Webbserverprogrammering 1

Show sourcecode

The following files exists in this folder. Click to view.

Webserver1/Ovningar/Slutprojekt/

.env
DEBUG/
Media/
account.js
account.php
callback_log.txt
change_account_details.php
composer.json
composer.lock
forgot_pass.php
forgot_pass_new_pass.php
header.php
index.php
login.php
mediaplayer.php
node_modules/
package-lock.json
package.json
signup.php
style.css
upload.js
upload_callback.php
upload_callback_simulated.php
upload_chunk.php
upload_errors.log
upload_form.php
upload_handler.php
upload_success.log
vendor/
verify_file.php
verifypage.php

verifypage.php

117 lines UTF-8 Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
session_start();
include('../../incl/dbconnection.php');
/**
 * @var PDO $dbconn
 */

ini_set("SMTP""aspmx.l.google.com");
$headers "MIME-Version: 1.0" "\r\n";
$headers .= "Content-type: text/html; charset=UTF-8" "\r\n";
$headers .= "From: test@gmail.com" "\r\n";

define('VERIFICATION_TIMEOUT'60);

?>

<!DOCTYPE html>
<html lang="sv">

<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Verifikation</title>
</head>

<body>
  <?php
  // print_r($_SESSION);

  function unsetAllVerificationVars() : void {
    unset($_SESSION['has_mailed']);
    unset($_SESSION['hashedPass']);
    unset($_SESSION['verificationCode']);
    unset($_SESSION['verifyStart']);
    unset($_SESSION['verifyType']);
  }

  if (!isset($_SESSION['verifyStart'])) {
    $_SESSION['verifyStart'] = time();
  }
  $verificationCode = isset($_SESSION['verificationCode']) ? $_SESSION['verificationCode'] : null;
  $inputCode = isset($_POST['vCode']) ? $_POST['vCode'] : "";

  // Om det inte finns någon verifikationskod finns det inget att göra här
  if (!$verificationCode) {
    unsetAllVerificationVars();
    header("Location:signup.php");
    die;
  };

  if (time() - $_SESSION['verifyStart'] > VERIFICATION_TIMEOUT) {
    if ($_SESSION['verifyType'] == "CREATE") {
      unsetAllVerificationVars();
      header("Location:signup.php?reason=verifyTimeout");
      die;
    }
  }

  $email $_SESSION['email'] ?? "";
  $username $_SESSION['username'] ?? "";
  $hashedPass $_SESSION['hashedPass'] ?? "";

  try {
    if ($inputCode == $verificationCode) {
      if ($_SESSION['verifyType'] == "CREATE") {

        $dbconn->beginTransaction();
        // Create new row
        $sqlInsert "INSERT INTO bay_users (email, username, password) VALUES(?,?,?)";
        $insertStmt $dbconn->prepare($sqlInsert);
        $insertStmt->execute([$email$username$hashedPass]);
        $dbconn->commit();

        // Get information about new record
        $sqlSelect "SELECT id FROM bay_users WHERE username=?";
        $selectStmt $dbconn->prepare($sqlSelect);
        $selectStmt->execute([$username]);
        $result $selectStmt->fetch(PDO::FETCH_ASSOC);

        unsetAllVerificationVars();

        echo "<p class='text-center'>Konto skapat! Skickar vidare dig...</p>";
        $_SESSION['isLoggedIn'] = true;
        $_SESSION['userId'] = $result['user_id'];
        $_SESSION['userType'] = $result['user_type'];
        $_SESSION['username'] = $result['username'];
        $pageToSendTo = isset($_SESSION['lastVisited']) ? $_SESSION['lastVisited'] : "index.php";
        header("Location:$pageToSendTo");
        exit;
      }
      elseif ($_SESSION['verifyType'] == "FORGOT") {
        $_SESSION['pass_forgot_authorized'] = true;
        unsetAllVerificationVars();
        header("Location: change_account_details.php");
        exit;
      }
    }
  } catch (PDOException $e) {
    $dbconn->rollBack();
    echo "<p>PROBLEM UPPSTOD: " $e->getMessage() . "</p><p> FELKOD " $e->getCode() . "</p>";
    echo "<details><summary>Full information</summary>" $e "</details>";
  }

  if (!isset($_SESSION['has_mailed']) || !$_SESSION['has_mailed']) {
    echo "Skickade mail till $email";
    mail($email"Verifikationskod""Din verifikationskod är: <code>$verificationCode</code> <br> Koden går ut om <b>" strval(VERIFICATION_TIMEOUT 60) . " minuter</b>"$headers);
    $_SESSION['has_mailed'] = true;
  }
  ?>
  <form action="" method="post">
    <label for="vCode">Skriv den verifikationskod du fick mejlat:</label>
    <input type="text" id="vCode" name="vCode">
    <input type="submit" value="Verifiera">
  </form>
</body>

</html>