diff options
-rw-r--r-- | index.html | 4 | ||||
-rw-r--r-- | php/configuration.php | 17 | ||||
-rw-r--r-- | php/database.php | 111 | ||||
-rw-r--r-- | php/file_type_recogniser.php (renamed from file_type_recogniser.php) | 0 | ||||
-rw-r--r-- | php/misc.php | 18 | ||||
-rw-r--r-- | php/upload.php (renamed from upload.php) | 0 | ||||
-rw-r--r-- | php/user.php | 10 | ||||
-rw-r--r-- | register.php | 26 | ||||
-rw-r--r-- | sql/fileshare.sql | 50 |
9 files changed, 201 insertions, 35 deletions
@@ -27,11 +27,13 @@ </div> <div class="vcenter"> - <form action="/register.php"> + <form action="/register.php" method="post"> <h2>Get started</h2> <div class="content"> <p>Username</p> <input type="text" id="username" name="username"> + <p>Email address</p> + <input type="text" id="email" name="email"> <p>Password</p> <input type="password" id="password" name="password"> <p>Repeat Password</p> diff --git a/php/configuration.php b/php/configuration.php new file mode 100644 index 0000000..6b87508 --- /dev/null +++ b/php/configuration.php @@ -0,0 +1,17 @@ +<?php +/*should be placed outside of document root*/ + +$domain_name="localhost"; + +$database_name="adam"; +$database_username="adam"; +$database_password="asdfd"; +$database_location="127.0.0.1"; + + + +$password_hash_algo=PASSWORD_BCRYPT; + + +$has_email_verification=false; +?> diff --git a/php/database.php b/php/database.php new file mode 100644 index 0000000..934aafa --- /dev/null +++ b/php/database.php @@ -0,0 +1,111 @@ +<?php +require_once "configuration.php"; +require_once "user.php"; +require_once "misc.php"; + +/*handles database stuff*/ + class Database + { + private $pdo; + + + public function __construct() + { + global $domain_name; + global $database_name; + global $database_username; + global $database_password; + global $database_location; + try + { + $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password); + }catch(PDOException $e) + { + error_log("Could not get database {$database_name} from {$database_location}, {$e} "); + die("The cow bought the farm"); + } + } + + /*returns false if this isn't a user, otherwise returns the userid*/ + function get_user(string $user) + { + $ret=new User; + + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username"); + $prep->bindParam(':username',$user); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + + if($hold) + { + $ret->user_id=$hold["user_id"]; + $ret->username=$hold["username"]; + $ret->email_address=$hold["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/ + function authenticate(string $user, string $password) + { + $ret=new User; + global $password_hash_algo; + + + + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + + $prep->execute(); + + $hold=$prep->fetch(PDO::FETCH_ASSOC); + if($hold) + { + $ret->user_id=hold["user_id"]; + $ret->username=hold["username"]; + $ret->email_address["email"]; + return $ret; + }else + { + return false; + } + } + /*returns false if username is taken, email is not checked here*/ + function register_user(string $user,string $password,string $email) : bool + { + $hold=$this->get_user($user); + global $domain_name; + global $has_email_verification; + global $password_hash_algo; + + + if($hold) + { + return false; + }else + { + if($has_email_verification) + { + generate_email_verification_link(); + }else + { + $hashed_pass=password_hash($password,$password_hash_algo); + $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)"); + $prep->bindParam(':username',$user); + $prep->bindParam(':password',$hashed_pass); + $prep->bindParam(':email',$email); + $prep->execute(); + } + return true; + } + } + } + + +?> diff --git a/file_type_recogniser.php b/php/file_type_recogniser.php index f160fb7..f160fb7 100644 --- a/file_type_recogniser.php +++ b/php/file_type_recogniser.php diff --git a/php/misc.php b/php/misc.php new file mode 100644 index 0000000..3ab0277 --- /dev/null +++ b/php/misc.php @@ -0,0 +1,18 @@ +<?php +require_once "user.php"; + +function validate_credentials(string $username,string $email,string $password,string $password2) : bool +{ + return true; +} + +function generate_email_verification_link() +{ + /*TODO*/ + $url="{$domain_name}/register/"+random_bytes(20); + mail($email,"Registration at ${domain_name}","Click here to register {$url}."); +} + + + +?> diff --git a/upload.php b/php/upload.php index 93fa778..93fa778 100644 --- a/upload.php +++ b/php/upload.php diff --git a/php/user.php b/php/user.php new file mode 100644 index 0000000..1ef3083 --- /dev/null +++ b/php/user.php @@ -0,0 +1,10 @@ +<?php + class User + { + /*I don't think we need to abstract these away*/ + public $user_id; + public $username; + public $email_address; + } + +?> diff --git a/register.php b/register.php new file mode 100644 index 0000000..7d6c03e --- /dev/null +++ b/register.php @@ -0,0 +1,26 @@ +<?php +require_once "php/database.php"; +require_once "php/misc.php"; + +$username=$_POST["username"]; +$password=$_POST["password"]; +$password2=$_POST["password2"]; +$email=$_POST["email"]; + +/*check if we are given shady credentials*/ +if(!validate_credentials($username,$email,$password,$password2)) +{ + error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!"); + die(); +} +$database= new Database; + +if($database->register_user($username,$password,$email)) +{ + echo "registered"; +}else +{ + echo "didn't register"; +} + +?> diff --git a/sql/fileshare.sql b/sql/fileshare.sql index f927ffc..a079a7f 100644 --- a/sql/fileshare.sql +++ b/sql/fileshare.sql @@ -1,49 +1,31 @@ -drop database fileshare; - - - - - -create database fileshare; -use fileshare; - /*base user information*/ create table users ( - id int not null auto_increment, + user_id int not null auto_increment, username varchar(50) not null unique, - password varchar(100) not null unique, - primary key (id) + password varchar(255) not null, + email varchar(50), + primary key (user_id) ); /*table has only one owner and is identifyed by a number*/ create table files ( - id int not null auto_increment, - owner int default null, - absolutepath varchar(500) not null, + file_id int not null auto_increment, + owner_id int default null, + relative_path varchar(500) not null, type varchar(20) not null default 'data', - primary key (id), - foreign key (owner) references users(id) + primary key (file_id), + foreign key (owner_id) references users(user_id) ); /*the user with userid is given some kind of access to the file with fileid*/ /*there is no edit bit because it will be too dificult to implement prehaps a change bit is in order (but not an edit bit)*/ /*might be beneficial to even go full minimalist and remove the remove bit and only have the view bit*/ create table access ( - fileid int not null, - userid int not null, - canview boolean not null default true, - canremove boolean not null default false, - check (canview=true or canremove=true) , - foreign key (fileid) references files(id), - foreign key (userid) references users(id) + file_id int not null, + user_id int not null, + can_view boolean not null default true, + can_remove boolean not null default false, + check (can_view=true or can_remove=true) , + foreign key (file_id) references files(file_id), + foreign key (user_id) references users(user_id) ); - - - -/*basic info for testing purposes*/ -insert into users(username,password) values ("root","asdf"); -insert into users(username,password) values ("tester","tester"); -insert into files(owner,absolutepath,type) values (1,"/root/jiberish.sh","shell script"); -insert into access(fileid,userid,canview,canremove) values(1,2,true,false); -/*I am not sure why this passes ....*/ -insert into access(fileid,userid,canview,canremove) values(1,2,false,false); |