test

e7668343 · Nico Schallehn · 6724e07b · e7668343
Commit e7668343 authored Feb 12, 2016 by Nico Schallehn
Show whitespace changes
Inline Side-by-side

Showing with 19 additions and 6 deletions

index.php index.php +19 -6

No files found.
--- a/index.php
+++ b/index.php
-<?php
+<?php session_start();
 include ("./api.class.php");
 if (isset ( $_POST ["anmelden"] )) {
 	$API = new MediaDBAPI ();
+	if ($API->APIinit($_POST["api-key"])) {
-	if ($API->APIinit ( $_POST ["api-key"] )) {
 		$ErrorBox = '<div class="alert alert-success">' . PHP_EOL . '<strong>Fehler!</strong> Alles Gut!' . PHP_EOL . '</div>' . PHP_EOL;
 		// Session Start bzw. Cookie setzen!!
+		$_SESSION['api-key'] = $_POST["api-key"];
+		setcookie ("api-key", $_POST["api-key"], time() + 3*24*3600);
+		setcookie ("api-secret", md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']), time() + 3*24*3600);
 	} else {
 		$FehlerArray = $API->error ( 1002 );
 		$ErrorBox = '<div class="alert alert-danger">' . PHP_EOL . '<strong>Fehler ' . $FehlerArray ["FehlerID"] . '!</strong> ' . $FehlerArray ["FehlerText"] . PHP_EOL . '</div>' . PHP_EOL;
 	}
+}
+if(isset($_SESSION['api-key']) OR (isset($_COOKIE['api-key']) AND isset($_COOKIE['api-secret']))){
+	if(md5($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR']) == $_COOKIE['api-secret']){
+		$_SESSION['api-key'] = $_COOKIE['api-key'];
+		$ErrorBox = '<div class="alert alert-danger">' . PHP_EOL .
+		'<strong>Fehler !</strong> ich leite dich weiter!! ' . PHP_EOL .
+		'</div>' . PHP_EOL;
+	}
 }
 ?>