwort"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$safe_username';"); + while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ + foreach($real_password_array as $secondelement){ + $real_password=$secondelement; + } + } + + if ($real_password == $hash_password) { + + $_SESSION["username"] = $_POST["username"]; + header("Location: member_login.php?stat=1"); + + } else { + header("Location: member_login.php?stat=2"); + } + +} else { + +if ($_GET["stat"] == 2) { + $failure="<br><div style='color:red;'>Name und/oder Passwort sind falsch!</div>"; +} else { + if ($_GET["stat"] == 1) { + header("Location: account.php"); + exit; + } +} + + +echo " + +<div id='content_container' align='center'> + <br> + <div class='kleineschrift'> + <div class='ueberschrift'> + <p>JUNGE GEMEINDE ADLERSHOF</p> + </div> + +<br> + + <div id='behaelter' align='center' class=''> + <div class='katze'> + Hallo $name, <br> + hier kannst du dich für den Mitgliederbereich einloggen. + </div><br> + + Noch kein eigenes Passwort? Dann <a style='text-decoration:underline;' href='register.php'>registrier</a> dich einfach.<br><br> + $failure + <form method='post' action='member_login.php' > + <p><input type='text' name='username' size='40'/></p> + <p><input type='password' name='password' size='40'/></p> + + + <p><input type='submit' name='submit' value='Miau!'/></p> + + </form> + </div> +</div> +</div> +</body> +</html> +"; +} +?> |