aboutsummaryrefslogtreecommitdiff
path: root/www/functions/func_login.php
diff options
context:
space:
mode:
Diffstat (limited to 'www/functions/func_login.php')
-rwxr-xr-xwww/functions/func_login.php134
1 files changed, 0 insertions, 134 deletions
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
deleted file mode 100755
index 7944c3e..0000000
--- a/www/functions/func_login.php
+++ /dev/null
@@ -1,134 +0,0 @@
-<?php
-function login($db){
-
- /*___Database Query: Login___*/
- $username = $_POST["username"];
- $password = $_POST["password"];
- $safe_username = SQLite3::escapeString(htmlentities($username));
-
- $log_in = false;
- $real_password = "";
-
- if($username == "Guest"){
-
- $real_password_db = $db->query("SELECT email FROM jg;");
- while($row = $real_password_db->fetchArray(SQLITE3_NUM)){
- if($row[0] == $password){
- $log_in = true;
- break;
- }
- }
- } else {
- $pepper = file_get_contents("../database/pepper.txt");
- $password = $password . $pepper;
-
- $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
- while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
- foreach($real_password_array as $secondelement){
- $real_password=$secondelement;
- }
- }
-
- if (password_verify($password, $real_password)) {
- $log_in = true;
- }
- }
-
- /*___Login___*/
- if(!$log_in){
- return LOGIN_PASSWORD;
- }
-
-
- $id = user_id($db, $username);
- $banned_db = $db->query("SELECT 1 FROM banned_user WHERE user=".$id);
- $banned_ar = $banned_db->fetchArray(SQLITE3_NUM);
-
- if($banned_ar[0] == 1){
- echo "You are banned. ;_;";
- exit;
- }
-
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now')));
- COMMIT;
- ")){
-
-
- $_SESSION["login"] = true;
- $_SESSION["username"] = $username;
- $_SESSION["userid"] = $id;
-
- return LOGIN_SUCCESSFULL;
-
- } else {
- return LOGIN_DATABASE;
- }
-}
-
-function logout(){
-
- if(session_destroy()){
- return LOGOUT_SUCCESSFULL;
- } else {
- return LOGOUT_FAILURE;
- }
-}
-
-function brutforce_protection($db){
- $_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;
-
- $remote_ip = $_SERVER["REMOTE_ADDR"];
- $session_id = session_id();
- $time = $_SERVER["REQUEST_TIME"];
-
- if($_SESSION["login_attempts"] <= 0){
- $db->exec("
- BEGIN TRANSACTION;
- INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time.");
- COMMIT;
- ");
- banned();
-
- } else {
- if($db->exec("
- BEGIN TRANSACTION;
- INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".$db->escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', '".$time."');
- COMMIT;
- ")){
- return true;
- } else {
- return false;
- }
- }
-}
-
-function check_if_banned($db){
-
- $remote_ip = $_SERVER["REMOTE_ADDR"];
- $session_id = session_id();
- $check_db = $db->query("SELECT time, login_attempts, id FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."' ORDER BY id DESC;");
- $check_ar = $check_db->fetchArray(SQLITE3_NUM);
-
- $log_at = $check_ar[1];
- if($log_at){
- $_SESSION["login_attempts"] = $log_at;
- }
-
- $accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h
- $db->exec("DELETE FROM banned_user WHERE time<'".$accepted_time."'");
-
- if($log_at <= 0){
- if($check_ar[0] >= $accepted_time){
- return true; // still banned
- }
- }
-
- return false; // not longer banned
-}
-
-function banned(){
- header("Refresh: 0; ".$GLOBALS["scheme"].$_SERVER["HTTP_HOST"]."/banned");
- exit;
-}