check.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/

session_start();

/*___Datenbankabfrage: Login___*/
	$unsafe_username = $_POST["username"];
	$unsafe_passwort = $_POST["password"];
	$username = SQLite3::escapeString("$unsafe_username");
	$passwort = SQLite3::escapeString("$unsafe_passwort");

        $db_check = new SQLite3("../database/share.db");
        $salt_db  = $db_check->query("SELECT salt FROM user WHERE name='$username';");
        while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
                foreach($salt_array as $firstelement){
                        $salt=$firstelement;
                }
        }

        $password = "$salt"."$passwort";
        $hash_password = md5($password);
        for($i=0;$i<15000;$i++)
                $hash_password = md5($hash_password);

        $real_password_db = $db_check->query("SELECT password FROM user WHERE name='$username';");
        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
                 foreach($real_password_array as $secondelement){
                        $real_password=$secondelement;
                }
        }

/*___Einloggen___*/
if ($real_password == $hash_password) {

	$_SESSION["login"] = true;
	$_SESSION["username"] = "$username";

/*___Datenbankabfrage: Spruch___*/
	$zufall  = mt_rand(1,52);

	$db = new SQLite3("../database/jg.db");


	$zufall = SQLite3::escapeString("$zufall");
	$ergebnis = $db->query("SELECT * FROM sprueche where id=$zufall;");

	while($row=$ergebnis->fetchArray()){
		$spruch = $row["spruch"];
	}


echo"
<!doctype html public '-//W3C//DTD XHTML 1.0 //EN'>


<html>
<head>
  <title>Login: Random Quote.</title>
<script type='text/javascript'>
    function animiere() {
            var ladebalken = document.getElementById('ladebalken');
            var laenge = parseInt(ladebalken.style.width);

            laenge++;
            ladebalken.style.width = laenge + 'px';

            if (laenge < 450) {
                window.setTimeout(animiere, 8);
            } 
            if (laenge == 450) {
	    document.location='/';
	    } 
        }
    </script>
  <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
  <link rel='stylesheet' type='text/css' href='hyperstyle.css' />
  <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
</head>

<body onload='animiere()' link='#000000' vlink='#000000' alink='#FF0000' >

<div id='distance' ></div>
<div id='container' align='center' class='mittlereschrift'>
<b>Zitat Nummer #$zufall</b><br><br><div id='bgcolor'>
$spruch
</div>

<br><br>
<div class='katze'<p> Fortschritt: </p></div>
	<div id='balken' align='left'>
		<span id='ladebalken' style='display: block; background: #ecece1; width: 0px;'>&nbsp;
		</span>
	</div>

<br><br>
<div class='unterstrich'><a href='/'>Überspringen</a></div>

</div>

</body>
</html>
";
header("Refresh: 7; /");
} else {
header("Location: login.php?failure=1");
}
?>