-
Notifications
You must be signed in to change notification settings - Fork 0
/
secure.php
executable file
·108 lines (96 loc) · 2.57 KB
/
secure.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
session_start();
require_once( "./lib/dbhandler.php" );
function login( $username, $password ) {
if ( checkUser( $username, $password ) ) {
$_SESSION['user'] = $username;
$_SESSION['loggedIn'] = true;
return true;
}
return false;
}
function logOut() {
session_destroy();
}
function isLoggedIn() {
if ( isset( $_SESSION['loggedIn'] ) && $_SESSION['loggedIn'] ) {
if ( getUserData( $_SESSION['user'] ) ) {
return true;
}
}
return false;
}
function checkUser( $username, $password ) {
$temp = getUserData( $username );
if ( $temp['password'] == hashPlaintext( $password ) && strlen( $password ) > 0 ) {
return true;
} else {
return false;
}
}
function hashPlaintext( $pwd ) {
return crypt( $pwd, SECURE_HASH );
}
function changePasswordForUser( $username, $oldpassword, $newpassword ) {
if ( checkUser( $username, $oldpassword ) ) {
return changePassword( $username, hashPlaintext( $newpassword ) );
} else {
return false;
}
}
function init() {
// intially insert admin user
echo insertUser( "admin", "Administrator", hashPlaintext( "1234" ), "", "admin" );
}
if ( isset( $_POST['username'] ) && isset( $_POST['password'] ) ) {
login( $_POST['username'], $_POST['password'] );
}
if ( isset( $_GET['logout'] ) ) {
logOut();
header( "location:/admin" );
die();
}
if ( isset( $_POST['oldpass'] ) && isset( $_POST['newpass'] ) && isset( $_POST['newpass2'] ) ) {
if ( $_POST['newpass'] == $_POST['newpass2'] ) {
changePasswordForUser( $_SESSION['user'], $_POST['oldpass'], $_POST['newpass2'] );
}
header( "location:/admin" );
die();
}
if ( isset( $_GET['deleteuser'] ) ) {
if ( getUserData( $_GET['deleteuser'] ) ) {
removeUser( $_GET['deleteuser'] );
}
header( "location:/admin" );
die();
}
if ( isLoggedIn() ) {
// do nothing
} else {
?>
<html>
<head>
<meta charset="utf-8">
<title>File Sharing</title>
<script src="./lib/jq.js"></script>
<link rel="stylesheet" href="./lib/styles.css"/>
</head>
<body>
<div id="login">
<form class="form-container" action="/admin" method="post">
<div class="form-title"><h2>Login</h2></div>
<div class="form-title">Username</div>
<input class="form-field" type="text" name="username"/><br/>
<div class="form-title">Password</div>
<input class="form-field" type="password" name="password"/><br/>
<div class="submit-container">
<input class="submit-button" type="submit" value="Submit"/>
</div>
</form>
</div>
</body>
</html>
<?php
die();
}
?>