add m4 2/2
This commit is contained in:
parent
866c6b3731
commit
af1865776c
@ -1 +0,0 @@
|
||||
<hr><p>Från: 555</p><p>afsdgfh</p>
|
Binary file not shown.
@ -13,7 +13,7 @@
|
||||
|
||||
function addUser($user)
|
||||
{
|
||||
$file = "../../../M2-09-users.dat";
|
||||
$file = "../../../userData/M2-09-users.dat";
|
||||
|
||||
if(file_exists($file)) {
|
||||
$users = unserialize(file_get_contents($file));
|
||||
@ -30,7 +30,7 @@
|
||||
|
||||
function isPresent($userToFind)
|
||||
{
|
||||
$file = "../../../M2-09-users.dat";
|
||||
$file = "../../../userData/M2-09-users.dat";
|
||||
if (file_exists($file)) {
|
||||
$userArray = unserialize(file_get_contents($file));
|
||||
}
|
||||
|
@ -3,12 +3,12 @@
|
||||
session_start();
|
||||
}
|
||||
$hit = 0;
|
||||
if(file_exists("../../../M3-02-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-02-hit.dat");
|
||||
if(file_exists("../../../userCount/M3-02-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-02-hit.dat");
|
||||
}
|
||||
$hit++; // Ökar antalet besökare med 1
|
||||
|
||||
file_put_contents("../../../M3-02-hit.dat", $hit);
|
||||
file_put_contents("../../../userCount/M3-02-hit.dat", $hit);
|
||||
echo $hit;
|
||||
?>
|
||||
<!doctype html>
|
||||
|
@ -8,8 +8,8 @@ else {
|
||||
}
|
||||
}
|
||||
|
||||
if (file_exists("../../../M3-03-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-03-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-03-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-03-hit.dat");
|
||||
}
|
||||
echo $hit;
|
||||
|
||||
@ -20,12 +20,12 @@ function login()
|
||||
$_SESSION['logged_in'] = true;
|
||||
|
||||
$hit = 0;
|
||||
if (file_exists("../../../M3-03-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-03-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-03-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-03-hit.dat");
|
||||
}
|
||||
$hit++; // Ökar antalet besökare med 1
|
||||
|
||||
file_put_contents("../../../M3-03-hit.dat", $hit);
|
||||
file_put_contents("../../../userCount/M3-03-hit.dat", $hit);
|
||||
}
|
||||
}
|
||||
function logout()
|
||||
|
@ -9,8 +9,8 @@ else {
|
||||
#header("Location: login.php");
|
||||
}
|
||||
|
||||
if (file_exists("../../../M3-04-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-04-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-04-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-04-hit.dat");
|
||||
}
|
||||
echo $hit;
|
||||
|
||||
@ -21,12 +21,12 @@ function login()
|
||||
$_SESSION['logged_in'] = true;
|
||||
|
||||
$hit = 0;
|
||||
if (file_exists("../../../M3-04-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-04-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-04-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-04-hit.dat");
|
||||
}
|
||||
$hit++; // Ökar antalet besökare med 1
|
||||
|
||||
file_put_contents("../../../M3-04-hit.dat", $hit);
|
||||
file_put_contents("../../../userCount/M3-04-hit.dat", $hit);
|
||||
}
|
||||
}
|
||||
function logout()
|
||||
|
@ -15,8 +15,8 @@ else {
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if(file_exists("../../../M3-04-messages.dat")) {
|
||||
echo file_get_contents("../../../M3-04-messages.dat");
|
||||
if(file_exists("../../../userData/M3-04-messages.dat")) {
|
||||
echo file_get_contents("../../../userData/M3-04-messages.dat");
|
||||
}
|
||||
}
|
||||
?>
|
@ -2,7 +2,7 @@
|
||||
$name = "<hr><p>Från: " . $_POST['name'] . "</p>";
|
||||
$msg = "<p>" . $_POST['message'] . "</p>";
|
||||
|
||||
file_put_contents("../../../M3-04-messages.dat",$name.$msg,FILE_APPEND);
|
||||
file_put_contents("../../../userData/M3-04-messages.dat",$name.$msg,FILE_APPEND);
|
||||
|
||||
header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket
|
||||
?>
|
@ -11,8 +11,8 @@ else {
|
||||
#header("Location: login.php");
|
||||
}
|
||||
|
||||
if (file_exists("../../../M3-06-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-06-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-06-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-06-hit.dat");
|
||||
echo $hit;
|
||||
}
|
||||
|
||||
@ -71,12 +71,12 @@ function incUserCount() {
|
||||
session_start();
|
||||
|
||||
$hit = 0;
|
||||
if (file_exists("../../../M3-06-hit.dat")) {
|
||||
$hit = file_get_contents("../../../M3-06-hit.dat");
|
||||
if (file_exists("../../../userCount/M3-06-hit.dat")) {
|
||||
$hit = file_get_contents("../../../userCount/M3-06-hit.dat");
|
||||
}
|
||||
$hit++; // Ökar antalet besökare med 1
|
||||
|
||||
file_put_contents("../../../M3-06-hit.dat", $hit);
|
||||
file_put_contents("../../../userCount/M3-06-hit.dat", $hit);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -10,7 +10,7 @@
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if(file_exists("../../../M3-06-messages.dat")) {
|
||||
echo file_get_contents("../../../M3-06-messages.dat");
|
||||
if(file_exists("../../../userData/M3-06-messages.dat")) {
|
||||
echo file_get_contents("../../../userData/M3-06-messages.dat");
|
||||
}
|
||||
?>
|
@ -5,7 +5,7 @@
|
||||
$name = "<hr><p>Från: " . $_SESSION['username'] . "</p>";
|
||||
$msg = "<p>" . cleanData($_POST['message']) . "</p>";
|
||||
|
||||
file_put_contents("../../../M3-06-messages.dat", $name . $msg, FILE_APPEND);
|
||||
file_put_contents("../../../userData/M3-06-messages.dat", $name . $msg, FILE_APPEND);
|
||||
|
||||
header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket
|
||||
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
function addUser($user)
|
||||
{
|
||||
$file = "../../../M3-06-users.dat";
|
||||
$file = "../../../userData/M3-06-users.dat";
|
||||
|
||||
if(file_exists($file)) {
|
||||
$users = unserialize(file_get_contents($file));
|
||||
@ -30,7 +30,7 @@
|
||||
|
||||
function isPresent($userToFind)
|
||||
{
|
||||
$file = "../../../M3-06-users.dat";
|
||||
$file = "../../../userData/M3-06-users.dat";
|
||||
if (file_exists($file)) {
|
||||
$userArray = unserialize(file_get_contents($file));
|
||||
}
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
function addUser($user)
|
||||
{
|
||||
$file = "../../../M4-01-users.dat";
|
||||
$file = "../../../userData/M4-01-users.dat";
|
||||
|
||||
if(file_exists($file)) {
|
||||
$users = unserialize(file_get_contents($file));
|
||||
@ -30,7 +30,7 @@
|
||||
|
||||
function isPresent($userToFind)
|
||||
{
|
||||
$file = "../../../M4-01-users.dat";
|
||||
$file = "../../../userData/M4-01-users.dat";
|
||||
if (file_exists($file)) {
|
||||
$userArray = unserialize(file_get_contents($file));
|
||||
}
|
||||
|
@ -8,14 +8,13 @@ else {
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
#header("Location: login.php");
|
||||
}
|
||||
|
||||
function login()
|
||||
{
|
||||
if (isset($_POST["username"])) $username = $_POST["username"];
|
||||
if (isset($_POST["password"])) $password = $_POST["password"];
|
||||
$username = cleanData($username);
|
||||
$username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED);
|
||||
|
||||
$user = new User($username, $password);
|
||||
|
||||
@ -26,6 +25,7 @@ function login()
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['logged_in'] = true;
|
||||
}
|
||||
function signup() {
|
||||
@ -40,7 +40,7 @@ function signup() {
|
||||
exit();
|
||||
}
|
||||
|
||||
$username = cleanData($username);
|
||||
$username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED);
|
||||
$password = password_hash($password, PASSWORD_DEFAULT);
|
||||
|
||||
$user = new User($username, $password);
|
||||
@ -55,30 +55,33 @@ function logout()
|
||||
}
|
||||
$_POST = array();
|
||||
$_SESSION = array(); // Tömmer sessionsarrayen
|
||||
session_destroy();
|
||||
#header("Location: login.php");
|
||||
session_regenerate_id(true);
|
||||
}
|
||||
|
||||
function cleanData($data)
|
||||
{
|
||||
$data = strip_tags($data);
|
||||
$data = htmlspecialchars($data);
|
||||
$data = trim($data);
|
||||
$data = stripslashes($data);
|
||||
return $data;
|
||||
}
|
||||
?>
|
||||
<!doctype html>
|
||||
<html lang="sv">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>M4 | 01</title>
|
||||
<title>M4 | 02</title>
|
||||
<link href="css/styleSheet.css" rel="stylesheet" type="text/css">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<main>
|
||||
<form action="" method="post">
|
||||
<fieldset>
|
||||
<legend>Form</legend>
|
||||
<input type="hidden" name="message">
|
||||
<label>Your name: </label>
|
||||
<input type="text" name="name"> <br> <br>
|
||||
<label>Your message: </label>
|
||||
<input type="text" name="text"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
|
||||
echo "<h1>Logged in!</h1>";
|
||||
@ -86,6 +89,16 @@ function cleanData($data)
|
||||
else {
|
||||
echo "<h1>Not logged in!</h1>";
|
||||
}
|
||||
|
||||
if(isset($_POST['message'])) {
|
||||
$safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
echo "<h3>Name - " . $safeName . "</h3>";
|
||||
echo "<p>Massage - " . $safeMassage . "</p>";
|
||||
}
|
||||
else {
|
||||
echo "<h3>No message!</h3>";
|
||||
}
|
||||
?>
|
||||
<a href="login.php">Login</a>
|
||||
</main>
|
||||
|
@ -13,7 +13,7 @@
|
||||
|
||||
function addUser($user)
|
||||
{
|
||||
$file = "../../../M4-02-users.dat";
|
||||
$file = "../../../userData/M4-02-users.dat";
|
||||
|
||||
if(file_exists($file)) {
|
||||
$users = unserialize(file_get_contents($file));
|
||||
@ -30,7 +30,7 @@
|
||||
|
||||
function isPresent($userToFind)
|
||||
{
|
||||
$file = "../../../M4-02-users.dat";
|
||||
$file = "../../../userData/M4-02-users.dat";
|
||||
if (file_exists($file)) {
|
||||
$userArray = unserialize(file_get_contents($file));
|
||||
}
|
||||
|
28
www/public/M4/03/User.php
Normal file
28
www/public/M4/03/User.php
Normal file
@ -0,0 +1,28 @@
|
||||
<?php
|
||||
class User
|
||||
{
|
||||
private $username;
|
||||
private $password;
|
||||
|
||||
public function __construct($username, $password)
|
||||
{
|
||||
$this->username = $username;
|
||||
$this->password = $password;
|
||||
}
|
||||
|
||||
public function getUsername() {
|
||||
return $this->username;
|
||||
}
|
||||
|
||||
public function getPassword() {
|
||||
return $this->password;
|
||||
}
|
||||
|
||||
public function setUsername($username) {
|
||||
$this->username = $username;
|
||||
}
|
||||
|
||||
public function setPassword($password) {
|
||||
$this->password = $password;
|
||||
}
|
||||
}
|
131
www/public/M4/03/index.php
Normal file
131
www/public/M4/03/index.php
Normal file
@ -0,0 +1,131 @@
|
||||
<?php
|
||||
include("userManipulation.php");
|
||||
|
||||
if (isset($_POST['login'])) login();
|
||||
else if (isset($_POST['signup'])) signup();
|
||||
else if (isset($_POST['logout'])) logout();
|
||||
else {
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
}
|
||||
|
||||
function login()
|
||||
{
|
||||
if (isset($_POST["username"])) $username = $_POST["username"];
|
||||
if (isset($_POST["password"])) $password = $_POST["password"];
|
||||
$username = cleanData($username);
|
||||
|
||||
$user = new User($username, $password);
|
||||
|
||||
if (!isPresent($user)) {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['logged_in'] = true;
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
function signup() {
|
||||
if (isset($_POST["username"]) && $_POST["username"] != "") $username = $_POST["username"];
|
||||
else {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
if (isset($_POST["password"]) && $_POST["password"] != "") $password = $_POST["password"];
|
||||
else {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
$username = cleanData($username);
|
||||
$password = password_hash($password, PASSWORD_DEFAULT);
|
||||
|
||||
$user = new User($username, $password);
|
||||
addUser($user);
|
||||
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
session_regenerate_id();
|
||||
$_SESSION['logged_in'] = true;
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
|
||||
function logout()
|
||||
{
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
$_POST = array();
|
||||
$_SESSION = array(); // Tömmer sessionsarrayen
|
||||
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
|
||||
function cleanData($data)
|
||||
{
|
||||
$data = strip_tags($data);
|
||||
$data = htmlspecialchars($data);
|
||||
$data = trim($data);
|
||||
$data = stripslashes($data);
|
||||
return $data;
|
||||
}
|
||||
?>
|
||||
<!doctype html>
|
||||
<html lang="sv">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>M4 | 03</title>
|
||||
<link href="css/styleSheet.css" rel="stylesheet" type="text/css">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<main>
|
||||
<form action="" method="post">
|
||||
<fieldset>
|
||||
<legend>Form</legend>
|
||||
<input type="hidden" name="message">
|
||||
<input type = "hidden" name = "CSRFToken" value = <?php echo $_SESSION['CSRFToken']; ?>>
|
||||
<label>Your name: </label>
|
||||
<input type="text" name="name"> <br> <br>
|
||||
<label>Your message: </label>
|
||||
<input type="text" name="text"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
|
||||
echo "<h1>Logged in!</h1>";
|
||||
}
|
||||
else {
|
||||
echo "<h1>Not logged in!</h1>";
|
||||
}
|
||||
|
||||
if(isset($_POST['message'])) {
|
||||
if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){
|
||||
echo "ok csrft";
|
||||
}else{
|
||||
echo "Inte ok csrft";
|
||||
}
|
||||
$safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
echo "<h3>Name - " . $safeName . "</h3>";
|
||||
echo "<p>Massage - " . $safeMassage . "</p>";
|
||||
}
|
||||
else {
|
||||
echo "<h3>No message!</h3>";
|
||||
}
|
||||
?>
|
||||
<a href="login.php">Login</a>
|
||||
</main>
|
||||
</body>
|
||||
|
||||
</html>
|
44
www/public/M4/03/login.php
Normal file
44
www/public/M4/03/login.php
Normal file
@ -0,0 +1,44 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Login</title>
|
||||
</head>
|
||||
<body>
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Login</legend>
|
||||
<input type="hidden" name="login">
|
||||
<label>Your username: </label>
|
||||
<input type="text" name="username"> <br> <br>
|
||||
<label>Your password: </label>
|
||||
<input type="password" name="password"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Signup</legend>
|
||||
<input type="hidden" name="signup">
|
||||
<label>Your username: </label>
|
||||
<input type="text" name="username"> <br> <br>
|
||||
<label>Your password: </label>
|
||||
<input type="password" name="password"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Logout</legend>
|
||||
<input type="hidden" name="logout">
|
||||
<input type="submit" value="Logout">
|
||||
</fieldset>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
47
www/public/M4/03/userManipulation.php
Normal file
47
www/public/M4/03/userManipulation.php
Normal file
@ -0,0 +1,47 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="se">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Person write</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<?php
|
||||
include("User.php");
|
||||
|
||||
function addUser($user)
|
||||
{
|
||||
$file = "../../../userData/M4-03-users.dat";
|
||||
|
||||
if(file_exists($file)) {
|
||||
$users = unserialize(file_get_contents($file));
|
||||
$users[] = $user;
|
||||
file_put_contents($file, serialize($users));
|
||||
}
|
||||
else {
|
||||
$users = array();
|
||||
$users[] = $user;
|
||||
file_put_contents($file, serialize($users));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function isPresent($userToFind)
|
||||
{
|
||||
$file = "../../../userData/M4-03-users.dat";
|
||||
if (file_exists($file)) {
|
||||
$userArray = unserialize(file_get_contents($file));
|
||||
}
|
||||
else return false;
|
||||
|
||||
foreach($userArray as $user) {
|
||||
if($userToFind->getUsername() == $user->getUsername() && password_verify($userToFind->getPassword(), $user->getPassword())) return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
</body>
|
||||
|
||||
</html>
|
128
www/public/M4/04/index.php
Normal file
128
www/public/M4/04/index.php
Normal file
@ -0,0 +1,128 @@
|
||||
<?php
|
||||
include("../../../userData/M4-04-users.php");
|
||||
|
||||
if (isset($_POST['login'])) login();
|
||||
else if (isset($_POST['signup'])) signup();
|
||||
else if (isset($_POST['logout'])) logout();
|
||||
else {
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
}
|
||||
|
||||
function login()
|
||||
{
|
||||
if (isset($_POST["username"])) $username = $_POST["username"];
|
||||
if (isset($_POST["password"])) $password = $_POST["password"];
|
||||
$username = cleanData($username);
|
||||
|
||||
$users = getUsers();
|
||||
if (isset($users[$username]) && password_verify($password, $users[$username])) {
|
||||
echo $username;
|
||||
}
|
||||
else {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['logged_in'] = true;
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
function signup() {
|
||||
if (isset($_POST["username"]) && $_POST["username"] != "") $username = $_POST["username"];
|
||||
else {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
if (isset($_POST["password"]) && $_POST["password"] != "") $password = $_POST["password"];
|
||||
else {
|
||||
header("Location: login.php");
|
||||
exit();
|
||||
}
|
||||
|
||||
$username = cleanData($username);
|
||||
$password = password_hash($password, PASSWORD_DEFAULT);
|
||||
echo "<p>Username: " . $username ."\n</p>";
|
||||
echo "<p>Password: " . $password . "</p> <br><br>";
|
||||
|
||||
$_SESSION['logged_in'] = true;
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
|
||||
function logout()
|
||||
{
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
$_POST = array();
|
||||
$_SESSION = array(); // Tömmer sessionsarrayen
|
||||
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
|
||||
function cleanData($data)
|
||||
{
|
||||
$data = strip_tags($data);
|
||||
$data = htmlspecialchars($data);
|
||||
$data = trim($data);
|
||||
$data = stripslashes($data);
|
||||
return $data;
|
||||
}
|
||||
?>
|
||||
<!doctype html>
|
||||
<html lang="sv">
|
||||
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>M4 | 04</title>
|
||||
<link href="css/styleSheet.css" rel="stylesheet" type="text/css">
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<main>
|
||||
<form action="" method="post">
|
||||
<fieldset>
|
||||
<legend>Form</legend>
|
||||
<input type="hidden" name="message">
|
||||
<input type = "hidden" name = "CSRFToken" value = <?php echo $_SESSION['CSRFToken']?>>
|
||||
<label>Your name: </label>
|
||||
<input type="text" name="name"> <br> <br>
|
||||
<label>Your message: </label>
|
||||
<input type="text" name="text"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
|
||||
echo "<h1>Logged in!</h1>";
|
||||
}
|
||||
else {
|
||||
echo "<h1>Not logged in!</h1>";
|
||||
}
|
||||
|
||||
if(isset($_POST['message'])) {
|
||||
if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){
|
||||
echo "ok csrft";
|
||||
}else{
|
||||
echo "Inte ok csrft";
|
||||
}
|
||||
$safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
$safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
echo "<h3>Name - " . $safeName . "</h3>";
|
||||
echo "<p>Massage - " . $safeMassage . "</p>";
|
||||
}
|
||||
else {
|
||||
echo "<h3>No message!</h3>";
|
||||
}
|
||||
?>
|
||||
<a href="login.php">Login</a>
|
||||
</main>
|
||||
</body>
|
||||
|
||||
</html>
|
44
www/public/M4/04/login.php
Normal file
44
www/public/M4/04/login.php
Normal file
@ -0,0 +1,44 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Login</title>
|
||||
</head>
|
||||
<body>
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Login</legend>
|
||||
<input type="hidden" name="login">
|
||||
<label>Your username: </label>
|
||||
<input type="text" name="username"> <br> <br>
|
||||
<label>Your password: </label>
|
||||
<input type="password" name="password"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Signup</legend>
|
||||
<input type="hidden" name="signup">
|
||||
<label>Your username: </label>
|
||||
<input type="text" name="username"> <br> <br>
|
||||
<label>Your password: </label>
|
||||
<input type="password" name="password"> <br> <br>
|
||||
<input type="submit" value="Submit">
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<br>
|
||||
<br>
|
||||
|
||||
<form action="index.php" method="post">
|
||||
<fieldset>
|
||||
<legend>Logout</legend>
|
||||
<input type="hidden" name="logout">
|
||||
<input type="submit" value="Logout">
|
||||
</fieldset>
|
||||
</form>
|
||||
</body>
|
||||
</html>
|
1
www/userData/M3-06-messages.dat
Normal file
1
www/userData/M3-06-messages.dat
Normal file
@ -0,0 +1 @@
|
||||
<hr><p>Från: 555</p><p>afsdgfh</p><hr><p>Från: 111</p><p>iopdfgjosdhckotre</p><hr><p>Från: 111</p><p>awfgerkoösed</p><hr><p>Från: 222</p><p>4353w6eur7ti</p>
|
BIN
www/userData/M4-01-users.dat
Normal file
BIN
www/userData/M4-01-users.dat
Normal file
Binary file not shown.
BIN
www/userData/M4-02-users.dat
Normal file
BIN
www/userData/M4-02-users.dat
Normal file
Binary file not shown.
BIN
www/userData/M4-03-users.dat
Normal file
BIN
www/userData/M4-03-users.dat
Normal file
Binary file not shown.
9
www/userData/M4-04-users.php
Normal file
9
www/userData/M4-04-users.php
Normal file
@ -0,0 +1,9 @@
|
||||
<?php
|
||||
function getUsers() {
|
||||
$users = array();
|
||||
$users['admin'] = '$2y$10$fCFmmSX/lumDbNJw7YUMdOAfASpMAEEeQg6eT5r5govkZdV31/wLm';
|
||||
$users['hank'] = '$2y$10$6qpK9B7tHzGqwLJmHx.XpeefSpMIbamxgpOWsx6CqtrBCxVKqsEn6';
|
||||
$user['admin1'] = '$2y$10$YcT3gCMi2H9KZcFQHw0kfOzG.FdWeQqkcjr9mPsWAKxVNTZRWJZWy';
|
||||
return $users;
|
||||
}
|
||||
?>
|
Loading…
Reference in New Issue
Block a user