new folder etc

1 files changed, 109 insertions, 0 deletions

diff --git a/www/member_login.php b/www/member_login.php
new file mode 100644
index 0000000..8628a44
--- /dev/null
+++ b/www/member_login.php
@@ -0,0 +1,109 @@
+<?php
+
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE for more Information.*/
+
+include('auth.php');
+include("header.php");
+
+$name = $_SESSION["username"];
+
+if ($_SESSION["username"] == "jg-adlershof"){
+        $account ="<td><a href='member_login.php'>Login</a></td>
+        <td>|</td>
+        <td><a href='register.php'>Register</a></td>
+        <td>|</td>
+" ;
+	$name = "Gast";
+
+} else {
+	header("Location: account.php");
+	exit;
+        $account ="<td><a href='account.php'>Account</a></td>
+        <td>|</td>
+";
+}
+
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+        $username = $_POST["username"];
+        $passwort = $_POST["password"];
+
+	$safe_username = SQLite3::escapeString("$username");
+	$safe_passwort = SQLite3::escapeString("$passwort");
+
+        $db_check = new SQLite3("../database/database.sqlite");
+        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$safe_username';");
+        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+                foreach($salt_array as $firstelement){
+                        $salt=$firstelement;
+                }
+        }
+
+        $password = "$salt"."$passwort";
+        $hash_password = md5($password);
+        for($i=0;$i<15000;$i++)
+                $hash_password = md5($hash_password);
+
+        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$safe_username';");
+        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                 foreach($real_password_array as $secondelement){
+                        $real_password=$secondelement;
+                }
+        }
+
+	if ($real_password == $hash_password) {
+
+		$_SESSION["username"] = $_POST["username"];
+		header("Location: member_login.php?stat=1");
+
+	} else {
+		header("Location: member_login.php?stat=2");
+	}
+
+} else {
+
+if ($_GET["stat"] == 2) {
+	$failure="<br><div style='color:red;'>Name und/oder Passwort sind falsch!</div>";
+} else {
+	if ($_GET["stat"] == 1) {
+	header("Location: account.php");
+	exit;
+	}
+}
+
+
+echo "
+
+<div id='content_container' align='center'>
+        <br>
+        <div class='kleineschrift'>
+                <div class='ueberschrift'>
+			<p>JUNGE GEMEINDE ADLERSHOF</p>
+		</div>
+
+<br>
+
+	<div id='behaelter' align='center' class=''>
+			<div class='katze'>
+			Hallo $name, <br>
+			hier kannst du dich für den Mitgliederbereich einloggen.
+			</div><br>
+
+			Noch kein eigenes Passwort? Dann <a style='text-decoration:underline;' href='register.php'>registrier</a> dich einfach.<br><br>
+			$failure
+                        <form method='post' action='member_login.php' >
+                                <p><input type='text' name='username' size='40'/></p>
+                                <p><input type='password' name='password' size='40'/></p> 
+
+
+                                <p><input type='submit' name='submit' value='Miau!'/></p>  
+ 
+                        </form>
+        </div>
+</div>
+</div>
+</body>
+</html>
+";
+}
+?>