128 lines
3.2 KiB
PHP
128 lines
3.2 KiB
PHP
<?php
|
|
include("../../../userData/M4-04-users.php");
|
|
|
|
if (isset($_POST['login'])) login();
|
|
else if (isset($_POST['signup'])) signup();
|
|
else if (isset($_POST['logout'])) logout();
|
|
else {
|
|
if (session_status() == PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
}
|
|
|
|
function login()
|
|
{
|
|
if (isset($_POST["username"])) $username = $_POST["username"];
|
|
if (isset($_POST["password"])) $password = $_POST["password"];
|
|
$username = cleanData($username);
|
|
|
|
$users = getUsers();
|
|
if (isset($users[$username]) && password_verify($password, $users[$username])) {
|
|
echo $username;
|
|
}
|
|
else {
|
|
header("Location: login.php");
|
|
exit();
|
|
}
|
|
|
|
if (session_status() == PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
session_regenerate_id(true);
|
|
$_SESSION['logged_in'] = true;
|
|
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
|
}
|
|
function signup() {
|
|
if (isset($_POST["username"]) && $_POST["username"] != "") $username = $_POST["username"];
|
|
else {
|
|
header("Location: login.php");
|
|
exit();
|
|
}
|
|
if (isset($_POST["password"]) && $_POST["password"] != "") $password = $_POST["password"];
|
|
else {
|
|
header("Location: login.php");
|
|
exit();
|
|
}
|
|
|
|
$username = cleanData($username);
|
|
$password = password_hash($password, PASSWORD_DEFAULT);
|
|
echo "<p>Username: " . $username ."\n</p>";
|
|
echo "<p>Password: " . $password . "</p> <br><br>";
|
|
|
|
$_SESSION['logged_in'] = true;
|
|
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
|
}
|
|
|
|
function logout()
|
|
{
|
|
if (session_status() == PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
$_POST = array();
|
|
$_SESSION = array(); // Tömmer sessionsarrayen
|
|
|
|
session_regenerate_id(true);
|
|
$_SESSION['CSRFToken'] = bin2hex(random_bytes(32));
|
|
}
|
|
|
|
function cleanData($data)
|
|
{
|
|
$data = strip_tags($data);
|
|
$data = htmlspecialchars($data);
|
|
$data = trim($data);
|
|
$data = stripslashes($data);
|
|
return $data;
|
|
}
|
|
?>
|
|
<!doctype html>
|
|
<html lang="sv">
|
|
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>M4 | 04</title>
|
|
<link href="css/styleSheet.css" rel="stylesheet" type="text/css">
|
|
</head>
|
|
|
|
<body>
|
|
<main>
|
|
<form action="" method="post">
|
|
<fieldset>
|
|
<legend>Form</legend>
|
|
<input type="hidden" name="message">
|
|
<input type = "hidden" name = "CSRFToken" value = <?php echo $_SESSION['CSRFToken']?>>
|
|
<label>Your name: </label>
|
|
<input type="text" name="name"> <br> <br>
|
|
<label>Your message: </label>
|
|
<input type="text" name="text"> <br> <br>
|
|
<input type="submit" value="Submit">
|
|
</fieldset>
|
|
</form>
|
|
|
|
<?php
|
|
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == true) {
|
|
echo "<h1>Logged in!</h1>";
|
|
}
|
|
else {
|
|
echo "<h1>Not logged in!</h1>";
|
|
}
|
|
|
|
if(isset($_POST['message'])) {
|
|
if($_SESSION['CSRFToken'] === $_POST['CSRFToken']){
|
|
echo "ok csrft";
|
|
}else{
|
|
echo "Inte ok csrft";
|
|
}
|
|
$safeName = filter_input(INPUT_POST, 'name',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
$safeMassage = filter_input(INPUT_POST, 'text',FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
|
echo "<h3>Name - " . $safeName . "</h3>";
|
|
echo "<p>Massage - " . $safeMassage . "</p>";
|
|
}
|
|
else {
|
|
echo "<h3>No message!</h3>";
|
|
}
|
|
?>
|
|
<a href="login.php">Login</a>
|
|
</main>
|
|
</body>
|
|
|
|
</html>
|