diff options
| author | root | 2014-04-14 08:35:13 +0200 |
|---|---|---|
| committer | root | 2014-04-14 08:35:13 +0200 |
| commit | 12734da8826299ffd24c0a15f6dbf205892d7221 (patch) | |
| tree | 3b894dd30e332df23a564ce44e42ce164c8abd78 /www/functions/func_login.php | |
| parent | 7b9d516cd3bcdb8eaa5f1eb533d71010061c681b (diff) | |
| download | jungegemeinde-12734da8826299ffd24c0a15f6dbf205892d7221.tar.gz | |
Pushed to v3
Diffstat (limited to 'www/functions/func_login.php')
| -rwxr-xr-x | www/functions/func_login.php | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php new file mode 100755 index 0000000..3afb3d8 --- /dev/null +++ b/www/functions/func_login.php @@ -0,0 +1,87 @@ +<?php +function login($db){ + + /*___Database Query: Login___*/ + $username = $_POST["username"]; + $password = $_POST["password"]; + $safe_username = SQLite3::escapeString("$username"); + + $pepper = file_get_contents("../database/pepper.txt"); + $password = $password . $pepper; + + $real_password = ""; + + $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';"); + while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){ + foreach($real_password_array as $secondelement){ + $real_password=$secondelement; + } + } + + /*___Login___*/ + if (!password_verify($password, $real_password)) { + return LOGIN_PASSWORD; + } + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now'))); + COMMIT; + ")){ + + $id = user_id($db, $username); + + $_SESSION["login"] = true; + $_SESSION["username"] = $username; + $_SESSION["userid"] = $id; + + return LOGIN_SUCCESSFULL; + + } else { + return LOGIN_DATABASE; + } +} + +function logout(){ + + if(session_destroy()){ + return LOGOUT_SUCCESSFULL; + } else { + return LOGOUT_FAILURE; + } +} + +function brutforce_protection($db){ + $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1; + + if($_SESSION["login_attempts"] <= 0){ + $remote_ip = $_SERVER["REMOTE_ADDR"]; + $session_id = session_id(); + $time = $_SERVER["REQUEST_TIME"]; + + if($db->exec(" + BEGIN TRANSACTION; + INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time."); + COMMIT; + ")){ + echo "You are banned. ;_;"; + } + exit; + } +} + +function check_if_banned($db){ + + $remote_ip = $_SERVER["REMOTE_ADDR"]; + $session_id = session_id(); + $check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';"); + $check_ar = $check_db->fetchArray(SQLITE3_NUM); + + $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h + + if($check_ar[0] < $accepted_time){ + return false; // not longer banned + } else { + return true; // still banned + } +} |