forked from MineAndCraft12/AaronOS
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcheckPassword.php
More file actions
55 lines (51 loc) · 2.21 KB
/
checkPassword.php
File metadata and controls
55 lines (51 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
if(isset($_COOKIE['keyword'])){
if($_COOKIE['keyword']){
if(strpos($_COOKIE['keyword'], '.') !== false || strpos($_COOKIE['keyword'], '/') !== false){
// bad cookie. ignore it
unset($_COOKIE['keyword']);
echo 'bad keyword';
die();
}
}
}
ini_set("open_basedir", "./");
if(file_exists('USERFILES/'.$_COOKIE['keyword'].'/aOSpassword.txt')){
$passwordFile = fopen('USERFILES/'.$_COOKIE['keyword'].'/aOSpassword.txt', 'r');
$currPassword = fread($passwordFile, filesize('USERFILES/'.$_COOKIE['keyword'].'/aOSpassword.txt'));
fclose($passwordFile);
if(strlen($currPassword) === 64){
unlink('USERFILES/'.$_COOKIE['keyword'].'/aOSpassword.txt');
}else{
if(strlen($currPassword) !== 60){
$passbc = password_hash($currPassword, PASSWORD_BCRYPT);
$passfile = fopen('USERFILES/'.$_COOKIE['keyword'].'/aOSpassword.txt', 'w');
fwrite($passfile, $passbc);
fclose($passfile);
$currPassword = $passbc;
}
if(password_verify($_POST['pass'], $currPassword)){
// SET LOGIN TOKEN AND SAVE IT
$tokenlettertypes = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#%&*-.^_`|~';
$newtoken = '';
for($i = 0; $i < 30; $i++){
$newtoken = $newtoken.$tokenlettertypes[random_int(0, strlen($tokenlettertypes) - 1)];
}
//$newtoken = strval(microtime(TRUE));
if(!is_dir('logins')){
mkdir('logins');
file_put_contents('logins/.htaccess', 'Deny from all');
}
file_put_contents('logins/'.$_COOKIE['keyword'].'.txt', password_hash($newtoken, PASSWORD_BCRYPT));
if(isset($_POST['loggingInViaUI'])){
setcookie('logintoken', $newtoken);
}
echo $newtoken;
}else{
echo 'REJECT';
}
}
}else{
echo 'no password is set';
}
?>