aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoralexvitkov <44268717+alexvitkov@users.noreply.github.com>2021-01-29 12:52:06 +0200
committerGitHub <noreply@github.com>2021-01-29 12:52:06 +0200
commit33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0 (patch)
tree7b748d2b87ab018d7ff451b4111a1b88eeb58416
parentceedd596c9f39f53555fd0746a42d6b85cd49b6c (diff)
parent472e170f408e3d8d1db2eb066d445153aad55d73 (diff)
downloadfileup-33e533d28dbf9ad7bfc7ad9af467e5efe25ae8a0.tar.gz
Merge pull request #1 from GTSimeonov/master
rararrararararraar
-rw-r--r--README6
-rw-r--r--css/style.css (renamed from style.css)16
-rw-r--r--index.html22
-rw-r--r--js/arrows.js (renamed from arrows.js)2
-rw-r--r--js/validate_hero.js58
-rw-r--r--login.html55
-rw-r--r--php/configuration.php17
-rw-r--r--php/database.php112
-rw-r--r--php/file_type_recogniser.php (renamed from file_type_recogniser.php)0
-rw-r--r--php/login.php25
-rw-r--r--php/misc.php18
-rw-r--r--php/register.php27
-rw-r--r--php/upload.php (renamed from upload.php)0
-rw-r--r--php/user.php10
-rw-r--r--sql/fileshare.sql50
-rw-r--r--svg/arrow.svg (renamed from arrow.svg)0
-rw-r--r--svg/bottom.svg (renamed from bottom.svg)0
17 files changed, 377 insertions, 41 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..e9f371a
--- /dev/null
+++ b/README
@@ -0,0 +1,6 @@
+FILEUP
+
+
+
+for this to work you need to have mysql. Create a database and a user for this service then
+modify php/configure.php as needed. Create tables described in sql/fileshare.sql
diff --git a/style.css b/css/style.css
index e6c5e93..31778c4 100644
--- a/style.css
+++ b/css/style.css
@@ -125,6 +125,21 @@ form p {
margin: 1rem 0px 0.3rem 0px;
}
+
+.hero_form_error {
+ animation: fadein 0.2s;
+ background-color: #ff4d4d;
+ color: #ffffff;
+ padding-left: 0.5rem;
+ border-bottom-left-radius: 0.5rem;
+ border-bottom-right-radius: 0.5rem;
+ margin-top: -0.2rem;
+
+}
+@keyframes fadein {
+ from { opacity: 0; }
+ to { opacity: 1; }
+}
input {
min-width: 300px;
border: 1px solid #bbb;
@@ -146,6 +161,7 @@ input[type=submit] {
box-shadow: 0 0.2rem 0.6rem #eee;
background: #231179;
color: white;
+ outline: none;
}
input:focus,
diff --git a/index.html b/index.html
index 5a60526..6a2018b 100644
--- a/index.html
+++ b/index.html
@@ -3,7 +3,7 @@
<head>
<meta charset="utf-8">
<title>shady file upload</title>
- <link rel="stylesheet" type="text/css" href="style.css">
+ <link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
@@ -16,7 +16,7 @@
<div id="page">
<div id="hero" class="overlay">
<div id="arrows">
- <img src="arrow.svg" id="protoarrow" style="display: none">
+ <img src="svg/arrow.svg" id="protoarrow" style="display: none">
</div>
<div class="vcenter">
@@ -27,17 +27,26 @@
</div>
<div class="vcenter">
- <form action="/register.php">
+ <form name="hero_form" action="/php/register.php" method="post" onsubmit="return validate_hero_form()">
<h2>Get started</h2>
<div class="content">
<p>Username</p>
<input type="text" id="username" name="username">
+ <p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p>
+
+ <p>Email address</p>
+ <input type="text" id="email" name="email">
+ <p id="email-error" class="hero_form_error" hidden>Invalid email address</p>
+
<p>Password</p>
<input type="password" id="password" name="password">
+ <p id="password-length-error" class="hero_form_error" hidden>Please provide a password</p>
+
<p>Repeat Password</p>
<input type="password" id="password2" name="password2">
+ <p id="password-match-error" class="hero_form_error" hidden>Passwords didn't match</p>
<input type="submit" value="Sign up">
- <p style="font-size: 1.1em;">Already have an account? <a href="login.php">Sign in</a>
+ <p style="font-size: 1.1em;">Don't have an account? <a href="login.html">Log in</a>
</div>
</form>
</div>
@@ -46,10 +55,11 @@
</div>
</div>
- <img src="bottom.svg" class="bgbottom">
+ <img src="svg/bottom.svg" class="bgbottom">
</div>
- <script src="arrows.js"></script>
+ <script src="js/arrows.js"></script>
+ <script src="js/validate_hero.js"></script>
</body>
<html>
diff --git a/arrows.js b/js/arrows.js
index ec7352c..10ad416 100644
--- a/arrows.js
+++ b/js/arrows.js
@@ -20,7 +20,7 @@ function make_arrow() {
setTimeout(make_arrow, delay);
setTimeout(() => {
svg.remove();
- arrows.remove(ob);
+ arrows.shift();
}, lifetime);
}
diff --git a/js/validate_hero.js b/js/validate_hero.js
new file mode 100644
index 0000000..6d29a53
--- /dev/null
+++ b/js/validate_hero.js
@@ -0,0 +1,58 @@
+
+function clear_hero_errors()
+{
+ var errors = document.getElementsByClassName("hero_form_error");
+ var i;
+ for (i = 0; i < errors.length; i++)
+ {
+ errors[i].hidden = true;
+ }
+}
+function validate_hero_login_form()
+{
+ var username=document.forms["hero_form"]["username"].value;
+ var flag=true;
+ clear_hero_errors();
+
+ if(username.length==0)
+ {
+ document.getElementById("username-length-error").hidden=false;
+ flag=false;
+ }
+ document.activeElement.blur();
+ return flag;
+}
+function validate_hero_form()
+{
+ var username=document.forms["hero_form"]["username"].value;
+ var email=document.forms["hero_form"]["email"].value;
+ var password=document.forms["hero_form"]["password"].value;
+ var password2=document.forms["hero_form"]["password2"].value;
+
+ var flag=true;
+ clear_hero_errors();
+
+ if(username.length==0)
+ {
+ document.getElementById("username-length-error").hidden=false;
+ flag=false;
+ }
+ if(!email.match(/\S+@\S+/))
+ {
+ document.getElementById("email-error").hidden=false;
+ flag=false;
+ }
+ if(password.length==0)
+ {
+ document.getElementById("password-length-error").hidden=false;
+ flag=false;
+ }
+ if(password !== password2)
+ {
+ document.getElementById("password-match-error").hidden=false;
+ flag=false;
+ }
+ document.activeElement.blur();
+ return flag;
+
+}
diff --git a/login.html b/login.html
new file mode 100644
index 0000000..525358f
--- /dev/null
+++ b/login.html
@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>shady file upload</title>
+ <link rel="stylesheet" type="text/css" href="css/style.css">
+ </head>
+
+ <body>
+ <div class="overlay" style="height: 100%;">
+ <div class="vert2">
+ <div id="header">
+ <p class="logo">shady_file_upload</p>
+ </div>
+
+ <div id="page">
+ <div id="hero" class="overlay">
+ <div id="arrows">
+ <img src="svg/arrow.svg" id="protoarrow" style="display: none">
+ </div>
+
+ <div class="vcenter">
+ <p>file upload service</p>
+ <p class="big">that <span class="blue">just about works</span></p>
+ <p>most of the time</p>
+ </div>
+ </div>
+
+ <div class="vcenter">
+ <form name="hero_form" action="/php/login.php" method="post" onsubmit="return validate_hero_login_form()">
+ <h2>Login</h2>
+ <div class="content">
+ <p>Username</p>
+ <input type="text" id="username" name="username">
+ <p id="username-length-error" class="hero_form_error" hidden>Please enter a username</p>
+ <p>Password</p>
+ <input type="password" id="password" name="password">
+ <input type="submit" value="Login">
+ <p style="font-size: 1.1em;">Already have an account? <a href="index.html">Sign up</a>
+ </div>
+ </form>
+ </div>
+
+
+ </div>
+ </div>
+
+ <img src="svg/bottom.svg" class="bgbottom">
+ </div>
+
+ <script src="js/arrows.js"></script>
+ <script src="js/validate_hero.js"></script>
+
+ </body>
+ <html>
diff --git a/php/configuration.php b/php/configuration.php
new file mode 100644
index 0000000..6b87508
--- /dev/null
+++ b/php/configuration.php
@@ -0,0 +1,17 @@
+<?php
+/*should be placed outside of document root*/
+
+$domain_name="localhost";
+
+$database_name="adam";
+$database_username="adam";
+$database_password="asdfd";
+$database_location="127.0.0.1";
+
+
+
+$password_hash_algo=PASSWORD_BCRYPT;
+
+
+$has_email_verification=false;
+?>
diff --git a/php/database.php b/php/database.php
new file mode 100644
index 0000000..ef2b825
--- /dev/null
+++ b/php/database.php
@@ -0,0 +1,112 @@
+<?php
+require_once "configuration.php";
+require_once "user.php";
+require_once "misc.php";
+
+/*handles database stuff*/
+ class Database
+ {
+ private $pdo;
+
+
+ public function __construct()
+ {
+ global $domain_name;
+ global $database_name;
+ global $database_username;
+ global $database_password;
+ global $database_location;
+ try
+ {
+ $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
+ }catch(PDOException $e)
+ {
+ error_log("Could not get database {$database_name} from {$database_location}, {$e} ");
+ die("The cow bought the farm");
+ }
+ }
+
+ /*returns false if this isn't a user, otherwise returns the user*/
+ function get_user(string $user)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username");
+ $prep->bindParam(':username',$user);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/
+ function authenticate(string $user, string $password)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username");
+ $prep->bindParam(':username',$user);
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ if(password_verify($password,$hold["password"]))
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if username is taken, email is not checked here*/
+ function register_user(string $user,string $password,string $email) : bool
+ {
+ $hold=$this->get_user($user);
+ global $domain_name;
+ global $has_email_verification;
+ global $password_hash_algo;
+
+
+ if($hold)
+ {
+ return false;
+ }else
+ {
+ if($has_email_verification)
+ {
+ generate_email_verification_link();
+ }else
+ {
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+ $prep->bindParam(':email',$email);
+ $prep->execute();
+ }
+ return true;
+ }
+ }
+ }
+
+
+?>
diff --git a/file_type_recogniser.php b/php/file_type_recogniser.php
index f160fb7..f160fb7 100644
--- a/file_type_recogniser.php
+++ b/php/file_type_recogniser.php
diff --git a/php/login.php b/php/login.php
new file mode 100644
index 0000000..e6d44dc
--- /dev/null
+++ b/php/login.php
@@ -0,0 +1,25 @@
+<?php
+require_once "user.php";
+require_once "database.php";
+require_once "misc.php";
+
+$username=$_POST["username"];
+$password=$_POST["password"];
+/*server side verification*/
+if(gettype($username)!="string" || gettype($password)!="string")
+{
+ die("You didn't specify the pass or the username");
+}
+
+$database=new Database();
+$user=$database->authenticate($username,$password);
+if(!$user)
+{
+ die("Password or username is incorrect");
+}
+
+echo "Username: {$user->username}\n";
+echo "Email: {$user->email_address}";
+
+
+?>
diff --git a/php/misc.php b/php/misc.php
new file mode 100644
index 0000000..3ab0277
--- /dev/null
+++ b/php/misc.php
@@ -0,0 +1,18 @@
+<?php
+require_once "user.php";
+
+function validate_credentials(string $username,string $email,string $password,string $password2) : bool
+{
+ return true;
+}
+
+function generate_email_verification_link()
+{
+ /*TODO*/
+ $url="{$domain_name}/register/"+random_bytes(20);
+ mail($email,"Registration at ${domain_name}","Click here to register {$url}.");
+}
+
+
+
+?>
diff --git a/php/register.php b/php/register.php
new file mode 100644
index 0000000..b6b164c
--- /dev/null
+++ b/php/register.php
@@ -0,0 +1,27 @@
+<?php
+require_once "database.php";
+require_once "misc.php";
+require_once "configuration.php";
+
+$username=$_POST["username"];
+$password=$_POST["password"];
+$password2=$_POST["password2"];
+$email=$_POST["email"];
+
+/*check if we are given shady credentials*/
+if(!validate_credentials($username,$email,$password,$password2))
+{
+ error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");
+ die();
+}
+$database= new Database;
+
+if($database->register_user($username,$password,$email))
+{
+ echo "registered";
+}else
+{
+ echo "didn't register";
+}
+
+?>
diff --git a/upload.php b/php/upload.php
index 93fa778..93fa778 100644
--- a/upload.php
+++ b/php/upload.php
diff --git a/php/user.php b/php/user.php
new file mode 100644
index 0000000..1ef3083
--- /dev/null
+++ b/php/user.php
@@ -0,0 +1,10 @@
+<?php
+ class User
+ {
+ /*I don't think we need to abstract these away*/
+ public $user_id;
+ public $username;
+ public $email_address;
+ }
+
+?>
diff --git a/sql/fileshare.sql b/sql/fileshare.sql
index f927ffc..a079a7f 100644
--- a/sql/fileshare.sql
+++ b/sql/fileshare.sql
@@ -1,49 +1,31 @@
-drop database fileshare;
-
-
-
-
-
-create database fileshare;
-use fileshare;
-
/*base user information*/
create table users (
- id int not null auto_increment,
+ user_id int not null auto_increment,
username varchar(50) not null unique,
- password varchar(100) not null unique,
- primary key (id)
+ password varchar(255) not null,
+ email varchar(50),
+ primary key (user_id)
);
/*table has only one owner and is identifyed by a number*/
create table files (
- id int not null auto_increment,
- owner int default null,
- absolutepath varchar(500) not null,
+ file_id int not null auto_increment,
+ owner_id int default null,
+ relative_path varchar(500) not null,
type varchar(20) not null default 'data',
- primary key (id),
- foreign key (owner) references users(id)
+ primary key (file_id),
+ foreign key (owner_id) references users(user_id)
);
/*the user with userid is given some kind of access to the file with fileid*/
/*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*/
/*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/
create table access (
- fileid int not null,
- userid int not null,
- canview boolean not null default true,
- canremove boolean not null default false,
- check (canview=true or canremove=true) ,
- foreign key (fileid) references files(id),
- foreign key (userid) references users(id)
+ file_id int not null,
+ user_id int not null,
+ can_view boolean not null default true,
+ can_remove boolean not null default false,
+ check (can_view=true or can_remove=true) ,
+ foreign key (file_id) references files(file_id),
+ foreign key (user_id) references users(user_id)
);
-
-
-
-/*basic info for testing purposes*/
-insert into users(username,password) values ("root","asdf");
-insert into users(username,password) values ("tester","tester");
-insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script");
-insert into access(fileid,userid,canview,canremove) values(1,2,true,false);
-/*I am not sure why this passes ....*/
-insert into access(fileid,userid,canview,canremove) values(1,2,false,false);
diff --git a/arrow.svg b/svg/arrow.svg
index 040182d..040182d 100644
--- a/arrow.svg
+++ b/svg/arrow.svg
diff --git a/bottom.svg b/svg/bottom.svg
index 772081e..772081e 100644
--- a/bottom.svg
+++ b/svg/bottom.svg