diff options
author | alexvitkov <44268717+alexvitkov@users.noreply.github.com> | 2021-01-29 12:52:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-29 12:52:06 +0200 |
commit | 33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0 (patch) | |
tree | 7b748d2b87ab018d7ff451b4111a1b88eeb58416 | |
parent | ceedd596c9f39f53555fd0746a42d6b85cd49b6c (diff) | |
parent | 472e170f408e3d8d1db2eb066d445153aad55d73 (diff) | |
download | fileup-33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0.tar.gz |
Merge pull request #1 from GTSimeonov/master
rararrararararraar
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | css/style.css (renamed from style.css) | 16 | ||||
-rw-r--r-- | index.html | 22 | ||||
-rw-r--r-- | js/arrows.js (renamed from arrows.js) | 2 | ||||
-rw-r--r-- | js/validate_hero.js | 58 | ||||
-rw-r--r-- | login.html | 55 | ||||
-rw-r--r-- | php/configuration.php | 17 | ||||
-rw-r--r-- | php/database.php | 112 | ||||
-rw-r--r-- | php/file_type_recogniser.php (renamed from file_type_recogniser.php) | 0 | ||||
-rw-r--r-- | php/login.php | 25 | ||||
-rw-r--r-- | php/misc.php | 18 | ||||
-rw-r--r-- | php/register.php | 27 | ||||
-rw-r--r-- | php/upload.php (renamed from upload.php) | 0 | ||||
-rw-r--r-- | php/user.php | 10 | ||||
-rw-r--r-- | sql/fileshare.sql | 50 | ||||
-rw-r--r-- | svg/arrow.svg (renamed from arrow.svg) | 0 | ||||
-rw-r--r-- | svg/bottom.svg (renamed from bottom.svg) | 0 |
17 files changed, 377 insertions, 41 deletions
@@ -0,0 +1,6 @@ +FILEUP + + + +for this to work you need to have mysql. Create a database and a user for this service then +modify php/configure.php as needed. Create tables described in sql/fileshare.sql diff --git a/style.css b/css/style.css index e6c5e93..31778c4 100644 --- a/style.css +++ b/css/style.css @@ -125,6 +125,21 @@ form p { margin: 1rem 0px 0.3rem 0px; } + +.hero_form_error { + animation: fadein 0.2s; + background-color: #ff4d4d; + color: #ffffff; + padding-left: 0.5rem; + border-bottom-left-radius: 0.5rem; + border-bottom-right-radius: 0.5rem; + margin-top: -0.2rem; + +} +@keyframes fadein { + from { opacity: 0; } + to { opacity: 1; } +} input { min-width: 300px; border: 1px solid #bbb; @@ -146,6 +161,7 @@ input[type=submit] { box-shadow: 0 0.2rem 0.6rem #eee; background: #231179; color: white; + outline: none; } input:focus, @@ -3,7 +3,7 @@ <head> <meta charset="utf-8"> <title>shady file upload</title> - <link rel="stylesheet" type="text/css" href="style.css"> + <link rel="stylesheet" type="text/css" href="css/style.css"> </head> <body> @@ -16,7 +16,7 @@ <div id="page"> <div id="hero" class="overlay"> <div id="arrows"> - <img src="arrow.svg" id="protoarrow" style="display: none"> + <img src="svg/arrow.svg" id="protoarrow" style="display: none"> </div> <div class="vcenter"> @@ -27,17 +27,26 @@ </div> <div class="vcenter"> - <form action="/register.php"> + <form name="hero_form" action="/php/register.php" method="post" onsubmit="return validate_hero_form()"> <h2>Get started</h2> <div class="content"> <p>Username</p> <input type="text" id="username" name="username"> + <p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p> + + <p>Email address</p> + <input type="text" id="email" name="email"> + <p id="email-error" class="hero_form_error" hidden>Invalid email address</p> + <p>Password</p> <input type="password" id="password" name="password"> + <p id="password-length-error" class="hero_form_error" hidden>Please provide a password</p> + <p>Repeat Password</p> <input type="password" id="password2" name="password2"> + <p id="password-match-error" class="hero_form_error" hidden>Passwords didn't match</p> <input type="submit" value="Sign up"> - <p style="font-size: 1.1em;">Already have an account? <a href="login.php">Sign in</a> + <p style="font-size: 1.1em;">Don't have an account? <a href="login.html">Log in</a> </div> </form> </div> @@ -46,10 +55,11 @@ </div> </div> - <img src="bottom.svg" class="bgbottom"> + <img src="svg/bottom.svg" class="bgbottom"> </div> - <script src="arrows.js"></script> + <script src="js/arrows.js"></script> + <script src="js/validate_hero.js"></script> </body> <html> @@ -20,7 +20,7 @@ function make_arrow() { setTimeout(make_arrow, delay); setTimeout(() => { svg.remove(); - arrows.remove(ob); + arrows.shift(); }, lifetime); } diff --git a/js/validate_hero.js b/js/validate_hero.js new file mode 100644 index 0000000..6d29a53 --- /dev/null +++ b/js/validate_hero.js @@ -0,0 +1,58 @@ + +function clear_hero_errors() +{ + var errors = document.getElementsByClassName("hero_form_error"); + var i; + for (i = 0; i < errors.length; i++) + { + errors[i].hidden = true; + } +} +function validate_hero_login_form() +{ + var username=document.forms["hero_form"]["username"].value; + var flag=true; + clear_hero_errors(); + + if(username.length==0) + { + document.getElementById("username-length-error").hidden=false; + flag=false; + } + document.activeElement.blur(); + return flag; +} +function validate_hero_form() +{ + var username=document.forms["hero_form"]["username"].value; + var email=document.forms["hero_form"]["email"].value; + var password=document.forms["hero_form"]["password"].value; + var password2=document.forms["hero_form"]["password2"].value; + + var flag=true; + clear_hero_errors(); + + if(username.length==0) + { + document.getElementById("username-length-error").hidden=false; + flag=false; + } + if(!email.match(/\S+@\S+/)) + { + document.getElementById("email-error").hidden=false; + flag=false; + } + if(password.length==0) + { + document.getElementById("password-length-error").hidden=false; + flag=false; + } + if(password !== password2) + { + document.getElementById("password-match-error").hidden=false; + flag=false; + } + document.activeElement.blur(); + return flag; + +} diff --git a/login.html b/login.html new file mode 100644 index 0000000..525358f --- /dev/null +++ b/login.html @@ -0,0 +1,55 @@ +<!DOCTYPE html> +<html> + <head> + <meta charset="utf-8"> + <title>shady file upload</title> + <link rel="stylesheet" type="text/css" href="css/style.css"> + </head> + + <body> + <div class="overlay" style="height: 100%;"> + <div class="vert2"> + <div id="header"> + <p class="logo">shady_file_upload</p> + </div> + + <div id="page"> + <div id="hero" class="overlay"> + <div id="arrows"> + <img src="svg/arrow.svg" id="protoarrow" style="display: none"> + </div> + + <div class="vcenter"> + <p>file upload service</p> + <p class="big">that <span class="blue">just about works</span></p> + <p>most of the time</p> + </div> + </div> + + <div class="vcenter"> + <form name="hero_form" action="/php/login.php" method="post" onsubmit="return validate_hero_login_form()"> + <h2>Login</h2> + <div class="content"> + <p>Username</p> + <input type="text" id="username" name="username"> + <p id="username-length-error" class="hero_form_error" hidden>Please enter a username</p> + <p>Password</p> + <input type="password" id="password" name="password"> + <input type="submit" value="Login"> + <p style="font-size: 1.1em;">Already have an account? <a href="index.html">Sign up</a> + </div> + </form> + </div> + + + </div> + </div> + + <img src="svg/bottom.svg" class="bgbottom"> + </div> + + <script src="js/arrows.js"></script> + <script src="js/validate_hero.js"></script> + + </body> + <html> diff --git a/php/configuration.php b/php/configuration.php new file mode 100644 index 0000000..6b87508 --- /dev/null +++ b/php/configuration.php @@ -0,0 +1,17 @@ +<?php +/*should be placed outside of document root*/ + +$domain_name="localhost"; + +$database_name="adam"; +$database_username="adam"; +$database_password="asdfd"; +$database_location="127.0.0.1"; + + + +$password_hash_algo=PASSWORD_BCRYPT; + + +$has_email_verification=false; +?> diff --git a/php/database.php b/php/database.php new file mode 100644 index 0000000..ef2b825 --- /dev/null +++ b/php/database.php @@ -0,0 +1,112 @@ +<?php +require_once "configuration.php"; +require_once "user.php"; +require_once "misc.php"; + +/*handles database stuff*/ + class Database + { + private $pdo; + + + public function __construct() + { + global $domain_name; + global $database_name; + global $database_username; + global $database_password; + global $database_location; + try + { + $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password); + }catch(PDOException $e) + { + error_log("Could not get database {$database_name} from {$database_location}, {$e} "); + die("The cow bought the farm"); + } + } + + /*returns false if this isn't a user, otherwise returns the user*/ + function get_user(string $user) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username"); + $prep->bindParam(':username',$user); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/ + function authenticate(string $user, string $password) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username"); + $prep->bindParam(':username',$user); + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + if(password_verify($password,$hold["password"])) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + }else + { + return false; + } + } + /*returns false if username is taken, email is not checked here*/ + function register_user(string $user,string $password,string $email) : bool + { + $hold=$this->get_user($user); + global $domain_name; + global $has_email_verification; + global $password_hash_algo; + + + if($hold) + { + return false; + }else + { + if($has_email_verification) + { + generate_email_verification_link(); + }else + { + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + $prep->bindParam(':email',$email); + $prep->execute(); + } + return true; + } + } + } + + +?> diff --git a/file_type_recogniser.php b/php/file_type_recogniser.php index f160fb7..f160fb7 100644 --- a/file_type_recogniser.php +++ b/php/file_type_recogniser.php diff --git a/php/login.php b/php/login.php new file mode 100644 index 0000000..e6d44dc --- /dev/null +++ b/php/login.php @@ -0,0 +1,25 @@ +<?php +require_once "user.php"; +require_once "database.php"; +require_once "misc.php"; + +$username=$_POST["username"]; +$password=$_POST["password"]; +/*server side verification*/ +if(gettype($username)!="string" || gettype($password)!="string") +{ + die("You didn't specify the pass or the username"); +} + +$database=new Database(); +$user=$database->authenticate($username,$password); +if(!$user) +{ + die("Password or username is incorrect"); +} + +echo "Username: {$user->username}\n"; +echo "Email: {$user->email_address}"; + + +?> diff --git a/php/misc.php b/php/misc.php new file mode 100644 index 0000000..3ab0277 --- /dev/null +++ b/php/misc.php @@ -0,0 +1,18 @@ +<?php +require_once "user.php"; + +function validate_credentials(string $username,string $email,string $password,string $password2) : bool +{ + return true; +} + +function generate_email_verification_link() +{ + /*TODO*/ + $url="{$domain_name}/register/"+random_bytes(20); + mail($email,"Registration at ${domain_name}","Click here to register {$url}."); +} + + + +?> diff --git a/php/register.php b/php/register.php new file mode 100644 index 0000000..b6b164c --- /dev/null +++ b/php/register.php @@ -0,0 +1,27 @@ +<?php +require_once "database.php"; +require_once "misc.php"; +require_once "configuration.php"; + +$username=$_POST["username"]; +$password=$_POST["password"]; +$password2=$_POST["password2"]; +$email=$_POST["email"]; + +/*check if we are given shady credentials*/ +if(!validate_credentials($username,$email,$password,$password2)) +{ + error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!"); + die(); +} +$database= new Database; + +if($database->register_user($username,$password,$email)) +{ + echo "registered"; +}else +{ + echo "didn't register"; +} + +?> diff --git a/upload.php b/php/upload.php index 93fa778..93fa778 100644 --- a/upload.php +++ b/php/upload.php diff --git a/php/user.php b/php/user.php new file mode 100644 index 0000000..1ef3083 --- /dev/null +++ b/php/user.php @@ -0,0 +1,10 @@ +<?php + class User + { + /*I don't think we need to abstract these away*/ + public $user_id; + public $username; + public $email_address; + } + +?> diff --git a/sql/fileshare.sql b/sql/fileshare.sql index f927ffc..a079a7f 100644 --- a/sql/fileshare.sql +++ b/sql/fileshare.sql @@ -1,49 +1,31 @@ -drop database fileshare; - - - - - -create database fileshare; -use fileshare; - /*base user information*/ create table users ( - id int not null auto_increment, + user_id int not null auto_increment, username varchar(50) not null unique, - password varchar(100) not null unique, - primary key (id) + password varchar(255) not null, + email varchar(50), + primary key (user_id) ); /*table has only one owner and is identifyed by a number*/ create table files ( - id int not null auto_increment, - owner int default null, - absolutepath varchar(500) not null, + file_id int not null auto_increment, + owner_id int default null, + relative_path varchar(500) not null, type varchar(20) not null default 'data', - primary key (id), - foreign key (owner) references users(id) + primary key (file_id), + foreign key (owner_id) references users(user_id) ); /*the user with userid is given some kind of access to the file with fileid*/ /*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*/ /*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/ create table access ( - fileid int not null, - userid int not null, - canview boolean not null default true, - canremove boolean not null default false, - check (canview=true or canremove=true) , - foreign key (fileid) references files(id), - foreign key (userid) references users(id) + file_id int not null, + user_id int not null, + can_view boolean not null default true, + can_remove boolean not null default false, + check (can_view=true or can_remove=true) , + foreign key (file_id) references files(file_id), + foreign key (user_id) references users(user_id) ); - - - -/*basic info for testing purposes*/ -insert into users(username,password) values ("root","asdf"); -insert into users(username,password) values ("tester","tester"); -insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script"); -insert into access(fileid,userid,canview,canremove) values(1,2,true,false); -/*I am not sure why this passes ....*/ -insert into access(fileid,userid,canview,canremove) values(1,2,false,false); diff --git a/arrow.svg b/svg/arrow.svg index 040182d..040182d 100644 --- a/arrow.svg +++ b/svg/arrow.svg diff --git a/bottom.svg b/svg/bottom.svg index 772081e..772081e 100644 --- a/bottom.svg +++ b/svg/bottom.svg |