Webbserverprogrammering 1

Show sourcecode

The following files exists in this folder. Click to view.

Webserver1/Ovningar/Slutprojekt/

.env
DEBUG/
Media/
account.js
account.php
callback_log.txt
change_account_details.php
composer.json
composer.lock
forgot_pass.php
forgot_pass_new_pass.php
header.php
index.php
login.php
mediaplayer.php
node_modules/
package-lock.json
package.json
signup.php
style.css
upload.js
upload_callback.php
upload_callback_simulated.php
upload_chunk.php
upload_errors.log
upload_form.php
upload_handler.php
upload_success.log
vendor/
verify_file.php
verifypage.php

change_account_details.php

153 lines UTF-8 Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
<?php
  session_start();


  /**
   * @var PDO $dbconn
   * @var bool $local
   * @var class DBManager
   */
  include('../../incl/dbconnection.php');

  $dbmanager = new DBManager();

  $cur_pas $_POST['current-password-input'] ?? null;
  $new_pas $_POST['new-password-input'] ?? null;
  $check_pas $_POST['new-password-check-input'] ?? null;
  $no_cur_pass_req $_SESSION['pass_forgot_authorized'] ?? null;
  $email $_SESSION['email'] ?? null;
  $user_id $_SESSION["userId"] ?? null;

  if (!$user_id && !$no_cur_pass_req) {
    header("Location:login.php");
  }

  function verifyDetails($new_pas$check_pas$cur_pas) : bool {
    global $dbmanager$user_id$no_cur_pass_req;
    if ($new_pas != $check_pas) {
      $_SESSION['flash_msg'] = "Nytt lösenord matchar inte med kontrollrutan!";
      return false;
    }
    if ($no_cur_pass_req) {
      return true// Ska bara kolla om man skrev rätt 2 gånger
    }
    
    $actual_pass $dbmanager->fetch_from_table(["password"], "bay_users", ["id" => $user_id])[0]['password'] ?: null;
    // Kolla om rätt nuvarande lösenord
    if (!password_verify($cur_pas$actual_pass)) {
      $_SESSION['flash_msg'] = "Fel nuvarande lösenord!";
      return false;
    }
    return true;
  }

  if (($cur_pas || $no_cur_pass_req) && $new_pas && $check_pas) {
    if (verifyDetails($new_pas$check_pas$cur_pas)) {
      $hashed_pass password_hash($new_pasPASSWORD_BCRYPT);
      if ($user_id) {
        $dbmanager->update_table_values(
          "bay_users",
          [
            "password" => $hashed_pass
          ],
          [
            "id" => $user_id
          ]
        );
      }
      else {
        $dbmanager->update_table_values(
          "bay_users",
          [
            "password" => $hashed_pass
          ],
          [
            "email" => $email
          ]
        );
        $result $dbmanager->fetch_from_table(["username"], "bay_users", ["email" => $email]);
        $username $result[0]["username"];
      }
      $_SESSION['flash_msg'] = "Ditt lösenord har uppdaterats. Ditt användarnamn är: $username";
      unset($_SESSION['pass_forgot_authorized']);
      unset($_SESSION['verificationCode']);
      unset($_SESSION['verifyStart']);
      unset($_SESSION['verifyType']);
      unset($_SESSION['has_mailed']);
      unset($_SESSION['hashedPass']);
      header("Location: login.php");
      exit;
    }
  }
?>

<!DOCTYPE html>
<html lang="sv">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Ändra kontouppgifter</title>
  <link rel="stylesheet" href="style.css">
  <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet">
  <style>
    form {
      display: grid;
      justify-items: center;
    }
    form .row {
      margin: 1rem;
    }
  </style>
</head>
<body>
  <?php include("./header.php"?>

  <form method="post">
    <h1>Ändra lösenord</h1>
    <?php 
    if (isset($_SESSION['flash_msg'])) {
      echo "<p>" $_SESSION['flash_msg'] . "</p>";
      unset($_SESSION['flash_msg']);
    }
    if (!$no_cur_pass_req):
    ?>
    <div class="row">
      <label for="current-password-input">Nuvarande lösenord:</label>
      <input required type="password" name="current-password-input" id="current-password-input" autocomplete="current-password">
    </div>
    <?php 
    endif;
    ?>
    <div class="row">
      <label for="new-password-input">Nytt lösenord:</label>
      <input required type="password" name="new-password-input" id="new-password-input" autocomplete="new-password">
    </div>

    <div class="row">
      <label for="new-password-check-input">Nytt lösenord (igen):</label>
      <input required type="password" name="new-password-check-input" id="new-password-check-input" autocomplete="new-password">
    </div>

    <input disabled id="submit-button" type="submit" value="Byt lösenord">
  </form>

  <script>
    const submitBtn = document.getElementById("submit-button");
    const curPas = document.getElementById("current-password-input");
    const newPas = document.getElementById("new-password-input");
    const checkPas = document.getElementById("new-password-check-input");
  
    function validate() {
      if (checkPas.value != newPas.value) {
        checkPas.style.outline = "1px solid red";
        submitBtn.disabled = true;
      }
      else {
        checkPas.style.outline = "1px solid lime";
        submitBtn.disabled = false;
      }
    }
    checkPas.addEventListener("input", validate);
  </script>
</body>
</html>