colonymech / docs / www / colonyscout / internal / login.php @ f59acf11
History | View | Annotate | Download (2.24 KB)
1 | f59acf11 | Dan Shope | <?php
|
---|---|---|---|
2 | session_start(); |
||
3 | $_SESSION['session_time'] = time(); //got the login time for user in second |
||
4 | $_SESSION['session_logout'] = time()+900; //set login timeout for 10 minutes |
||
5 | |||
6 | $docRoot=getenv("DOCUMENT_ROOT")."/"; |
||
7 | require_once($docRoot."internal/includes/jCryption-1.1.php"); |
||
8 | include_once($docRoot."/internal/do_login.php"); |
||
9 | doDB("colony_scout");
|
||
10 | |||
11 | //uses jCryption to encrypt username and password data
|
||
12 | //uses challenge/response with an expiration of 1 hour from challenge generation
|
||
13 | |||
14 | $keyLength = 256; |
||
15 | $jCryption = new jCryption(); |
||
16 | |||
17 | if(isset($_GET["generateKeypair"])) { |
||
18 | $keys = $jCryption->generateKeypair($keyLength); |
||
19 | $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16)); |
||
20 | $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16)); |
||
21 | $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16)); |
||
22 | |||
23 | echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}'; |
||
24 | exit;
|
||
25 | } |
||
26 | |||
27 | $var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]); |
||
28 | unset($_SESSION["e"]); |
||
29 | unset($_SESSION["d"]); |
||
30 | unset($_SESSION["n"]); |
||
31 | parse_str($var,$result); |
||
32 | |||
33 | $u = mysqli_escape_string($mysqli,$result["muser"]); |
||
34 | $p = mysqli_escape_string($mysqli,$result["mpass"]); |
||
35 | $key = $result["val"]; |
||
36 | $uID = "0"; |
||
37 | $uName = "User"; |
||
38 | |||
39 | if ($key!=md5($_SERVER['REMOTE_ADDR'].date('l jS \of F Y h A'))) { |
||
40 | //invalid login or login key has expired (valid for 1 hour after form generation)
|
||
41 | header("Location: /internal/index.php?s=expiredkey"); |
||
42 | exit;
|
||
43 | } |
||
44 | |||
45 | //check for user account
|
||
46 | $verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1"; |
||
47 | $verify_account_res = mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli)); |
||
48 | |||
49 | if (mysqli_num_rows($verify_account_res) < 1) { |
||
50 | |||
51 | header("Location: /internal/index.php?s=error"); |
||
52 | exit;
|
||
53 | } else {
|
||
54 | while ($member_info = mysqli_fetch_array($verify_account_res)) { |
||
55 | $uID = $member_info['ID']; |
||
56 | $uName = $member_info['FirstName']; |
||
57 | } |
||
58 | } |
||
59 | |||
60 | //close connection to MySQL
|
||
61 | mysqli_close($mysqli);
|
||
62 | |||
63 | |||
64 | $_SESSION['u'] = $uID; |
||
65 | $_SESSION['uName'] = $uName; |
||
66 | |||
67 | session_write_close(); |
||
68 | header("Location: /internal/index.php"); |
||
69 | exit();
|
||
70 | |||
71 | ?> |