From 65dc06eab2305800ad862b4621807fd7d4f7fe8d Mon Sep 17 00:00:00 2001
From: Horus3
Date: Sun, 9 Feb 2014 17:21:59 +0100
Subject: Init

---
 check.php | 108 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 108 insertions(+)
 create mode 100644 check.php

(limited to 'check.php')

diff --git a/check.php b/check.php
new file mode 100644
index 0000000..b3911de
--- /dev/null
+++ b/check.php
@@ -0,0 +1,108 @@
+<?php
+/* Copyright Maximilian Möhring, 2013
+Licensed under the GPL. Read LICENSE.txt for more Information.*/
+
+session_start();
+
+/*___Datenbankabfrage: Login___*/
+	$unsafe_username = $_POST["username"];
+	$unsafe_passwort = $_POST["password"];
+	$username = SQLite3::escapeString("$unsafe_username");
+	$passwort = SQLite3::escapeString("$unsafe_passwort");
+
+        $db_check = new SQLite3("/var/www/jungegemeinde/database/share.db");
+        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
+        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
+                foreach($salt_array as $firstelement){
+                        $salt=$firstelement;
+                }
+        }
+
+        $password = "$salt"."$passwort";
+        $hash_password = md5($password);
+        for($i=0;$i<15000;$i++)
+                $hash_password = md5($hash_password);
+
+        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
+        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
+                 foreach($real_password_array as $secondelement){
+                        $real_password=$secondelement;
+                }
+        }
+
+/*___Einloggen___*/
+if ($real_password == $hash_password) {
+
+	$_SESSION["login"] = true;
+	$_SESSION["username"] = "$username";
+
+/*___Datenbankabfrage: Spruch___*/
+	$zufall  = mt_rand(1,52);
+
+	$db = new SQLite3("/var/www/jungegemeinde/database/jg.db");
+
+
+	$zufall = SQLite3::escapeString("$zufall");
+	$ergebnis = $db->query("SELECT * FROM sprueche where id=$zufall;");
+
+	while($row=$ergebnis->fetchArray()){
+		$spruch = $row["spruch"];
+	}
+
+
+echo"
+<!doctype html public '-//W3C//DTD XHTML 1.0 //EN'>
+
+
+<html>
+<head>
+  <title>Login: Random Quote.</title>
+<script type='text/javascript'>
+    function animiere() {
+            var ladebalken = document.getElementById('ladebalken');
+            var laenge = parseInt(ladebalken.style.width);
+
+            laenge++;
+            ladebalken.style.width = laenge + 'px';
+
+            if (laenge < 450) {
+                window.setTimeout(animiere, 8);
+            } 
+            if (laenge == 450) {
+	    document.location='/';
+	    } 
+        }
+    </script>
+  <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
+  <link rel='stylesheet' type='text/css' href='hyperstyle.css' />
+  <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
+</head>
+
+<body onload='animiere()' link='#000000' vlink='#000000' alink='#FF0000' >
+
+<div id='distance' ></div>
+<div id='container' align='center' class='mittlereschrift'>
+<b>Zitat Nummer #$zufall</b><br><br><div id='bgcolor'>
+$spruch
+</div>
+
+<br><br>
+<div class='katze'<p> Fortschritt: </p></div>
+	<div id='balken' align='left'>
+		<span id='ladebalken' style='display: block; background: #ecece1; width: 0px;'>&nbsp;
+		</span>
+	</div>
+
+<br><br>
+<div class='unterstrich'><a href='/'>Überspringen</a></div>
+
+</div>
+
+</body>
+</html>
+";
+header("Refresh: 7; /");
+} else {
+header("Location: login.php?failure=1");
+}
+?>
-- 
cgit v1.2.3