Project

General

Profile

Statistics
| Branch: | Revision:

root / docs / www / colonyscout / internal / login.php @ f59acf11

History | View | Annotate | Download (2.24 KB)

1
<?php
2
session_start();
3
$_SESSION['session_time'] = time(); //got the login time for user in second
4
$_SESSION['session_logout'] = time()+900; //set login timeout for 10 minutes
5

    
6
$docRoot=getenv("DOCUMENT_ROOT")."/";
7
require_once($docRoot."internal/includes/jCryption-1.1.php");
8
include_once($docRoot."/internal/do_login.php");
9
doDB("colony_scout");
10

    
11
//uses jCryption to encrypt username and password data
12
//uses challenge/response with an expiration of 1 hour from challenge generation
13

    
14
$keyLength = 256;
15
$jCryption = new jCryption();
16

    
17
if(isset($_GET["generateKeypair"])) {
18
        $keys = $jCryption->generateKeypair($keyLength);
19
        $_SESSION["e"] = array("int" => $keys["e"], "hex" => $jCryption->dec2string($keys["e"],16));
20
        $_SESSION["d"] = array("int" => $keys["d"], "hex" => $jCryption->dec2string($keys["d"],16));
21
        $_SESSION["n"] = array("int" => $keys["n"], "hex" => $jCryption->dec2string($keys["n"],16));
22
        
23
        echo '{"e":"'.$_SESSION["e"]["hex"].'","n":"'.$_SESSION["n"]["hex"].'","maxdigits":"'.intval($keyLength*2/16+3).'"}';
24
        exit;
25
}
26

    
27
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION["d"]["int"], $_SESSION["n"]["int"]);
28
unset($_SESSION["e"]);
29
unset($_SESSION["d"]);
30
unset($_SESSION["n"]);
31
parse_str($var,$result);
32

    
33
$u                = mysqli_escape_string($mysqli,$result["muser"]);
34
$p                = mysqli_escape_string($mysqli,$result["mpass"]);
35
$key        = $result["val"];
36
$uID        = "0";
37
$uName        = "User";
38

    
39
if ($key!=md5($_SERVER['REMOTE_ADDR'].date('l jS \of F Y h A'))) {
40
        //invalid login or login key has expired (valid for 1 hour after form generation)
41
        header("Location: /internal/index.php?s=expiredkey");
42
        exit;
43
}
44

    
45
//check for user account
46
$verify_account_sql = "SELECT ID, FirstName FROM members WHERE UserName = '".$u."' AND Password = PASSWORD('".$p."') LIMIT 1";
47
$verify_account_res =  mysqli_query($mysqli, $verify_account_sql) or die(mysqli_error($mysqli));
48

    
49
if (mysqli_num_rows($verify_account_res) < 1) {
50
        
51
        header("Location: /internal/index.php?s=error");
52
        exit;
53
} else {
54
        while ($member_info = mysqli_fetch_array($verify_account_res)) {
55
                $uID         = $member_info['ID'];
56
                $uName         = $member_info['FirstName'];
57
        }
58
}
59

    
60
//close connection to MySQL
61
mysqli_close($mysqli);
62

    
63

    
64
$_SESSION['u'] = $uID;
65
$_SESSION['uName'] = $uName;
66

    
67
session_write_close();
68
header("Location: /internal/index.php");
69
exit();
70

    
71
?>