function session_authentification($filename)
{
unset($loginstatus);
unset($flag);
$loginstatus = false;
$flag = false;
$authent1 = new authentification();
if (isset($_SESSION['username'])) {
$loginstatus = true;
}
if (isset($_COOKIE['rem']) && !isset($_SESSION['username'])) {
list($username, $cookie_ID_hash) = explode(":", $_COOKIE['rem']);
$usercookie = simplexml_load_file(trim($filename)) or die("Error: Cannot create object");
foreach ($usercookie->user as $user) {
if ($authent1->hash_sha256($user) == trim($username)) {
if ($authent1->hash_sha256(trim($user->cookies->rememberme)) == trim($cookie_ID_hash)) {
$loginstatus = true;
$_SESSION['username'] = $user;
break 2;
}
}
}
}
return $loginstatus;
}
$Loginflag = -1;
//If password is wrong value = -1 else 0
$errorUsername = -1;
$errorpwd = -1;
$errorsetcookie = -1;
$authent = new authentification();
$xmlhandler = new xmlhandler();
$userpwdarray = $authent->getuserpwd($username, "userdata.xml");
if ($userpwdarray['userflag']) {
$errorUsername = 0;
}
if ($authent->verifypwd($password, $userpwdarray['password_hash'])) {
$errorpwd = 0;
}
if ($errorUsername == 0 && $errorpwd == 0) {
$_SESSION['username'] = $username;
$Loginflag = 0;
}
if ($rememberlogin == 1 && $errorpwd == 0 && $errorUsername == 0) {
//generate random cookie_ID to store on clients browser
$cookiearray = $authent->Cookie_remember_code();
$username_hash = $authent->hash_sha256($username);
$cookie = $username_hash . ":" . $cookiearray['cookie_ID_hash'];
setcookie("rem", $cookie, time() + 60 * 60 * 24 * 30);
//store unhashed cookie identifier in userdata
if ($xmlhandler->set_rem_cookie($username, $cookiearray['cookie_ID'], 'userdata.xml')) {
$errorsetcookie = 0;
}
}
$arr = array('Loginflag' => $Loginflag, 'errorsetcookie' => $errorsetcookie);
echo json_encode($arr);
$errorUsername = -1;
//If username exists already value = -1
$errorPasswordRepeat = -1;
//If password and password2 are not equal value = -1
$errordeviceID = -1;
unset($arr);
unset($errordeviceID, $errorUsername, $errorPasswordRepeat);
if ($loginstatusrequestflag == 1) {
$username = $_POST["username"];
$password = $_POST["password"];
$password2 = $_POST["passwordRepeat"];
$deviceID = $_POST["deviceID"];
$authent = new authentification();
$xmlhandler = new xmlhandler();
if ($authent->deviceID_verification($deviceID, "deviceID.xml")) {
$errordeviceID = 0;
}
if (trim($password) == trim($password2)) {
$errorPasswordRepeat = 0;
}
if ($xmlhandler->searchdoubleuser(trim($username), 'userdata.xml')) {
$errorUsername = 0;
}
if ($errorPasswordRepeat == 0 && $errorUsername == 0 && $errordeviceID == 0) {
$passwordencrypt = $authent->encryptpwd($password);
$deviceID_hash = $authent->hash_sha256($deviceID);
$xmlhandler->addnewuser($username, $passwordencrypt, $deviceID_hash, 'userdata.xml');
}
}
$arr = array('errorUsername' => $errorUsername, 'errorPasswordRepeat' => $errorPasswordRepeat, 'errorDeviceID' => $errordeviceID, 'loginflag' => $loginflag);
echo json_encode($arr);