aboutsummaryrefslogtreecommitdiff
path: root/www/functions/func_login.php
blob: 3afb3d8a835136490ad9dd158e9ad31b1ae56c09 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

<?php
function login($db){

        /*___Database Query: Login___*/
	$username = $_POST["username"];
        $password = $_POST["password"];
        $safe_username = SQLite3::escapeString("$username");

	$pepper = file_get_contents("../database/pepper.txt");
	$password = $password . $pepper;

	$real_password = "";

        $real_password_db = $db->query("SELECT password FROM user WHERE name='" . $safe_username . "';");
        while($real_password_array = $real_password_db->fetchArray(SQLITE3_NUM)){
        	foreach($real_password_array as $secondelement){
                	$real_password=$secondelement;
                }   
	}   

        /*___Login___*/
        if (!password_verify($password, $real_password)) {
		return LOGIN_PASSWORD;
	}
	
        if($db->exec("
        	BEGIN TRANSACTION;
                INSERT INTO log (id, user, login) VALUES (NULL, (SELECT id FROM user WHERE name='" . $username . "'), (SELECT strftime('%s', 'now')));
                COMMIT;
	")){

		$id = user_id($db, $username);

                $_SESSION["login"] = true;
                $_SESSION["username"] = $username;
		$_SESSION["userid"] = $id;

		return LOGIN_SUCCESSFULL; 

	} else {
		return LOGIN_DATABASE;
	}   
}

function logout(){
        
	if(session_destroy()){
                return LOGOUT_SUCCESSFULL;
        } else {
                return LOGOUT_FAILURE;
        }   
}

function brutforce_protection($db){
	$_SESSION["login_attempts"] = $_SESSION["login_attempts"] - 1;

	if($_SESSION["login_attempts"] <= 0){
		$remote_ip = $_SERVER["REMOTE_ADDR"];
		$session_id = session_id();
		$time = $_SERVER["REQUEST_TIME"];

		if($db->exec("
			BEGIN TRANSACTION;
			INSERT INTO banned_user (id, ip, session_id, time) VALUES (NULL, '".SQLite3::escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', ".$time.");
			COMMIT;
		")){
			echo "You are banned. ;_;";
		}
		exit;
	}
}

function check_if_banned($db){

	$remote_ip = $_SERVER["REMOTE_ADDR"];
	$session_id = session_id();
	$check_db = $db->query("SELECT time FROM banned_user WHERE ip='".SQLite3::escapeString($remote_ip)."' OR session_id='".SQLite3::escapeString($session_id)."';");
	$check_ar = $check_db->fetchArray(SQLITE3_NUM);

	$accepted_time = $_SERVER["REQUEST_TIME"] - 21600; 	// == 6h

	if($check_ar[0] < $accepted_time){
		return false; 					// not longer banned
	} else {
		return true;					// still banned
	}
}