colonymech / docs / www / colonyscout / internal / login.php @ f59acf11
History | View | Annotate | Download (2.24 KB)
1 |
<?php
|
---|---|
2 |
session_start(); |
3 |
$_SESSION['session_time'] = time(); //got the login time for user in second |
4 |
$_SESSION['session_logout'] = time()+900; //set login timeout for 10 minutes |
5 |
|
6 |
$docRoot=getenv("DOCUMENT_ROOT")."/"; |
7 |
require_once($docRoot."internal/includes/jCryption-1.1.php"); |
8 |
include_once($docRoot."/internal/do_login.php"); |
9 |
doDB("colony_scout");
|
10 |
|
11 |
//uses jCryption to encrypt username and password data
|
12 |
//uses challenge/response with an expiration of 1 hour from challenge generation
|
13 |
|
14 |
$keyLength = 256; |
15 |
$jCryption = new jCryption(); |
16 |
|
17 |
if(isset($_GET["generateKeypair"])) { |
18 |
$keys = $jCryption->generateKeypair($keyLength); |
19 |
$_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16)); |
20 |
$_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16)); |
21 |
$_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16)); |
22 |
|
23 |
echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}'; |
24 |
exit;
|
25 |
} |
26 |
|
27 |
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); |
28 |
unset($_SESSION["e"]); |
29 |
unset($_SESSION["d"]); |
30 |
unset($_SESSION["n"]); |
31 |
parse_str($var,$result); |
32 |
|
33 |
$u = mysqli_escape_string($mysqli,$result["muser"]); |
34 |
$p = mysqli_escape_string($mysqli,$result["mpass"]); |
35 |
$key = $result["val"]; |
36 |
$uID = "0"; |
37 |
$uName = "User"; |
38 |
|
39 |
if ($key!=md5($_SERVER['REMOTE_ADDR'].date('l jS \of F Y h A'))) { |
40 |
//invalid login or login key has expired (valid for 1 hour after form generation)
|
41 |
header("Location: /internal/index.php?s=expiredkey"); |
42 |
exit;
|
43 |
} |
44 |
|
45 |
//check for user account
|
46 |
$verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1"; |
47 |
$verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
48 |
|
49 |
if (mysqli_num_rows($verify_account_res) < 1) { |
50 |
|
51 |
header("Location: /internal/index.php?s=error"); |
52 |
exit;
|
53 |
} else {
|
54 |
while ($member_info = mysqli_fetch_array($verify_account_res)) { |
55 |
$uID = $member_info['ID']; |
56 |
$uName = $member_info['FirstName']; |
57 |
} |
58 |
} |
59 |
|
60 |
//close connection to MySQL
|
61 |
mysqli_close($mysqli);
|
62 |
|
63 |
|
64 |
$_SESSION['u'] = $uID; |
65 |
$_SESSION['uName'] = $uName; |
66 |
|
67 |
session_write_close(); |
68 |
header("Location: /internal/index.php"); |
69 |
exit();
|
70 |
|
71 |
?>
|