From af1865776cdfb272eace4061cf4b9cb81579b94e Mon Sep 17 00:00:00 2001 From: vadym Novoselskyi Date: Fri, 13 Sep 2024 14:56:16 +0200 Subject: [PATCH] add m4 2/2 --- www/M3-06-messages.dat | 1 - www/M4-01-users.dat | Bin 289 -> 0 bytes www/public/M2/09/userManipulation.php | 4 +- www/public/M3/02/index.php | 6 +- www/public/M3/03/index.php | 10 +- www/public/M3/04/index.php | 10 +- www/public/M3/04/pages/klotter.php | 4 +- www/public/M3/04/saveMsg.php | 2 +- www/public/M3/06/index.php | 10 +- www/public/M3/06/pages/klotter.php | 4 +- www/public/M3/06/saveMsg.php | 2 +- www/public/M3/06/userManipulation.php | 4 +- www/public/M4/01/userManipulation.php | 4 +- www/public/M4/02/index.php | 41 +++++--- www/public/M4/02/userManipulation.php | 4 +- www/public/M4/03/User.php | 28 ++++++ www/public/M4/03/index.php | 131 ++++++++++++++++++++++++++ www/public/M4/03/login.php | 44 +++++++++ www/public/M4/03/userManipulation.php | 47 +++++++++ www/public/M4/04/index.php | 128 +++++++++++++++++++++++++ www/public/M4/04/login.php | 44 +++++++++ www/{ => userCount}/M3-02-hit.dat | 0 www/{ => userCount}/M3-03-hit.dat | 0 www/{ => userCount}/M3-04-hit.dat | 0 www/{ => userCount}/M3-06-hit.dat | 0 www/{ => userData}/M2-09-users.dat | Bin www/{ => userData}/M3-04-messages.dat | 0 www/userData/M3-06-messages.dat | 1 + www/{ => userData}/M3-06-users.dat | Bin www/userData/M4-01-users.dat | Bin 0 -> 571 bytes www/userData/M4-02-users.dat | Bin 0 -> 703 bytes www/userData/M4-03-users.dat | Bin 0 -> 1276 bytes www/userData/M4-04-users.php | 9 ++ 33 files changed, 491 insertions(+), 47 deletions(-) delete mode 100644 www/M3-06-messages.dat delete mode 100644 www/M4-01-users.dat create mode 100644 www/public/M4/03/User.php create mode 100644 www/public/M4/03/index.php create mode 100644 www/public/M4/03/login.php create mode 100644 www/public/M4/03/userManipulation.php create mode 100644 www/public/M4/04/index.php create mode 100644 www/public/M4/04/login.php rename www/{ => userCount}/M3-02-hit.dat (100%) rename www/{ => userCount}/M3-03-hit.dat (100%) rename www/{ => userCount}/M3-04-hit.dat (100%) rename www/{ => userCount}/M3-06-hit.dat (100%) rename www/{ => userData}/M2-09-users.dat (100%) rename www/{ => userData}/M3-04-messages.dat (100%) create mode 100644 www/userData/M3-06-messages.dat rename www/{ => userData}/M3-06-users.dat (100%) create mode 100644 www/userData/M4-01-users.dat create mode 100644 www/userData/M4-02-users.dat create mode 100644 www/userData/M4-03-users.dat create mode 100644 www/userData/M4-04-users.php diff --git a/www/M3-06-messages.dat b/www/M3-06-messages.dat deleted file mode 100644 index 5e6a3fd..0000000 --- a/www/M3-06-messages.dat +++ /dev/null @@ -1 +0,0 @@ -

Från: 555

afsdgfh

\ No newline at end of file diff --git a/www/M4-01-users.dat b/www/M4-01-users.dat deleted file mode 100644 index b0f1c20ad7ffa64d1090f9853bbf61474ad6d3b6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 289 zcma)$$qs@r6h--#hP6<{BG07*C_$72uB_B}mwRq*@=gvGyg8VY z2y8%!ECf=G1l*&hSiAM7&Z`1Vq}nJ{@i%C5DZ556)e;ksZasBu>M1?@p*Og`N-wFr zB;$T}w~PBNBahVHw!?$iNV0kyo5i3WO*!60>skNg!vX(kGX#V&{!3 lU3w-oww%c4Minm$*RRJx$+FX)O`B_aVI^%tE}p&2=Lk@ diff --git a/www/public/M2/09/userManipulation.php b/www/public/M2/09/userManipulation.php index a04f466..76ff560 100644 --- a/www/public/M2/09/userManipulation.php +++ b/www/public/M2/09/userManipulation.php @@ -13,7 +13,7 @@ function addUser($user) { - $file = "../../../M2-09-users.dat"; + $file = "../../../userData/M2-09-users.dat"; if(file_exists($file)) { $users = unserialize(file_get_contents($file)); @@ -30,7 +30,7 @@ function isPresent($userToFind) { - $file = "../../../M2-09-users.dat"; + $file = "../../../userData/M2-09-users.dat"; if (file_exists($file)) { $userArray = unserialize(file_get_contents($file)); } diff --git a/www/public/M3/02/index.php b/www/public/M3/02/index.php index 8a2ede0..0d14cac 100644 --- a/www/public/M3/02/index.php +++ b/www/public/M3/02/index.php @@ -3,12 +3,12 @@ session_start(); } $hit = 0; - if(file_exists("../../../M3-02-hit.dat")) { - $hit = file_get_contents("../../../M3-02-hit.dat"); + if(file_exists("../../../userCount/M3-02-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-02-hit.dat"); } $hit++; // Ökar antalet besökare med 1 - file_put_contents("../../../M3-02-hit.dat", $hit); + file_put_contents("../../../userCount/M3-02-hit.dat", $hit); echo $hit; ?> diff --git a/www/public/M3/03/index.php b/www/public/M3/03/index.php index af94ad5..1d05c18 100644 --- a/www/public/M3/03/index.php +++ b/www/public/M3/03/index.php @@ -8,8 +8,8 @@ else { } } -if (file_exists("../../../M3-03-hit.dat")) { - $hit = file_get_contents("../../../M3-03-hit.dat"); +if (file_exists("../../../userCount/M3-03-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-03-hit.dat"); } echo $hit; @@ -20,12 +20,12 @@ function login() $_SESSION['logged_in'] = true; $hit = 0; - if (file_exists("../../../M3-03-hit.dat")) { - $hit = file_get_contents("../../../M3-03-hit.dat"); + if (file_exists("../../../userCount/M3-03-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-03-hit.dat"); } $hit++; // Ökar antalet besökare med 1 - file_put_contents("../../../M3-03-hit.dat", $hit); + file_put_contents("../../../userCount/M3-03-hit.dat", $hit); } } function logout() diff --git a/www/public/M3/04/index.php b/www/public/M3/04/index.php index 4dee2bb..eff06c7 100644 --- a/www/public/M3/04/index.php +++ b/www/public/M3/04/index.php @@ -9,8 +9,8 @@ else { #header("Location: login.php"); } -if (file_exists("../../../M3-04-hit.dat")) { - $hit = file_get_contents("../../../M3-04-hit.dat"); +if (file_exists("../../../userCount/M3-04-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-04-hit.dat"); } echo $hit; @@ -21,12 +21,12 @@ function login() $_SESSION['logged_in'] = true; $hit = 0; - if (file_exists("../../../M3-04-hit.dat")) { - $hit = file_get_contents("../../../M3-04-hit.dat"); + if (file_exists("../../../userCount/M3-04-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-04-hit.dat"); } $hit++; // Ökar antalet besökare med 1 - file_put_contents("../../../M3-04-hit.dat", $hit); + file_put_contents("../../../userCount/M3-04-hit.dat", $hit); } } function logout() diff --git a/www/public/M3/04/pages/klotter.php b/www/public/M3/04/pages/klotter.php index d2b6df4..24ae777 100644 --- a/www/public/M3/04/pages/klotter.php +++ b/www/public/M3/04/pages/klotter.php @@ -15,8 +15,8 @@ else { \ No newline at end of file diff --git a/www/public/M3/04/saveMsg.php b/www/public/M3/04/saveMsg.php index 0fd3790..5a81c74 100644 --- a/www/public/M3/04/saveMsg.php +++ b/www/public/M3/04/saveMsg.php @@ -2,7 +2,7 @@ $name = "

Från: " . $_POST['name'] . "

"; $msg = "

" . $_POST['message'] . "

"; - file_put_contents("../../../M3-04-messages.dat",$name.$msg,FILE_APPEND); + file_put_contents("../../../userData/M3-04-messages.dat",$name.$msg,FILE_APPEND); header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket ?> \ No newline at end of file diff --git a/www/public/M3/06/index.php b/www/public/M3/06/index.php index ec359ed..04b0adc 100644 --- a/www/public/M3/06/index.php +++ b/www/public/M3/06/index.php @@ -11,8 +11,8 @@ else { #header("Location: login.php"); } -if (file_exists("../../../M3-06-hit.dat")) { - $hit = file_get_contents("../../../M3-06-hit.dat"); +if (file_exists("../../../userCount/M3-06-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-06-hit.dat"); echo $hit; } @@ -71,12 +71,12 @@ function incUserCount() { session_start(); $hit = 0; - if (file_exists("../../../M3-06-hit.dat")) { - $hit = file_get_contents("../../../M3-06-hit.dat"); + if (file_exists("../../../userCount/M3-06-hit.dat")) { + $hit = file_get_contents("../../../userCount/M3-06-hit.dat"); } $hit++; // Ökar antalet besökare med 1 - file_put_contents("../../../M3-06-hit.dat", $hit); + file_put_contents("../../../userCount/M3-06-hit.dat", $hit); } } diff --git a/www/public/M3/06/pages/klotter.php b/www/public/M3/06/pages/klotter.php index 2d6f3ce..9c5da69 100644 --- a/www/public/M3/06/pages/klotter.php +++ b/www/public/M3/06/pages/klotter.php @@ -10,7 +10,7 @@ \ No newline at end of file diff --git a/www/public/M3/06/saveMsg.php b/www/public/M3/06/saveMsg.php index f14b29b..374d610 100644 --- a/www/public/M3/06/saveMsg.php +++ b/www/public/M3/06/saveMsg.php @@ -5,7 +5,7 @@ $name = "

Från: " . $_SESSION['username'] . "

"; $msg = "

" . cleanData($_POST['message']) . "

"; - file_put_contents("../../../M3-06-messages.dat", $name . $msg, FILE_APPEND); + file_put_contents("../../../userData/M3-06-messages.dat", $name . $msg, FILE_APPEND); header("location: index.php?page=klotter"); //Omdirigerar till klotterplanket diff --git a/www/public/M3/06/userManipulation.php b/www/public/M3/06/userManipulation.php index d7a352b..fc15068 100644 --- a/www/public/M3/06/userManipulation.php +++ b/www/public/M3/06/userManipulation.php @@ -13,7 +13,7 @@ function addUser($user) { - $file = "../../../M3-06-users.dat"; + $file = "../../../userData/M3-06-users.dat"; if(file_exists($file)) { $users = unserialize(file_get_contents($file)); @@ -30,7 +30,7 @@ function isPresent($userToFind) { - $file = "../../../M3-06-users.dat"; + $file = "../../../userData/M3-06-users.dat"; if (file_exists($file)) { $userArray = unserialize(file_get_contents($file)); } diff --git a/www/public/M4/01/userManipulation.php b/www/public/M4/01/userManipulation.php index 7dacf2d..a5c224d 100644 --- a/www/public/M4/01/userManipulation.php +++ b/www/public/M4/01/userManipulation.php @@ -13,7 +13,7 @@ function addUser($user) { - $file = "../../../M4-01-users.dat"; + $file = "../../../userData/M4-01-users.dat"; if(file_exists($file)) { $users = unserialize(file_get_contents($file)); @@ -30,7 +30,7 @@ function isPresent($userToFind) { - $file = "../../../M4-01-users.dat"; + $file = "../../../userData/M4-01-users.dat"; if (file_exists($file)) { $userArray = unserialize(file_get_contents($file)); } diff --git a/www/public/M4/02/index.php b/www/public/M4/02/index.php index ad26309..0317484 100644 --- a/www/public/M4/02/index.php +++ b/www/public/M4/02/index.php @@ -8,14 +8,13 @@ else { if (session_status() == PHP_SESSION_NONE) { session_start(); } - #header("Location: login.php"); } function login() { if (isset($_POST["username"])) $username = $_POST["username"]; if (isset($_POST["password"])) $password = $_POST["password"]; - $username = cleanData($username); + $username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED); $user = new User($username, $password); @@ -26,6 +25,7 @@ function login() if (session_status() == PHP_SESSION_NONE) { session_start(); } + session_regenerate_id(true); $_SESSION['logged_in'] = true; } function signup() { @@ -40,7 +40,7 @@ function signup() { exit(); } - $username = cleanData($username); + $username = filter_input(INPUT_POST, $username, FILTER_SANITIZE_SPECIAL_CHARS | FILTER_SANITIZE_STRIPPED); $password = password_hash($password, PASSWORD_DEFAULT); $user = new User($username, $password); @@ -55,30 +55,33 @@ function logout() } $_POST = array(); $_SESSION = array(); // Tömmer sessionsarrayen - session_destroy(); - #header("Location: login.php"); + session_regenerate_id(true); } -function cleanData($data) -{ - $data = strip_tags($data); - $data = htmlspecialchars($data); - $data = trim($data); - $data = stripslashes($data); - return $data; -} ?> - M4 | 01 + M4 | 02
+
+
+ Form + + +

+ +

+ +
+
+ Logged in!"; @@ -86,6 +89,16 @@ function cleanData($data) else { echo "

Not logged in!

"; } + + if(isset($_POST['message'])) { + $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + echo "

Name - " . $safeName . "

"; + echo "

Massage - " . $safeMassage . "

"; + } + else { + echo "

No message!

"; + } ?> Login
diff --git a/www/public/M4/02/userManipulation.php b/www/public/M4/02/userManipulation.php index f83d150..86a3a2c 100644 --- a/www/public/M4/02/userManipulation.php +++ b/www/public/M4/02/userManipulation.php @@ -13,7 +13,7 @@ function addUser($user) { - $file = "../../../M4-02-users.dat"; + $file = "../../../userData/M4-02-users.dat"; if(file_exists($file)) { $users = unserialize(file_get_contents($file)); @@ -30,7 +30,7 @@ function isPresent($userToFind) { - $file = "../../../M4-02-users.dat"; + $file = "../../../userData/M4-02-users.dat"; if (file_exists($file)) { $userArray = unserialize(file_get_contents($file)); } diff --git a/www/public/M4/03/User.php b/www/public/M4/03/User.php new file mode 100644 index 0000000..afa0130 --- /dev/null +++ b/www/public/M4/03/User.php @@ -0,0 +1,28 @@ +username = $username; + $this->password = $password; + } + + public function getUsername() { + return $this->username; + } + + public function getPassword() { + return $this->password; + } + + public function setUsername($username) { + $this->username = $username; + } + + public function setPassword($password) { + $this->password = $password; + } +} diff --git a/www/public/M4/03/index.php b/www/public/M4/03/index.php new file mode 100644 index 0000000..78e75d7 --- /dev/null +++ b/www/public/M4/03/index.php @@ -0,0 +1,131 @@ + + + + + + + M4 | 03 + + + + +
+
+
+ Form + + > + +

+ +

+ +
+
+ + Logged in!"; + } + else { + echo "

Not logged in!

"; + } + + if(isset($_POST['message'])) { + if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){ + echo "ok csrft"; + }else{ + echo "Inte ok csrft"; + } + $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + echo "

Name - " . $safeName . "

"; + echo "

Massage - " . $safeMassage . "

"; + } + else { + echo "

No message!

"; + } + ?> + Login +
+ + + \ No newline at end of file diff --git a/www/public/M4/03/login.php b/www/public/M4/03/login.php new file mode 100644 index 0000000..c367978 --- /dev/null +++ b/www/public/M4/03/login.php @@ -0,0 +1,44 @@ + + + + + + Login + + +
+
+ Login + + +

+ +

+ +
+
+ +
+
+ Signup + + +

+ +

+ +
+
+ +
+
+ +
+
+ Logout + + +
+
+ + \ No newline at end of file diff --git a/www/public/M4/03/userManipulation.php b/www/public/M4/03/userManipulation.php new file mode 100644 index 0000000..b12c101 --- /dev/null +++ b/www/public/M4/03/userManipulation.php @@ -0,0 +1,47 @@ + + + + + + Person write + + + + + getUsername() == $user->getUsername() && password_verify($userToFind->getPassword(), $user->getPassword())) return true; + } + return false; + } + ?> + + + \ No newline at end of file diff --git a/www/public/M4/04/index.php b/www/public/M4/04/index.php new file mode 100644 index 0000000..d7ee067 --- /dev/null +++ b/www/public/M4/04/index.php @@ -0,0 +1,128 @@ +Username: " . $username ."\n

"; + echo "

Password: " . $password . "



"; + + $_SESSION['logged_in'] = true; + $_SESSION['CSRFToken'] = bin2hex(random_bytes(32)); +} + +function logout() +{ + if (session_status() == PHP_SESSION_NONE) { + session_start(); + } + $_POST = array(); + $_SESSION = array(); // Tömmer sessionsarrayen + + session_regenerate_id(true); + $_SESSION['CSRFToken'] = bin2hex(random_bytes(32)); +} + +function cleanData($data) +{ + $data = strip_tags($data); + $data = htmlspecialchars($data); + $data = trim($data); + $data = stripslashes($data); + return $data; +} +?> + + + + + + M4 | 04 + + + + +
+
+
+ Form + + > + +

+ +

+ +
+
+ + Logged in!"; + } + else { + echo "

Not logged in!

"; + } + + if(isset($_POST['message'])) { + if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){ + echo "ok csrft"; + }else{ + echo "Inte ok csrft"; + } + $safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + $safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS); + echo "

Name - " . $safeName . "

"; + echo "

Massage - " . $safeMassage . "

"; + } + else { + echo "

No message!

"; + } + ?> + Login +
+ + + \ No newline at end of file diff --git a/www/public/M4/04/login.php b/www/public/M4/04/login.php new file mode 100644 index 0000000..c367978 --- /dev/null +++ b/www/public/M4/04/login.php @@ -0,0 +1,44 @@ + + + + + + Login + + +
+
+ Login + + +

+ +

+ +
+
+ +
+
+ Signup + + +

+ +

+ +
+
+ +
+
+ +
+
+ Logout + + +
+
+ + \ No newline at end of file diff --git a/www/M3-02-hit.dat b/www/userCount/M3-02-hit.dat similarity index 100% rename from www/M3-02-hit.dat rename to www/userCount/M3-02-hit.dat diff --git a/www/M3-03-hit.dat b/www/userCount/M3-03-hit.dat similarity index 100% rename from www/M3-03-hit.dat rename to www/userCount/M3-03-hit.dat diff --git a/www/M3-04-hit.dat b/www/userCount/M3-04-hit.dat similarity index 100% rename from www/M3-04-hit.dat rename to www/userCount/M3-04-hit.dat diff --git a/www/M3-06-hit.dat b/www/userCount/M3-06-hit.dat similarity index 100% rename from www/M3-06-hit.dat rename to www/userCount/M3-06-hit.dat diff --git a/www/M2-09-users.dat b/www/userData/M2-09-users.dat similarity index 100% rename from www/M2-09-users.dat rename to www/userData/M2-09-users.dat diff --git a/www/M3-04-messages.dat b/www/userData/M3-04-messages.dat similarity index 100% rename from www/M3-04-messages.dat rename to www/userData/M3-04-messages.dat diff --git a/www/userData/M3-06-messages.dat b/www/userData/M3-06-messages.dat new file mode 100644 index 0000000..1627f89 --- /dev/null +++ b/www/userData/M3-06-messages.dat @@ -0,0 +1 @@ +

Från: 555

afsdgfh

Från: 111

iopdfgjosdhckotre

Från: 111

awfgerkoösed

Från: 222

4353w6eur7ti

\ No newline at end of file diff --git a/www/M3-06-users.dat b/www/userData/M3-06-users.dat similarity index 100% rename from www/M3-06-users.dat rename to www/userData/M3-06-users.dat diff --git a/www/userData/M4-01-users.dat b/www/userData/M4-01-users.dat new file mode 100644 index 0000000000000000000000000000000000000000..1936897cd3d77f71c4bf9fad567d13def509bd0e GIT binary patch literal 571 zcma*h&2oY;6a`?Pg>el8VlZ)4@h8?IDvgLcMo5hcDk&g3zI(wsW z1DsTVefTAi4dt?hG- zEG#WsD#nU#b<923=;y(#s-M?cCA1 z`G#hq7)oB_Bw3_W>lpQZwwn}`i@%+TAISE)R9w&fV8lTfd&sX$S{wiqo1VCi**g%} i(^lK#Vh^Frm0qPKjzQdBNc)=ae&)Ip_&p6@i03bojMKRQ literal 0 HcmV?d00001 diff --git a/www/userData/M4-03-users.dat b/www/userData/M4-03-users.dat new file mode 100644 index 0000000000000000000000000000000000000000..f5edc717ce92967fed6a4edbf7693e1970598804 GIT binary patch literal 1276 zcma*m$&#ut6b9ga7OU4v!XV;G96$^+GVM?hQ9&R~+STuV)n43fHmRJXD)rTWP9k9@ z{A2<(*9Arx?Qv3%1StGq0ldnucm37AmLkfN(Hsl3FaiL)cmMCp2;=@<$L~{)5=P(f z@eQbNxlJOso81SrknGq~wBd1a6AN_Jus7Ywwj1z`KF7>f*-jI{^v?~|RHONCCIE5_ zgpdfs$PO==S!mK?89tA?PW7QT#(sTe4h~<$h<%3Xb7#lu#+^(8w_8r%FTXI5979nQ z5k}pgP+*7JPF?r`7&N~vpw{+%(xlEQx&U|8Y6j-Bfbx8Azpf{#d5At3njFJ%91(_3 zy>zj>?yiIDYM_)}VFXNKbcJNLEBTsOvgAPxrtU>YHQSu(GF#^#3`33qkS4-d-na+U zVYyNLdMleV1vH&CwxlyU@%x6m(A5#8xOISbhdy^;SCfVQ*Cv(_^P1`xh9S~K^4YTo zygW3aT}E-(=CvW~G3P6sHO-6rb68Y6S1xgJws+Tn(D3Fg`5W;-Wy zO0IlL>TzWzj;#9ZYH7+>oRMmyxL{A9eR9{;mI)!OE$rck&4?$=1&Mc mLTeK&D+S@PF9t`b(0!xwg-_v@YIs&mF+`;}+Z*pT{r&?yj(@`d literal 0 HcmV?d00001 diff --git a/www/userData/M4-04-users.php b/www/userData/M4-04-users.php new file mode 100644 index 0000000..e6bdbad --- /dev/null +++ b/www/userData/M4-04-users.php @@ -0,0 +1,9 @@ + \ No newline at end of file