diff options
| author | root | 2014-04-14 08:35:13 +0200 |
|---|---|---|
| committer | root | 2014-04-14 08:35:13 +0200 |
| commit | 12734da8826299ffd24c0a15f6dbf205892d7221 (patch) | |
| tree | 3b894dd30e332df23a564ce44e42ce164c8abd78 /oldwww/member_login.php | |
| parent | 7b9d516cd3bcdb8eaa5f1eb533d71010061c681b (diff) | |
| download | jungegemeinde-12734da8826299ffd24c0a15f6dbf205892d7221.tar.gz | |
Pushed to v3
Diffstat (limited to 'oldwww/member_login.php')
| -rw-r--r-- | oldwww/member_login.php | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/oldwww/member_login.php b/oldwww/member_login.php new file mode 100644 index 0000000..8628a44 --- /dev/null +++ b/oldwww/member_login.php @@ -0,0 +1,109 @@ +<?php + +/* Copyright Maximilian Möhring, 2013 +Licensed under the GPL. Read LICENSE for more Information.*/ + +include('auth.php'); +include("header.php"); + +$name = $_SESSION["username"]; + +if ($_SESSION["username"] == "jg-adlershof"){ + $account ="<td><a href='member_login.php'>Login</a></td> + <td>|</td> + <td><a href='register.php'>Register</a></td> + <td>|</td> +" ; + $name = "Gast"; + +} else { + header("Location: account.php"); + exit; + $account ="<td><a href='account.php'>Account</a></td> + <td>|</td> +"; +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $username = $_POST["username"]; + $passwort = $_POST["password"]; + + $safe_username = SQLite3::escapeString("$username"); + $safe_passwort = SQLite3::escapeString("$passwort"); + + $db_check = new SQLite3("../database/database.sqlite"); + $salt_db = $db_check->query("SELECT salt FROM user WHERE name='$safe_username';"); + while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){ + foreach($salt_array as $firstelement){ + $salt=$firstelement; + } + } + + $password = "$salt"."$passwort"; + $hash_password = md5($password); + for($i=0;$i<15000;$i++) + $hash_password = md5($hash_password); + + $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$safe_username';"); + while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ + foreach($real_password_array as $secondelement){ + $real_password=$secondelement; + } + } + + if ($real_password == $hash_password) { + + $_SESSION["username"] = $_POST["username"]; + header("Location: member_login.php?stat=1"); + + } else { + header("Location: member_login.php?stat=2"); + } + +} else { + +if ($_GET["stat"] == 2) { + $failure="<br><div style='color:red;'>Name und/oder Passwort sind falsch!</div>"; +} else { + if ($_GET["stat"] == 1) { + header("Location: account.php"); + exit; + } +} + + +echo " + +<div id='content_container' align='center'> + <br> + <div class='kleineschrift'> + <div class='ueberschrift'> + <p>JUNGE GEMEINDE ADLERSHOF</p> + </div> + +<br> + + <div id='behaelter' align='center' class=''> + <div class='katze'> + Hallo $name, <br> + hier kannst du dich für den Mitgliederbereich einloggen. + </div><br> + + Noch kein eigenes Passwort? Dann <a style='text-decoration:underline;' href='register.php'>registrier</a> dich einfach.<br><br> + $failure + <form method='post' action='member_login.php' > + <p><input type='text' name='username' size='40'/></p> + <p><input type='password' name='password' size='40'/></p> + + + <p><input type='submit' name='submit' value='Miau!'/></p> + + </form> + </div> +</div> +</div> +</body> +</html> +"; +} +?> |