init

1 files changed, 0 insertions, 134 deletions

diff --git a/www/functions/func_login.php b/www/functions/func_login.php
deleted file mode 100755
index 7944c3e..0000000
--- a/www/functions/func_login.php
+++ /dev/null
@@ -1,134 +0,0 @@
-<?php
-function login($db){
-
-        /*___Database Query: Login___*/
-	$username = $_POST["username"];
-        $password = $_POST["password"];
-        $safe_username = SQLite3::escapeString(htmlentities($username));
-
-	$log_in = false;
-	$real_password = "";
-
-	if($username == "Guest"){
-
-		$real_password_db = $db->query("SELECT email FROM jg;");
-		while($row = $real_password_db->fetchArray(SQLITE3_NUM)){
-			if($row[0] == $password){
-				$log_in = true;
-				break;
-			}		
-		}
-	} else {
-		$pepper = file_get_contents("../database/pepper.txt");
-		$password = $password . $pepper;
-
-        	$real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
-        	while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
-        		foreach($real_password_array as $secondelement){
-                		$real_password=$secondelement;
-                	}   
-		}   
-
-        	if (password_verify($password, $real_password)) {
-			$log_in = true;
-		}
-	}
-
-        /*___Login___*/
-	if(!$log_in){
-		return LOGIN_PASSWORD;
-	}
-
-	
-	$id = user_id($db, $username);
-	$banned_db = $db->query("SELECT 1 FROM banned_user WHERE user=".$id);
-	$banned_ar = $banned_db->fetchArray(SQLITE3_NUM);
-
-	if($banned_ar[0] == 1){
-		echo "You are banned. ;_;";
-		exit;
-	}
-
-        if($db->exec("
-        	BEGIN TRANSACTION;
-                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now')));
-                COMMIT;
-	")){
-
-
-                $_SESSION["login"] = true;
-                $_SESSION["username"] = $username;
-		$_SESSION["userid"] = $id;
-
-		return LOGIN_SUCCESSFULL; 
-
-	} else {
-		return LOGIN_DATABASE;
-	}   
-}
-
-function logout(){
-        
-	if(session_destroy()){
-                return LOGOUT_SUCCESSFULL;
-        } else {
-                return LOGOUT_FAILURE;
-        }   
-}
-
-function brutforce_protection($db){
-	$_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;
-
-	$remote_ip = $_SERVER["REMOTE_ADDR"];
-	$session_id = session_id();
-	$time = $_SERVER["REQUEST_TIME"];
-	
-	if($_SESSION["login_attempts"] <= 0){
-		$db->exec("
-			BEGIN TRANSACTION;
-			INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time.");
-			COMMIT;
-		");
-		banned();
-
-	} else {
-		if($db->exec("
-			BEGIN TRANSACTION;
-			INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".$db->escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', '".$time."');
-			COMMIT;
-		")){
-			return true;
-		} else {
-			return false;
-		}
-	}
-}
-
-function check_if_banned($db){
-
-	$remote_ip = $_SERVER["REMOTE_ADDR"];
-	$session_id = session_id();
-	$check_db = $db->query("SELECT time, login_attempts, id FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."' ORDER BY id DESC;");
-	$check_ar = $check_db->fetchArray(SQLITE3_NUM);
-
-	$log_at = $check_ar[1];
-	if($log_at){
-		$_SESSION["login_attempts"] = $log_at;
-	}
-
-	$accepted_time = $_SERVER["REQUEST_TIME"] - 21600; 	// == 6h
-	$db->exec("DELETE FROM banned_user WHERE time<'".$accepted_time."'");	
-
-	if($log_at <= 0){
-		if($check_ar[0] >= $accepted_time){
-			return true;					// still banned
-		}
-	}
-
-	return false; 					// not longer banned
-}
-
-function banned(){
-	header("Refresh: 0; ".$GLOBALS["scheme"].$_SERVER["HTTP_HOST"]."/banned");
-	exit;
-}