aboutsummaryrefslogtreecommitdiffstats
path: root/php
diff options
context:
space:
mode:
Diffstat (limited to 'php')
-rw-r--r--php/configuration.php17
-rw-r--r--php/database.php112
-rw-r--r--php/file_type_recogniser.php84
-rw-r--r--php/login.php25
-rw-r--r--php/misc.php18
-rw-r--r--php/register.php27
-rw-r--r--php/upload.php23
-rw-r--r--php/user.php10
8 files changed, 316 insertions, 0 deletions
diff --git a/php/configuration.php b/php/configuration.php
new file mode 100644
index 0000000..6b87508
--- /dev/null
+++ b/php/configuration.php
@@ -0,0 +1,17 @@
+<?php
+/*should be placed outside of document root*/
+
+$domain_name="localhost";
+
+$database_name="adam";
+$database_username="adam";
+$database_password="asdfd";
+$database_location="127.0.0.1";
+
+
+
+$password_hash_algo=PASSWORD_BCRYPT;
+
+
+$has_email_verification=false;
+?>
diff --git a/php/database.php b/php/database.php
new file mode 100644
index 0000000..ef2b825
--- /dev/null
+++ b/php/database.php
@@ -0,0 +1,112 @@
+<?php
+require_once "configuration.php";
+require_once "user.php";
+require_once "misc.php";
+
+/*handles database stuff*/
+ class Database
+ {
+ private $pdo;
+
+
+ public function __construct()
+ {
+ global $domain_name;
+ global $database_name;
+ global $database_username;
+ global $database_password;
+ global $database_location;
+ try
+ {
+ $this->pdo=new PDO("mysql:dbname={$database_name};host={$database_location}",$database_username,$database_password);
+ }catch(PDOException $e)
+ {
+ error_log("Could not get database {$database_name} from {$database_location}, {$e} ");
+ die("The cow bought the farm");
+ }
+ }
+
+ /*returns false if this isn't a user, otherwise returns the user*/
+ function get_user(string $user)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email from users where username=:username");
+ $prep->bindParam(':username',$user);
+
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if this isn't a user or the password is incorrect, otherwise returns the userid*/
+ function authenticate(string $user, string $password)
+ {
+ $ret=new User;
+
+ $prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username");
+ $prep->bindParam(':username',$user);
+ $prep->execute();
+
+ $hold=$prep->fetch(PDO::FETCH_ASSOC);
+
+ if($hold)
+ {
+ if(password_verify($password,$hold["password"]))
+ {
+ $ret->user_id=$hold["user_id"];
+ $ret->username=$hold["username"];
+ $ret->email_address=$hold["email"];
+ return $ret;
+ }else
+ {
+ return false;
+ }
+ }else
+ {
+ return false;
+ }
+ }
+ /*returns false if username is taken, email is not checked here*/
+ function register_user(string $user,string $password,string $email) : bool
+ {
+ $hold=$this->get_user($user);
+ global $domain_name;
+ global $has_email_verification;
+ global $password_hash_algo;
+
+
+ if($hold)
+ {
+ return false;
+ }else
+ {
+ if($has_email_verification)
+ {
+ generate_email_verification_link();
+ }else
+ {
+ $hashed_pass=password_hash($password,$password_hash_algo);
+ $prep=$this->pdo->prepare("insert into users(username,password,email) values(:username,:password,:email)");
+ $prep->bindParam(':username',$user);
+ $prep->bindParam(':password',$hashed_pass);
+ $prep->bindParam(':email',$email);
+ $prep->execute();
+ }
+ return true;
+ }
+ }
+ }
+
+
+?>
diff --git a/php/file_type_recogniser.php b/php/file_type_recogniser.php
new file mode 100644
index 0000000..f160fb7
--- /dev/null
+++ b/php/file_type_recogniser.php
@@ -0,0 +1,84 @@
+<?php
+
+function file_type($path_to_file) {
+ $file_type_database = new finfo(FILEINFO_SYMLINK|FILEINFO_MIME_TYPE);
+ return $file_type_database->file($path_to_file);
+}
+
+
+function file_extension($path_to_file) {
+ #FILEINFO_EXTENSION introduced in php7.2.0 https://www.php.net/manual/en/fileinfo.constants.php
+ if(defined("FILEINFO_EXTENSION"))
+ {
+ $file_type_database = new finfo(FILEINFO_EXTENSION);
+ return "." . $file_type_database->file($path_to_file);
+ }else
+ {
+ $result=file_type($path_to_file);
+
+ $optimus_prime = array(
+ 'text/plain'=>'.txt',
+ 'text/html'=>'.html',
+ 'text/php'=>'.php',
+ 'text/css'=>'.css',
+ 'application/javascript'=>'.js',
+ 'application/json'=>'.json',
+ 'application/xml'=>'.xml',
+ 'application/x-shockwave-flash'=>'.swf',
+ 'video/x-flv'=>'.flv',
+ 'image/png'=>'.png',
+ 'image/jpeg'=>'.jpe',
+ 'image/jpeg'=>'.jpeg',
+ 'image/jpeg'=>'.jpg',
+ 'image/gif'=>'.gif',
+ 'image/bmp'=>'.bmp',
+ 'image/vnd.microsoft.icon'=>'.ico',
+ 'image/tiff'=>'.tiff',
+ 'image/tiff'=>'.tif',
+ 'image/svg+xml'=>'.svg',
+ 'image/svg+xml'=>'.svgz',
+ 'application/zip'=>'.zip',
+ 'application/x-rar-compressed'=>'.rar',
+ 'application/x-msdownload'=>'.exe',
+ 'application/x-msdownload'=>'.msi',
+ 'application/vnd.ms-cab-compressed'=>'.cab',
+ 'audio/mpeg'=>'.mp3',
+ 'video/quicktime'=>'.qt',
+ 'video/quicktime'=>'.mov',
+ 'application/pdf'=>'.pdf',
+ 'image/vnd.adobe.photoshop'=>'.psd',
+ 'application/postscript'=>'.ai',
+ 'application/postscript'=>'.eps',
+ 'application/postscript'=>'.ps',
+ 'application/msword'=>'.doc',
+ 'application/rtf'=>'.rtf',
+ 'application/vnd.ms-excel'=>'.xls',
+ 'application/vnd.ms-powerpoint'=>'.ppt',
+ 'application/vnd.oasis.opendocument.text'=>'.odt',
+ 'application/vnd.oasis.opendocument.spreadsheet'=>'.ods'
+ );
+
+ if(!array_key_exists($result,$optimus_prime))
+ {
+ return ".dat";
+ }else
+ {
+ return $optimus_prime[$result];
+ }
+
+ }
+}
+
+function get_icon($path_to_file)
+{
+ $file_ext="svg/icons/".file_extension($path_to_file).".svg";
+ if(!file_exists($file_ext))
+ {
+ return "svg/icons/.dat.svg";
+ }else
+ {
+ return $file_ext;
+ }
+}
+
+?>
diff --git a/php/login.php b/php/login.php
new file mode 100644
index 0000000..e6d44dc
--- /dev/null
+++ b/php/login.php
@@ -0,0 +1,25 @@
+<?php
+require_once "user.php";
+require_once "database.php";
+require_once "misc.php";
+
+$username=$_POST["username"];
+$password=$_POST["password"];
+/*server side verification*/
+if(gettype($username)!="string" || gettype($password)!="string")
+{
+ die("You didn't specify the pass or the username");
+}
+
+$database=new Database();
+$user=$database->authenticate($username,$password);
+if(!$user)
+{
+ die("Password or username is incorrect");
+}
+
+echo "Username: {$user->username}\n";
+echo "Email: {$user->email_address}";
+
+
+?>
diff --git a/php/misc.php b/php/misc.php
new file mode 100644
index 0000000..3ab0277
--- /dev/null
+++ b/php/misc.php
@@ -0,0 +1,18 @@
+<?php
+require_once "user.php";
+
+function validate_credentials(string $username,string $email,string $password,string $password2) : bool
+{
+ return true;
+}
+
+function generate_email_verification_link()
+{
+ /*TODO*/
+ $url="{$domain_name}/register/"+random_bytes(20);
+ mail($email,"Registration at ${domain_name}","Click here to register {$url}.");
+}
+
+
+
+?>
diff --git a/php/register.php b/php/register.php
new file mode 100644
index 0000000..b6b164c
--- /dev/null
+++ b/php/register.php
@@ -0,0 +1,27 @@
+<?php
+require_once "database.php";
+require_once "misc.php";
+require_once "configuration.php";
+
+$username=$_POST["username"];
+$password=$_POST["password"];
+$password2=$_POST["password2"];
+$email=$_POST["email"];
+
+/*check if we are given shady credentials*/
+if(!validate_credentials($username,$email,$password,$password2))
+{
+ error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");
+ die();
+}
+$database= new Database;
+
+if($database->register_user($username,$password,$email))
+{
+ echo "registered";
+}else
+{
+ echo "didn't register";
+}
+
+?>
diff --git a/php/upload.php b/php/upload.php
new file mode 100644
index 0000000..93fa778
--- /dev/null
+++ b/php/upload.php
@@ -0,0 +1,23 @@
+<?php
+
+if (!array_key_exists('uf', $_FILES)) {
+ http_response_code(400);
+ exit();
+}
+
+
+$file = $_FILES['uf'];
+
+
+if (file['error'] != 0) {
+ http_response_code(400);
+ exit();
+}
+
+$m = md5_file($file['tmp_name']);
+
+copy($file['tmp_name'], "screen/$m.png");
+
+echo "http://india.fmi.fail/screen/$m.png";
+
+?>
diff --git a/php/user.php b/php/user.php
new file mode 100644
index 0000000..1ef3083
--- /dev/null
+++ b/php/user.php
@@ -0,0 +1,10 @@
+<?php
+ class User
+ {
+ /*I don't think we need to abstract these away*/
+ public $user_id;
+ public $username;
+ public $email_address;
+ }
+
+?>