diff --git a/html/changepassword.php b/html/changepassword.php
new file mode 100644
index 0000000..6177d41
--- /dev/null
+++ b/html/changepassword.php
@@ -0,0 +1,57 @@
+
+
+
+
+ Change Password
+
+
+
+
+
\ No newline at end of file
diff --git a/html/form_login.php b/html/form_login.php
new file mode 100644
index 0000000..2ffc681
--- /dev/null
+++ b/html/form_login.php
@@ -0,0 +1,17 @@
+
+
+SWG:Source | Login
+
+
+
+
+
+
+
+
diff --git a/html/images/swgsource.png b/html/images/swgsource.png
new file mode 100644
index 0000000..11dc6bb
Binary files /dev/null and b/html/images/swgsource.png differ
diff --git a/html/logout.php b/html/logout.php
new file mode 100644
index 0000000..1ea51af
--- /dev/null
+++ b/html/logout.php
@@ -0,0 +1,9 @@
+
+
+
+
+
\ No newline at end of file
diff --git a/html/post_changepassword.php b/html/post_changepassword.php
new file mode 100644
index 0000000..3c0e075
--- /dev/null
+++ b/html/post_changepassword.php
@@ -0,0 +1,58 @@
+
+
+
+
+real_escape_string($_POST['action']) : "";
+$username = $mysqli->real_escape_string($_POST['username']);
+if(strcasecmp($_SESSION['username'], $usernamejson[$ln]['username']) != 0)
+{
+ //error - trying to update password for someone that isn't ourself
+ if($_SESSION['accesslevel'] != "superadmin") {
+ //we can continue, we are superadmin
+ }
+ else
+ {
+ echo "Error - You can only change your own password.";
+ die();
+ }
+}
+
+if($action=='update') {
+ include 'includes/db_connect.php';
+ #do password hash here
+ function HashPassword($password)
+ {
+ $random = '';
+ $salt = sha1(rand());
+ $salt = substr($salt, 0, 10);
+ $encrypted = base64_encode(sha1($password . $salt, true) . $salt);
+ $hash = array("salt" => $salt, "encrypted" => $encrypted);
+ return $hash;
+ }
+ $passwordHash = HashPassword($_POST['realpassword']);
+ $passwordSalt = $passwordHash['salt'];
+ $passwordEncrypted = $passwordHash['encrypted'];
+ $query = "update user_account
+ set
+ password_hash = '".$mysqli->real_escape_string($passwordEncrypted)."',
+ password_salt = '".$mysqli->real_escape_string($passwordSalt)."'
+ WHERE username = '".$mysqli->real_escape_string($username)."'";
+
+ if( $mysqli->query($query) ) {
+ echo '';
+ }
+ else {
+ printf($mysqli->error);
+ }
+ $mysqli->close();
+}
+?>
+
diff --git a/html/post_login.php b/html/post_login.php
new file mode 100644
index 0000000..996acb6
--- /dev/null
+++ b/html/post_login.php
@@ -0,0 +1,47 @@
+real_escape_string($_POST['username']);
+$password = $mysqli->real_escape_string($_POST['password']);
+$user = getUserByEmailAndPassword($username, $password);
+if($user == true) {
+ if(isset($_SESSION['urlredirect'])) {
+ $_SESSION['user'] = $mysqli->real_escape_string($_POST['username']);
+ $redirectName = $_SESSION['urlredirect'];
+ echo '';
+ }
+ else {
+ header("Location: index.php");
+ $_SESSION['user'] = $mysqli->real_escape_string($_POST['username']);
+ }
+}
+else {
+ echo $mysqli->real_escape_string($_POST['username']), " does not exist or the password was incorrect";
+ echo 'Log In';
+}
+
+function getUserByEmailAndPassword($username, $password) {
+ global $mysqli;
+ $result = $mysqli->query("SELECT * FROM user_account WHERE username = '$username'") or die(mysql_error());
+ $no_of_rows = $result->num_rows;
+ if ($no_of_rows > 0) {
+ $result = $result->fetch_array();
+ $salt = $result['password_salt'];
+ $stored_hash = $result['password_hash'];
+ $hashtest = checkhashSSHA($salt, $password);
+ if ($hashtest == $stored_hash) {
+ $_SESSION['accesslevel'] = $result['accesslevel'];
+ $_SESSION['username'] = $mysqli->real_escape_string($_POST['username']);
+ return true;
+ }
+ } else {
+ return false;
+ }
+}
+function checkhashSSHA($salt, $password) {
+ $hash = base64_encode(sha1($password . $salt, true) . $salt);
+ return $hash;
+}
+?>