2 Commits

Author SHA1 Message Date
Thies Mueller
df7b9fa800 removed the git foo 2021-01-17 16:28:07 +01:00
thies
469ddf0c3e made a mvp 2021-01-17 16:21:59 +01:00
24 changed files with 45 additions and 663 deletions

View File

@@ -1,38 +0,0 @@
---
name: Bug report
about: Create a report to help us improve
title: "[BUG]"
labels: bug_unconfirmed
assignees: ''
---
**Describe the bug**
A clear and concise description of what the bug is.
**To Reproduce**
Steps to reproduce the behavior:
1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error
**Expected behavior**
A clear and concise description of what you expected to happen.
**Screenshots**
If applicable, add screenshots to help explain your problem.
**Desktop (please complete the following information):**
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
**Smartphone (please complete the following information):**
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
**Additional context**
Add any other context about the problem here.

View File

@@ -1,20 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
title: ''
labels: enhancement
assignees: ''
---
**Is your feature request related to a problem? Please describe.**
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
**Describe the solution you'd like**
A clear and concise description of what you want to happen.
**Describe alternatives you've considered**
A clear and concise description of any alternative solutions or features you've considered.
**Additional context**
Add any other context or screenshots about the feature request here.

View File

@@ -1,21 +0,0 @@
on: [push]
jobs:
check-quality:
runs-on: ubuntu-latest
name: A job to check my code quality
steps:
- name: Check code meets quality standards
id: code-inspector
uses: codeinspectorio/github-action@master
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
code_inspector_access_key: ${{ secrets.CODE_INSPECTOR_ACCESS_KEY }}
code_inspector_secret_key: ${{ secrets.CODE_INSPECTOR_SECRET_KEY }}
min_quality_grade: 'WARNING'
min_quality_score: '50'
max_defects_rate: '0.0001'
max_complex_functions_rate: '0.0001'
max_long_functions_rate: '0.0001'
project_name: ''
max_timeout_sec: '600'

22
CONTRIBUTORS.MD Normal file
View File

@@ -0,0 +1,22 @@
# loginpagefoo
## Authors
- Lara Schradick
- Miriam Schroth
## License
Written under AGPLv3.
For more infos see [/LICENSE](/LICENSE)
## External Sources
### Stylesheets:
- Bootstrap
### Javascript:
- Bootstrap
### Database Design:
- Thies Müller
### PHP Code:
- contributions from Thies Müller

View File

@@ -1,17 +0,0 @@
# FEATURES
## Password Login
## PHP Session
## Logout
## Forget Password
## Password Complexibility Check
## Admin Functions
## Activate E-Mail
## More to come

View File

@@ -24,9 +24,9 @@ if(isset($_GET['notimplemented'])) { //if "?notimplemented=1" is received, print
//some html links to other pages //some html links to other pages
?> ?>
<br /><br /> <br /><br />
<a href="changeprofilepicture.php"><button class="btn btn-primary">Change Profile Picture</button> <a href="?notimplemented=1"><button class="btn btn-primary">Some Feature</button>
<br /><br /> <br /><br />
<a href="?notimplemented=1"><button class="btn btn-primary disabled">Change Description</button></a> <a href="?notimplemented=1"><button class="btn btn-primary disabled">Some other Feature</button></a>
<br /> <br /><br /> <br /> <br /><br />
<a href="start.php"><button class="btn btn-info">Back</button></a> <a href="start.php"><button class="btn btn-info">Back</button></a>
</div> </div>

View File

@@ -64,10 +64,15 @@ If this mail comes unsolicited, please just ignore the mail.
cheers cheers
loginpagefoo script'; loginpagefoo script';
mail($mailrcpt, $mailsubject, $text, $from); //sending the mail with the build-in mail function. echo 'Activation Link: <a href="'.$url_activationcode.'">'.$url_activationcode.'</a>';
/*
this would be the prod implementation
instead we just print the link and never ever use this in prod!
mail($mailrcpt, $mailsubject, $text, $from); //sending the mail with the build-in mail function.
echo 'Link send. Going back to <a href="profile.php">profile</a> page. <meta http-equiv="refresh" content="0; URL=profile.php">'; echo 'Link send. Going back to <a href="profile.php">profile</a> page. <meta http-equiv="refresh" content="0; URL=profile.php">';
//afterwards going back to profile, and dont render the form again. //afterwards going back to profile, and dont render the form again.
*/
$showForm = false; $showForm = false;
} }
} }

View File

@@ -12,13 +12,6 @@ session_start();
if($_SESSION['isadmin'] == 0) { //but first a check if you've got admin rights. if not, destroy the session and go back to start. if($_SESSION['isadmin'] == 0) { //but first a check if you've got admin rights. if not, destroy the session and go back to start.
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">'); die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
} //this is purely a cosmetic effect. no harm could be done from here. it's merely a html page with a little check if you've got the right rights. } //this is purely a cosmetic effect. no harm could be done from here. it's merely a html page with a little check if you've got the right rights.
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>'; echo '<div class="alert alert-danger" role="alert">heres the admin world. poc of rights management</div>';
echo '<a href="adminarea_useradmin.php"><button class="btn btn-primary">User Admin</button></a>';
echo '<br /> <br />';
echo '<a href="adminarea_sessions.php"><button class="btn btn-primary">Session Admin</button></a>';
echo '<br /> <br />';
echo '<a href="adminarea_admins.php"><button class="btn btn-danger">Admin Admin</button></a>';
echo '<br /> <br />';
echo '<a href="start.php"><button class="btn btn-info">Back</button></a>';
?> ?>

View File

@@ -1,69 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
echo '<a href="adminarea_admins_give.php"><button class="btn btn-success">GIVE</button></a>';
echo '<a href="adminarea_admins_take.php"><button class="btn btn-danger">TAKE</button></a>';
echo "<br />";
echo $output;
echo "<br />";
echo "//implement a user search here."; //yeah! Do what the comment says!
echo '<br />';
$showForm = false;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
echo $user['isadmin'];
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Search for Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Search User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

View File

@@ -1,72 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
$showForm = true;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
//check if theres a code already
$statement = $pdo->prepare("UPDATE users SET isadmin = '1' WHERE id = :userid");
$result = $statement->execute(array('userid' => $user['id']));
echo '<div class="alert alert-success" role="alert">Successfully granted ';
echo $user['username'];
echo ' ADMIN rights.</div>';
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Give Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Grant User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

View File

@@ -1,71 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
$showForm = true;
if(isset($_GET['user']) ) {
if(!isset($_POST['username']) || empty($_POST['username'])) {
$error = "<b>Enter the username</b>";
} else {
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $_POST['username']));
$user = $statement->fetch();
if($user === false) {
$error = "<b>no user found</b>";
} else {
//check if theres a code already
$statement = $pdo->prepare("UPDATE users SET isadmin = '0' WHERE id = :userid");
$result = $statement->execute(array('userid' => $user['id']));
echo '<div class="alert alert-success" role="alert">Successfully took the ADMIN rights from ';
echo $user['username'];
echo '</div>';
$showForm = false;
}
}
}
if($showForm):
?>
<h1>Give Admin Rights!</h1>
Please enter the username below.<br><br>
<?php
if(isset($error) && !empty($error)) {
echo $error;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?user=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" name="username" id="username" class="form-control" value="<?php echo isset($_POST['username']) ? htmlentities($_POST['username']) : ''; ?>"><br>
</div>
<button type="submit" class="btn btn-primary">Take User Rights</button>
</form>
<?php
endif;
?>
<?php
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

View File

@@ -1,58 +0,0 @@
<html>
<head>
<title>Admin Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'backgroundupdate.php';
if($_SESSION['isadmin'] == 0) {
die ('No rights for you! <meta http-equiv="refresh" content="0; URL=logout.php">');
}
echo '<div class="alert alert-danger" role="alert">heres the admin world</div>';
//create connection
$connection = mysqli_connect($mysqlhost, $dbuser, $dbpass, $dbname);
//test if connection failed
if(mysqli_connect_errno()){
die("connection failed: "
. mysqli_connect_error()
. " (" . mysqli_connect_errno()
. ")");
}
//get results from database
$result = mysqli_query($connection,"SELECT * FROM users");
$all_property = array(); //declare an array for saving property
//showing property
echo '<table class="table table-striped">
<tr class="data-heading">'; //initialize table tag
while ($property = mysqli_fetch_field($result)) {
echo '<td>' . $property->name . '</td>'; //get field name for header
array_push($all_property, $property->name); //save those to array
}
echo '</tr>'; //end tr tag
//showing all data
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
foreach ($all_property as $item) {
echo '<td>' . $row[$item] . '</td>'; //get items using property value
}
echo '</tr>';
}
echo "</table>";
echo '<br /> <br />';
echo '<a href="adminarea.php"><button class="btn btn-info">Back</button></a>';
?>

View File

@@ -15,5 +15,4 @@ $_SESSION['lastName'] = $user['lastName'];
$_SESSION['activated'] = $user['activated']; $_SESSION['activated'] = $user['activated'];
$_SESSION['updated_at'] = $user['updated_at']; $_SESSION['updated_at'] = $user['updated_at'];
$_SESSION['isadmin'] = $user['isadmin']; $_SESSION['isadmin'] = $user['isadmin'];
$_SESSION['profilepicture'] = $user['profilepicture'];
?> ?>

View File

@@ -1,109 +0,0 @@
<?php
echo "not implemented yet!";
/*
session_start();
include 'db.inc.php';
if(isset($_GET['changed'])) {
$username = $_POST['username'];
$oldpassword = $_POST['oldpassword'];
$password = $_POST('password');
$password_confirm = $_POST('password_confirm');
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username");
$result = $statement->execute(array('username' => $username));
$user = $statement->fetch();
if ($user !== false && password_verify($oldpassword, $user['password'])) {
if(isset($_GET['send'])) {
$password = $_POST['password'];
$password_confirm = $_POST['password_confirm'];
//regexes for passvalidation:
$REuppercase = preg_match('@[A-Z]@', $password);
$RElowercase = preg_match('@[a-z]@', $password);
$REnumber = preg_match('@[0-9]@', $password);
$REspecialChars = preg_match('@[^\w]@', $password);
if($password != $password_confirm) {
echo "password or confirmed password wrong";
}
if(!$REuppercase || !$RElowercase || !$REnumber || !$REspecialChars || strlen($password) < 8) {
echo '<color="red">Password needs to be more complex.</color><br />';
echo '<i>Please implement at least 8 chars, upper & downer caser, one number & one special char.</i><br />';
$error = true;
} else {
$passwordhash = password_hash($password, PASSWORD_DEFAULT);
$statement = $pdo->prepare("UPDATE users SET password = :passwordhash, passwordcode = NULL, passwordcode_time = NULL WHERE id = :userid");
$result = $statement->execute(array('passwordhash' => $passwordhash, 'userid'=> $userid ));
if($result) {
die('Changed password. Going to <a href="start.php">start</a> now.<meta http-equiv="refresh" content="1; URL=start.php">');
}
}
}
die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="start.php">start page</a></div> <meta http-equiv="refresh" content="0; URL=start.php">');
} else {
$errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>';
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
<title>Change Password</title>
</head>
<body>
<?php
if(isset($errorMessage)) {
echo $errorMessage;
}
?>
<script src="ressources/js/bootstrap.min.js"></script>
<div class="jumbotron jumbotron-fluid">
<div class="container">
<form action="?changed=1" method="post">
<div class="form-group">
<label for="username">Username</label>
<input type="text" class="form-control" size="40" id="username" placeholder="Username" name="username"><br><br>
</div>
<div class="form-group">
<label for="oldpassword">Current Password</label>
<input type="password" class="form-control" size="40" id="oldpassword" placeholder="Your old password" name="oldpassword"><br>
</div>
<div class="form-group">
<label for="password">New Password</label>
<input type="password" class="form-control" size="40" id="password" placeholder="Your new password" name="password"><br>
</div>
<div class="form-group">
<label for="password_confirm">Confirm New^ Password</label>
<input type="password" class="form-control" size="40" id="password_confirm" placeholder="Your new password" name="password_confirm"><br>
</div>
<button type="submit" class="btn btn-primary">Change Password</button>
</form>
<br />
<br />
<a href="forgotpass.php"><button class="btn btn-warning">I forgot my password</button></a>
<br /> <br />
</div>
</div>
</div>
</main><!-- /.container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script>window.jQuery || document.write('<script src="../../../../assets/js/vendor/jquery-slim.min.js"><\/script>')</script>
<script src="../../../../assets/js/vendor/popper.min.js"></script>
<script src="../../../../dist/js/bootstrap.min.js"></script>
</body>
</html>
*/

View File

@@ -1,68 +0,0 @@
<html>
<head>
<title>Activated Area</title>
<link rel="stylesheet" href="ressources/css/bootstrap.min.css" crossorigin="anonymous">
</head>
<body>
<script src="ressources/js/bootstrap.min.js"></script>
<?php
session_start();
include 'db.inc.php';
if($_SESSION['activated'] == 0) {
die ("Not activated yet");
}
echo "heres the fun world";
?>
<?php
//TODO: regex to parse file extensions here:
//function to insert url into table here:
if(isset($_GET['new'])) {
$imageurl = $_POST['imageurl'];
$userid = $_SESSION['userid'];
if($imageurl == "https://web.td00.de/woddle.gif") {
echo "<br> returning to default picture";
$statement = $pdo->prepare("UPDATE users SET profilepicture = :imageurl WHERE id = :userid");
$result = $statement->execute(array('imageurl' => $imageurl, 'userid'=> $userid ));
if($result) {
die('<br>Changed Profile Picture. Going to <a href="update.php?page=profile.php">profile</a> now.<meta http-equiv="refresh" content="1; URL=update.php?page=profile.php">');
}
}
else {
$statement = $pdo->prepare("UPDATE users SET profilepicture = :imageurl WHERE id = :userid");
$result = $statement->execute(array('imageurl' => $imageurl, 'userid'=> $userid ));
if($result) {
die('<br>Changed Profile Picture. Going to <a href="update.php?page=profile.php">profile</a> now.<meta http-equiv="refresh" content="1; URL=update.php?page=profile.php">');
}
}
}
?>
<br /> <br />
<div class="jumbotron jumbotron-fluid">
<div class="container">
<i>Right now you need to upload the picture somewhere and input the URL here.</i><br />
<b>Please be aware that only the following filetypes will work!</b>
<li>jpg</li>
<li>gif</li>
<li>png</li>
<br /><br /><br />
<script src="ressources/js/bootstrap.min.js"></script>
<form action="?new=1&amp;userid=<?php echo htmlentities($userid); ?>&amp;code=<?php echo htmlentities($code); ?>" method="post">
<div class="form-group">
<label for="imageurl">URL to new image</label>
<input type="url" pattern="https://.*" id="imageurl" class="form-control" name="imageurl"><br><br>
</div>
<button type="submit" class="btn btn-primary">Submit new Image</button>
</form>
<br /> <br /><br />
<a href="activatedarea.php"><button class="btn btn-info">Back</button></a>
</div>
</div>

View File

@@ -62,9 +62,11 @@ If this mail comes unsolicited, please just ignore the mail.
cheers cheers
loginpagefoo script'; loginpagefoo script';
mail($mailrcpt, $mailsubject, $text, $from); /*mail($mailrcpt, $mailsubject, $text, $from);
echo 'Link send. Going back to <a href="login.php">login</a> page. <meta http-equiv="refresh" content="0; URL=login.php">'; echo 'Link send. Going back to <a href="login.php">login</a> page. <meta http-equiv="refresh" content="0; URL=login.php">';
*/
echo 'Password Reset Link: <a href="'.$url_passwordcode.'">'.$url_passwordcode.'</a>';
$showForm = false; $showForm = false;
} }
} }

View File

@@ -1,66 +0,0 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>Profile Page</title>
<!-- Bootstrap core CSS -->
<link href="ressources/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="ressources/css/page.css" rel="stylesheet">
</head>
<body>
<nav class="navbar navbar-expand-md navbar-dark bg-dark fixed-top">
<a class="navbar-brand" href="#">loginpagefoo</a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarsExampleDefault" aria-controls="navbarsExampleDefault" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarsExampleDefault">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="login.php">Login </a>
</li>
<li class="nav-item">
<a class="nav-link" href="register.php">Register<span class="sr-only">(current)</span></a>
</li>
<li class="nav-item dropdown">
<a class="nav-link active dropdown-toggle" href="start.php" id="dropdown01" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Functions</a>
<div class="dropdown-menu" aria-labelledby="dropdown01">
<a class="dropdown-item" href="profile.php">Profile</a>
<a class="dropdown-item" href="#">Another action</a>
<a class="dropdown-item" href="#">Something else here</a>
</div>
</li>
</ul>
<form class="form-inline my-2 my-lg-0">
<a href="logout.php"><button class="btn btn-outline-warning my-2 my-sm-0" type="submit">Logout</button></a>
</form>
</div>
</nav>
<main role="main" class="container">
<div class="starter-template">
<!-- CONTENT HERE -->
</div>
</main><!-- /.container -->
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script>window.jQuery || document.write('<script src="../../../../assets/js/vendor/jquery-slim.min.js"><\/script>')</script>
<script src="../../../../assets/js/vendor/popper.min.js"></script>
<script src="../../../../dist/js/bootstrap.min.js"></script>
</body>
</html>

View File

@@ -17,6 +17,5 @@ CREATE TABLE `users` (
`activated` VARCHAR(1) NOT NULL , `activated` VARCHAR(1) NOT NULL ,
`passwordcode` VARCHAR(255) NULL , `passwordcode` VARCHAR(255) NULL ,
`passwordcode_time` TIMESTAMP NULL , `passwordcode_time` TIMESTAMP NULL ,
`profilepicture` VARCHAR(255) NULL DEFAULT 'https://web.td00.de/woddle.gif' ,
PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`) PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`)
) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

View File

@@ -1,11 +1,5 @@
<?php <?php
/*
author: Thies Müller
contact: contactme@td00.de
source: https://github.com/td00/loginpagefoo
license: AGPL 3.0
*/
session_start(); //here the session starts again session_start(); //here the session starts again
include 'db.inc.php'; //we need a db connection here too! include 'db.inc.php'; //we need a db connection here too!
@@ -26,7 +20,6 @@ if(isset($_GET['login'])) { //same as register. looks for "?login=1" in the url
$_SESSION['activated'] = $user['activated']; $_SESSION['activated'] = $user['activated'];
$_SESSION['updated_at'] = $user['updated_at']; $_SESSION['updated_at'] = $user['updated_at'];
$_SESSION['isadmin'] = $user['isadmin']; $_SESSION['isadmin'] = $user['isadmin'];
$_SESSION['profilepicture'] = $user['profilepicture'];
die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="start.php">start page</a></div> <meta http-equiv="refresh" content="0; URL=start.php">'); //successful login, thats all. die('<div class="alert alert-success" role="alert"> successfull. go to: <a href="start.php">start page</a></div> <meta http-equiv="refresh" content="0; URL=start.php">'); //successful login, thats all.
} else { } else {
$errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>'; //if password not match or username doesn't exist print this line $errorMessage = '<div class="alert alert-danger" role="alert">somethings wrong (maybe wrong password or wrong user)</div><br>'; //if password not match or username doesn't exist print this line

View File

@@ -2,7 +2,7 @@
<?php <?php
session_start(); //start a session session_start(); //start a session
if(!isset($_SESSION['userid'])) { //if there isnt a session print a please login page and go to login page if(!isset($_SESSION['userid'])) { //if there isnt a session print a please login page and go to login page
die('<div class="alert alert-primary" role="alert">Please <a href="login.php">login</a></div><meta http-equiv="refresh" content="2; URL=login.php">'); die('<div class="alert alert-primary" role="alert">Please <a href="login.php">login</a></div><meta http-equiv="refresh" content="1; URL=login.php">');
} }
//for easier use we shove some of the session array into variables. //for easier use we shove some of the session array into variables.
$userid = $_SESSION['userid']; $userid = $_SESSION['userid'];
@@ -12,7 +12,6 @@ $usergn = $_SESSION['givenName'];
$userln = $_SESSION['lastName']; $userln = $_SESSION['lastName'];
$activated = $_SESSION['activated']; $activated = $_SESSION['activated'];
$isadmin = $_SESSION['isadmin']; $isadmin = $_SESSION['isadmin'];
$profilepicture = $_SESSION['profilepicture'];
//lets build a page: //lets build a page:
?> ?>
@@ -26,10 +25,6 @@ $profilepicture = $_SESSION['profilepicture'];
<div class="float-right"> <div class="float-right">
<br /> <br />
<br /> <br />
<?php
echo '<img src="'.$profilepicture.'" height=90 width=90 />';
?>
</div> </div>

View File

@@ -1,28 +1,20 @@
<?php <?php
//this just prints Session data line for line. Its just a quick page to check if everythings in place //this just prints Session data line for line. Its just a quick page to check if everythings in place
session_start(); session_start();
echo "userid:";
echo $_SESSION['userid']; echo $_SESSION['userid'];
echo "<br />"; echo "<br />";
echo "username:";
echo $_SESSION['username']; echo $_SESSION['username'];
echo "<br />"; echo "<br />";
echo "email:";
echo $_SESSION['email']; echo $_SESSION['email'];
echo "<br />"; echo "<br />";
echo "givenname:";
echo $_SESSION['givenName']; echo $_SESSION['givenName'];
echo "<br />"; echo "<br />";
echo "lastname:";
echo $_SESSION['lastName']; echo $_SESSION['lastName'];
echo "<br />"; echo "<br />";
echo "activated:";
echo $_SESSION['activated']; echo $_SESSION['activated'];
echo "<br />"; echo "<br />";
echo "last updated:";
echo $_SESSION['updated_at']; echo $_SESSION['updated_at'];
echo "<br />"; echo "<br />";
echo "isadmin:";
echo $_SESSION['isadmin']; echo $_SESSION['isadmin'];
?> ?>

View File

@@ -1,12 +1,7 @@
<?php <?php
/*
author: Thies Müller
contact: contactme@td00.de
source: https://github.com/td00/loginpagefoo
license: AGPL 3.0
*/
session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this session_start(); //everytime we want to use $_SESSION or features regarding a valid session we need to start this
include 'db.inc.php'; //this is used to establish database connections thruout the app include 'db.inc.php'; //this is used to establish database connections thruout the app

View File

@@ -25,10 +25,10 @@ $activated = $_SESSION['activated'];
<body> <body>
<div class="d-flex flex-column flex-md-row align-items-center p-3 px-md-4 mb-3 bg-white border-bottom box-shadow"> <div class="d-flex flex-column flex-md-row align-items-center p-3 px-md-4 mb-3 bg-white border-bottom box-shadow">
<h5 class="my-0 mr-md-auto font-weight-normal">Crappy Login POC</h5> <h5 class="my-0 mr-md-auto font-weight-normal">Login POC</h5>
<nav class="my-2 my-md-0 mr-md-3"> <nav class="my-2 my-md-0 mr-md-3">
<a class="p-2 text-dark" href="https://github.com/td00/loginpagefoo">Git</a>
<?php <?php
if($userid > 0){ //if the user is logged in (has a userid above 0) then print this: if($userid > 0){ //if the user is logged in (has a userid above 0) then print this:
echo 'Hi <a href="profile.php">'.$_SESSION['username'].'</a>'; echo 'Hi <a href="profile.php">'.$_SESSION['username'].'</a>';
@@ -175,22 +175,19 @@ if ($isadmin == 1) { //if admin rights are granted, print a admin area button
<div class="col-6 col-md"> <div class="col-6 col-md">
<h5>Features</h5> <h5>Features</h5>
<ul class="list-unstyled text-small"> <ul class="list-unstyled text-small">
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Password Login</a></li> <li><a class="text-muted" href="">Password Login</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">PHP Session</a></li> <li><a class="text-muted" href="">User activation</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Logout</a></li> <li><a class="text-muted" href="">Logout</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Forget password</a></li> <li><a class="text-muted" href="">Forget password</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">Password complexibility check</a></li> <li><a class="text-muted" href="">Password complexibility check</a></li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo/blob/main/FEATURES.MD#password-login">More to come</a></li> <li><a class="text-muted" href="">More to come</a></li>
</ul> </ul>
</div> </div>
<div class="col-6 col-md"> <div class="col-6 col-md">
<h5>About</h5> <h5>About</h5>
<ul class="list-unstyled text-small"> <ul class="list-unstyled text-small">
<li><a class="text-muted" href="https://thiesmueller.de">Me</a></li> <li>This is just a small POC</li>
<li><a class="text-muted" href="https://github.com/td00/loginpagefoo">Git</a></li>
<li><a class="text-muted" href="https://thiesmueller.de/dsgvo/datenschmutz.html">Privacy</a></li>
<li><a class="text-muted" href="https://thiesmueller.de/impress/">Imprint</a></li>
</ul> </ul>
</div> </div>
</div> </div>

View File

@@ -13,6 +13,5 @@ CREATE TABLE `users` (
`isadmin` VARCHAR(1) NULL , `isadmin` VARCHAR(1) NULL ,
`passwordcode` VARCHAR(255) NULL , `passwordcode` VARCHAR(255) NULL ,
`passwordcode_time` TIMESTAMP NULL , `passwordcode_time` TIMESTAMP NULL ,
`profilepicture` VARCHAR(255) NULL DEFAULT 'https://web.td00.de/woddle.gif' ,
PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`) PRIMARY KEY (`id`), UNIQUE (`email`), UNIQUE (`username`)
) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; ) ENGINE = InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;