blob: 8628a447d09db1a41ac88ef3938a91f39fa5a306 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?php
/* Copyright Maximilian Möhring, 2013
Licensed under the GPL. Read LICENSE for more Information.*/
include('auth.php');
include("header.php");
$name = $_SESSION["username"];
if ($_SESSION["username"] == "jg-adlershof"){
$account ="<td><a href='member_login.php'>Login</a></td>
<td>|</td>
<td><a href='register.php'>Register</a></td>
<td>|</td>
" ;
$name = "Gast";
} else {
header("Location: account.php");
exit;
$account ="<td><a href='account.php'>Account</a></td>
<td>|</td>
";
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$username = $_POST["username"];
$passwort = $_POST["password"];
$safe_username = SQLite3::escapeString("$username");
$safe_passwort = SQLite3::escapeString("$passwort");
$db_check = new SQLite3("../database/database.sqlite");
$salt_db = $db_check->query("SELECT salt FROM user WHERE name='$safe_username';");
while($salt_array = $salt_db->fetchArray(SQLITE3_NUM)){
foreach($salt_array as $firstelement){
$salt=$firstelement;
}
}
$password = "$salt"."$passwort";
$hash_password = md5($password);
for($i=0;$i<15000;$i++)
$hash_password = md5($hash_password);
$real_password_db = $db_check->query("SELECT password FROM user WHERE name='$safe_username';");
while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
foreach($real_password_array as $secondelement){
$real_password=$secondelement;
}
}
if ($real_password == $hash_password) {
$_SESSION["username"] = $_POST["username"];
header("Location: member_login.php?stat=1");
} else {
header("Location: member_login.php?stat=2");
}
} else {
if ($_GET["stat"] == 2) {
$failure="<br><div style='color:red;'>Name und/oder Passwort sind falsch!</div>";
} else {
if ($_GET["stat"] == 1) {
header("Location: account.php");
exit;
}
}
echo "
<div id='content_container' align='center'>
<br>
<div class='kleineschrift'>
<div class='ueberschrift'>
<p>JUNGE GEMEINDE ADLERSHOF</p>
</div>
<br>
<div id='behaelter' align='center' class=''>
<div class='katze'>
Hallo $name, <br>
hier kannst du dich für den Mitgliederbereich einloggen.
</div><br>
Noch kein eigenes Passwort? Dann <a style='text-decoration:underline;' href='register.php'>registrier</a> dich einfach.<br><br>
$failure
<form method='post' action='member_login.php' >
<p><input type='text' name='username' size='40'/></p>
<p><input type='password' name='password' size='40'/></p>
<p><input type='submit' name='submit' value='Miau!'/></p>
</form>
</div>
</div>
</div>
</body>
</html>
";
}
?>
|
