aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--index.html4
-rw-r--r--php/configuration.php17
-rw-r--r--php/database.php111
-rw-r--r--php/file_type_recogniser.php (renamed from file_type_recogniser.php)0
-rw-r--r--php/misc.php18
-rw-r--r--php/upload.php (renamed from upload.php)0
-rw-r--r--php/user.php10
-rw-r--r--register.php26
-rw-r--r--sql/fileshare.sql50
9 files changed, 201 insertions, 35 deletions
diff --git a/index.html b/index.html
index 5a60526..ba6733f 100644
--- a/index.html
+++ b/index.html
@@ -27,11 +27,13 @@
</div>
<div class="vcenter">
- <form action="/register.php">
+ <form action="/register.php" method="post">
<h2>Get started</h2>
<div class="content">
<p>Username</p>
<input type="text" id="username" name="username">
+ <p>Email address</p>
+ <input type="text" id="email" name="email">
<p>Password</p>
<input type="password" id="password" name="password">
<p>Repeat Password</p>
diff --git a/php/configuration.php b/php/configuration.php
new file mode 100644
index 0000000..6b87508
--- /dev/null
+++ b/php/configuration.php
@@ -0,0 +1,17 @@
+<?php
+/*should be placed outside of document root*/
+
+$domain_name="localhost";
+
+$database_name="adam";
+$database_username="adam";
+$database_password="asdfd";
+$database_location="127.0.0.1";
+
+
+
+$password_hash_algo=PASSWORD_BCRYPT;
+
+
+$has_email_verification=false;
+?>
diff --git a/php/database.php b/php/database.php
new file mode 100644
index 0000000..934aafa
--- /dev/null
+++ b/php/database.php
@@ -0,0 +1,111 @@
+<?php
+require_once "configuration.php";
+require_once "user.php";
+require_once "misc.php";
+
+/*handles database stuff*/
+ class Database
+ {
+ private $pdo;
+
+
+ public function __construct()
+ {
+ global $domain_name;
+ global $database_name;
+ global $database_username;
+ global $database_password;
+ global $database_location;
+ try
+ {
+ $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
+ }catch(PDOException $e)
+ {
+ error_log("Could not get database {$database_name} from {$database_location}, {$e} ");
+ die("The cow bought the farm");
+ }
+ }
+
+ /*returns false if this isn't a user, otherwise returns the userid*/
+ function get_user(string $user)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username");
+ $prep->bindParam(':username',$user);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/
+ function authenticate(string $user, string $password)
+ {
+ $ret=new User;
+ global $password_hash_algo;
+
+
+
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+ if($hold)
+ {
+ $ret->user_id=hold["user_id"];
+ $ret->username=hold["username"];
+ $ret->email_address["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if username is taken, email is not checked here*/
+ function register_user(string $user,string $password,string $email) : bool
+ {
+ $hold=$this->get_user($user);
+ global $domain_name;
+ global $has_email_verification;
+ global $password_hash_algo;
+
+
+ if($hold)
+ {
+ return false;
+ }else
+ {
+ if($has_email_verification)
+ {
+ generate_email_verification_link();
+ }else
+ {
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+ $prep->bindParam(':email',$email);
+ $prep->execute();
+ }
+ return true;
+ }
+ }
+ }
+
+
+?>
diff --git a/file_type_recogniser.php b/php/file_type_recogniser.php
index f160fb7..f160fb7 100644
--- a/file_type_recogniser.php
+++ b/php/file_type_recogniser.php
diff --git a/php/misc.php b/php/misc.php
new file mode 100644
index 0000000..3ab0277
--- /dev/null
+++ b/php/misc.php
@@ -0,0 +1,18 @@
+<?php
+require_once "user.php";
+
+function validate_credentials(string $username,string $email,string $password,string $password2) : bool
+{
+ return true;
+}
+
+function generate_email_verification_link()
+{
+ /*TODO*/
+ $url="{$domain_name}/register/"+random_bytes(20);
+ mail($email,"Registration at ${domain_name}","Click here to register {$url}.");
+}
+
+
+
+?>
diff --git a/upload.php b/php/upload.php
index 93fa778..93fa778 100644
--- a/upload.php
+++ b/php/upload.php
diff --git a/php/user.php b/php/user.php
new file mode 100644
index 0000000..1ef3083
--- /dev/null
+++ b/php/user.php
@@ -0,0 +1,10 @@
+<?php
+ class User
+ {
+ /*I don't think we need to abstract these away*/
+ public $user_id;
+ public $username;
+ public $email_address;
+ }
+
+?>
diff --git a/register.php b/register.php
new file mode 100644
index 0000000..7d6c03e
--- /dev/null
+++ b/register.php
@@ -0,0 +1,26 @@
+<?php
+require_once "php/database.php";
+require_once "php/misc.php";
+
+$username=$_POST["username"];
+$password=$_POST["password"];
+$password2=$_POST["password2"];
+$email=$_POST["email"];
+
+/*check if we are given shady credentials*/
+if(!validate_credentials($username,$email,$password,$password2))
+{
+ error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");
+ die();
+}
+$database= new Database;
+
+if($database->register_user($username,$password,$email))
+{
+ echo "registered";
+}else
+{
+ echo "didn't register";
+}
+
+?>
diff --git a/sql/fileshare.sql b/sql/fileshare.sql
index f927ffc..a079a7f 100644
--- a/sql/fileshare.sql
+++ b/sql/fileshare.sql
@@ -1,49 +1,31 @@
-drop database fileshare;
-
-
-
-
-
-create database fileshare;
-use fileshare;
-
/*base user information*/
create table users (
- id int not null auto_increment,
+ user_id int not null auto_increment,
username varchar(50) not null unique,
- password varchar(100) not null unique,
- primary key (id)
+ password varchar(255) not null,
+ email varchar(50),
+ primary key (user_id)
);
/*table has only one owner and is identifyed by a number*/
create table files (
- id int not null auto_increment,
- owner int default null,
- absolutepath varchar(500) not null,
+ file_id int not null auto_increment,
+ owner_id int default null,
+ relative_path varchar(500) not null,
type varchar(20) not null default 'data',
- primary key (id),
- foreign key (owner) references users(id)
+ primary key (file_id),
+ foreign key (owner_id) references users(user_id)
);
/*the user with userid is given some kind of access to the file with fileid*/
/*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*/
/*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/
create table access (
- fileid int not null,
- userid int not null,
- canview boolean not null default true,
- canremove boolean not null default false,
- check (canview=true or canremove=true) ,
- foreign key (fileid) references files(id),
- foreign key (userid) references users(id)
+ file_id int not null,
+ user_id int not null,
+ can_view boolean not null default true,
+ can_remove boolean not null default false,
+ check (can_view=true or can_remove=true) ,
+ foreign key (file_id) references files(file_id),
+ foreign key (user_id) references users(user_id)
);
-
-
-
-/*basic info for testing purposes*/
-insert into users(username,password) values ("root","asdf");
-insert into users(username,password) values ("tester","tester");
-insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script");
-insert into access(fileid,userid,canview,canremove) values(1,2,true,false);
-/*I am not sure why this passes ....*/
-insert into access(fileid,userid,canview,canremove) values(1,2,false,false);