From cde1139e80fef383c498fbc722537a679bc2f110 Mon Sep 17 00:00:00 2001
From: Sibidharan <sibidharan@icloud.com>
Date: Tue, 15 Mar 2022 15:49:21 +0000
Subject: [PATCH] login test

---
 libs/includes/Database.class.php |  2 +-
 libs/includes/User.class.php     | 16 +++++++++++++++-
 logintest.php                    | 30 ++++++++++++++++++++++++++++++
 test.php                         |  2 ++
 testhash.php                     | 19 +++++++++++++++++--
 5 files changed, 65 insertions(+), 4 deletions(-)
 create mode 100644 logintest.php

diff --git a/libs/includes/Database.class.php b/libs/includes/Database.class.php
index 90e4c78d..03e9d917 100644
--- a/libs/includes/Database.class.php
+++ b/libs/includes/Database.class.php
@@ -17,7 +17,7 @@ class Database
             if ($connection->connect_error) {
                 die("Connection failed: " . $connection->connect_error); //TODO: Replace this with exception handling
             } else {
-                printf("New connection establishing...");
+                //printf("New connection establishing...");
                 Database::$conn = $connection; //replacing null with actual connection
                 return Database::$conn;
             }
diff --git a/libs/includes/User.class.php b/libs/includes/User.class.php
index 440b298e..1a85d29f 100644
--- a/libs/includes/User.class.php
+++ b/libs/includes/User.class.php
@@ -5,7 +5,7 @@ class User
     private $conn;
     public static function signup($user, $pass, $email, $phone)
     {
-        $pass = md5($pass);
+        $pass = md5(strrev(md5($pass))); //Security through obscurity
         $conn = Database::getConnection();
         $sql = "INSERT INTO `auth` (`username`, `password`, `email`, `phone`, `active`)
         VALUES ('$user', '$pass', '$email', '$phone', '1');";
@@ -23,6 +23,20 @@ class User
 
     public static function login($user, $pass)
     {
+        $pass = md5(strrev(md5($pass)));
+        $query = "SELECT * FROM `auth` WHERE `username` = '$user'";
+        $conn = Database::getConnection();
+        $result = $conn->query($query);
+        if ($result->num_rows == 1) {
+            $row = $result->fetch_assoc();
+            if ($row['password'] == $pass) {
+                return $row;
+            } else {
+                return false;
+            }
+        } else {
+            return false;
+        }
     }
 
     public function __construct($username)
diff --git a/logintest.php b/logintest.php
new file mode 100644
index 00000000..dd995288
--- /dev/null
+++ b/logintest.php
@@ -0,0 +1,30 @@
+<?php
+include 'libs/load.php';
+
+$user = "fooboo";
+$pass = "decneg-napCaf-jakcy1";
+$result = null;
+
+if (isset($_GET['logout'])) {
+    Session::destroy();
+    die("Session destroyed, <a href='logintest.php'>Login Again</a>");
+}
+
+if (Session::get('is_loggedin')) {
+    $userdata = Session::get('session_user');
+    print("Welcome Back, $userdata[username]");
+    $result = $userdata;
+} else {
+    printf("No session found, trying to login now. <br>");
+    $result = User::login($user, $pass);
+    if ($result) {
+        echo "Login Success, $result[username]";
+        Session::set('is_loggedin', true);
+        Session::set('session_user', $result);
+    } else {
+        echo "Login failed <br>";
+    }
+}
+echo <<<EOL
+<br><br><a href="logintest.php?logout">Logout</a>
+EOL;
diff --git a/test.php b/test.php
index 7259da6c..4bc873eb 100644
--- a/test.php
+++ b/test.php
@@ -37,6 +37,8 @@ print("Model of 1st mic is ".$mic1->getModelProxy());
 print("\n".$mic1->getBrand());
 print("\n".$mic2->getBrand());
 
+print("\n".$mic->price);
+
 print("Value of 10+12 is ".$mic1->add(10, 12));
 print("This is mono font inside pre tag \n");
 
diff --git a/testhash.php b/testhash.php
index 03cbe318..a94dafa5 100644
--- a/testhash.php
+++ b/testhash.php
@@ -1,4 +1,19 @@
 <?php
 
-$pass = isset($_GET['pass']) ? $_GET['pass'] : "RandomPasswordThatIsSecure";
-echo(md5($pass));
+// $pass = isset($_GET['pass']) ? $_GET['pass'] : "RandomPasswordThatIsSecure";
+// echo(md5($pass));
+$str = <<<EOL
+No string-to-array function exists because it is not needed. If you reference a string with an offset like you do with an array, the character at that offset will be return. This is documented in section III.11's "Strings" article under the "String access and modification by character" heading. This is documented in section III.11's "Strings" article under the "String access and modification by character" heading. This is documented in section III.11's "Strings" article under the "String access and modification by character" heading.
+EOL;
+
+//This is documented in section III.11's "Strings" article under the "String access and modification by character" heading.
+echo("Data Length: ".strlen($str)."\n");
+
+$md5 = md5($str);
+$md5len = strlen($md5);
+
+$b64 = base64_encode($str);
+$b64len = strlen($b64);
+
+echo("MD5: $md5 (Lenght: $md5len)\n");
+echo("Base64: $b64 \n(Length: $b64len)\n");
-- 
GitLab