andreas/hForumPHP
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Initial commit

Browse Source 
bla
This commit is contained in:
Andreas Schaafsma 2019-04-06 16:14:29 +02:00
parent cd762249ed
commit 57691246ed
50 changed files with 1247 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.vscode/launch.json vendored Normal file
View File

@ -0,0 +1,24 @@
{
// Use IntelliSense to learn about possible attributes.
// Hover to view descriptions of existing attributes.
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
"version": "0.2.0",
"configurations": [
{
"name": "Listen for XDebug",
"type": "php",
"request": "launch",
"port": 9000
},
{
"name": "Launch currently open script",
"type": "php",
"request": "launch",
"program": "${file}",
"cwd": "${fileDirname}",
"port": 9000
}
],
"php.executablePath": "C:/xampp/php/php.exe",
"php.suggest.basic": "false"
}

26
dev/app/HUtils.php Normal file
View File

@ -0,0 +1,26 @@
<?php
Class HUtils{
static function issetPost($arr_postvars){
for ($i=0; $i <sizeof($arr_postvars) ; $i++)
{
if(!isset($_POST[$arr_postvars[$i]])){
return false;
}
}
return true;
}
static function issetSession($arr_sessionvars)
{
for ($i=0; $i <sizeof($arr_sessionvars) ; $i++) {
if(!isset($_POST[$arr_sessionvars[$i]])){
return false;
}
}
return true;
}
static function sqlDateToPhpDate($date){
return new DateTime($date);
}
}
?>

17
dev/app/assets/AssetHandler.php Normal file
View File

@ -0,0 +1,17 @@
<?php
class AssetHandler{
static function printAsset($image, $doSize=false, $size=128){
if($doSize){
echo '<img src="./img/'.$image.'" width='.$size.' height='.$size.' >';
}
else{
echo '<img src="./img/'.$image.'>';
}
}
}
?>

218
dev/app/db/Database.php Normal file
View File

@ -0,0 +1,218 @@
<?php
Class Database{
static function connectToDB(){
//Defineer vars
$sql_server = "localhost";
$sql_username = "root";
$sql_password = "kankerlow";
$sql_database = "webforum";
$dsn = "mysql:host=$sql_server;dbname=$sql_database";
//Maak verbinding
$con = new PDO($dsn, $sql_username, $sql_password);
return $con;
}
//Controleert of het email adres al in de database voorkomt. Returnt true indien wel.
static function checkUsedEmail($email){
//Verbind met de database
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where email = :email");
//Bind parameters
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
//Voer de query uit
$query->execute();
//Check de hoeveelheid rijen die de database returnt.
if($query->rowCount() == 0){
//Email adres is niet in gebruik, return false
return false;
}
else{
//Email is al in gebruik of komt meer dan een keer voor. Beide gevallen zijn een probleem dus return true.
return true;
}
}
//Controleert of de gebruikersnaam al in de database voorkomt. Returnt true indien wel.
static function checkUsedUsername($username){
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where username = :username");
//Bind parameters
$query->bindParam(':username', $username, PDO::PARAM_STR, 256);
//Voer de query uit
$query->execute();
//Check de hoeveelheid rijen die de database returnt.
if($query->rowCount() == 0){
//Username adres is niet in gebruik, return false
return false;
}
else{
//Username is al in gebruik of komt meer dan een keer voor. Beide gevallen zijn een probleem dus return true.
return true;
}
}
//Registreert een gebruiker. Neemt als invoer email, wachtwoord, gebruikersnaam.
static function registerUser($email, $password, $username){
$ip = $_SERVER['REMOTE_ADDR'];
//Initit db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("INSERT INTO users (username, email, password, reg_ip) VALUES (:username, :email, :password, :ip)");
//Bind parameters
$query->bindParam(':username', $username, PDO::PARAM_STR, 256);
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
$query->bindParam(':ip', $ip, PDO::PARAM_STR, 256);
//Voer query uit
$query->execute();
}
//Check of gegeven login info in de database voorkomt
static function isLoginValid($email, $password){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where email = :email AND password = :password");
//Bind params
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
//login correct (komt voor in de db)
return true;
}
else{
//Incorrect
return false;
}
}
//Vraag gebruikers ID op doormiddel van email en pass
static function getUID($email, $password){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT id FROM users where email = :email AND password = :password");
//Bind params
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return -1;
}
}
static function getUsername($uid){
$con = Database::connectToDB();
$query = $con->prepare("SELECT username FROM users where id = :uid");
$query->bindParam(':uid', $uid, PDO::PARAM_STR, 256);
$query->execute();
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return "dbfetcherror";
}
}
static function isSessionTokenInUse($token){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM usersessions where token = :token");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 0){
return false;
}
else{
return true;
}
}
static function registerNewSession($uid, $token, $expires){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("INSERT INTO usersessions (uid, token, expires) VALUES (:uid, :token, :expires)");
//Bind params
$query->bindParam(':uid', $uid, PDO::PARAM_INT);
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->bindParam(':expires', $expires, PDO::PARAM_STR);
//Voer query it
$query->execute();
}
static function isSessionValid($token, $uid){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM usersessions where token = :token AND uid = :uid AND expires > NOW()");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->bindParam(':uid', $uid, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
return true;
}
else{
return false;
}
}
static function invalidateSession($token){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE token = :token");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
}
static function invalidateSessionByUID($uid){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE uid = :uid");
//Bind params
$query->bindParam(':token', $uid, PDO::PARAM_INT);
//Voer query it
$query->execute();
}
static function deleteExpiredSessions(){
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE expires < NOW()");
$query->execute();
}
static function getSessionExpiryDate($token){
$con = Database::connectToDB();
$query = $con->prepare("SELECT expires FROM usersessions where token = :token");
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->execute();
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return "2000-01-01 00:00:00";
}
}
static function createThread(){
}
}
?>

92
dev/app/login/UserSession.php Normal file
View File

@ -0,0 +1,92 @@
<?php
Class UserSession{
public $username = "undefined";
public $uid = -1;
public $token = "undefined";
public $expires;
public function UserSession($username, $uid, $token = "undefined"){
$this->username = $username;
$this->uid = $uid;
$this->token = $token;
$this->setExpiry();
//echo($username."<br>");
//echo($loginSessionToken);
$_SESSION['usersession'] = $this;
setcookie('usersession', $this->token);
setcookie('uid', $this->uid);
}
public function setSessionToken($token){
$this->token = $token;
}
public function getSessionToken(){
return $this->token;
}
public function getFormattedExpiry(){
return $this->expires->format('Y-m-d H:i:s');
}
public function setExpiry(){
$this->expires = new DateTime();
$this->expires->modify("+ 1 hour");
}
public static function generateToken(){
$chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$token = "";
for ($i=0; $i < 32 ; $i++) {
$token .= $chars[rand(0, strlen($chars) - 1)];
}
return $token;
}
public static function isSessionValid(){
if(isset($_SESSION['usersession'])){
if(!UserSession::isSessionExpired($_SESSION['usersession'])){
//check if session also exists in database
return true;
}
}
else{
if(isset($_COOKIE['usersession'])){
$token = $_COOKIE['usersession'];
$uid = $_COOKIE['uid'];
if(Database::isSessionValid($token,$uid)){
$username = Database::getUsername($uid);
$session = new UserSession($username, $uid, $token);
$session->expires = new DateTime(Database::getSessionExpiryDate($token));
}
else{
return false;
}
if(!UserSession::isSessionExpired($session)){
return true;
}
}
return false;
}
}
public static function getSession()
{
return $_SESSION['usersession'];
}
public static function isSessionExpired($session){
//session is expired
if(new DateTime() > $session->expires){
return true;
}
//session is not expired
else{
return false;
}
}
public static function isUserSignedIn(){
if(UserSession::isSessionValid()){
if(!UserSession::isSessionExpired(UserSession::getSession())){
if(Database::isSessionValid(UserSession::getSession()->token, UserSession::getSession()->uid)){
return true;
}
}
else{
return false;
}
}
}
}
?>

46
dev/app/login/attempt_login.php Normal file
View File

@ -0,0 +1,46 @@
<?php
$debuginfo = false;
include_once("./app/login/UserSession.php");
include_once("./app/db/Database.php");
include_once("./app/HUtils.php");
if(!UserSession::isSessionValid()){
if(HUtils::issetPost(['email','password'])){
if(Database::isLoginValid($_POST['email'], $_POST['password'])){
//obtain UID
$uid = Database::getUID($_POST['email'], $_POST['password']);
if($uid != -1){
//obtain username
$username = Database::getUsername($uid);
//gen unique session token
$token = UserSession::generateToken();
//regen if already in use
while(Database::isSessionTokenInUse($token)){
$token = UserSession::generateToken();
}
$a = new UserSession($username, $uid, $token);
if($debuginfo){
echo $a->getSessionToken();
echo "<br>";
echo $a->uid;
echo "<br>";
echo $a->username;
}
//clean up expired sessions from ANY users
Database::deleteExpiredSessions();
Database::registerNewSession($a->uid, $a->token, $a->getFormattedExpiry());
//logged in, time to continue with other stuff
}
else{
echo "uid returned -1 from db interface";
}
}
else{
echo("login invalid");
}
}
}
else{
//we're done, don't even need to log in, session already active
//echo($_SESSION['usersession']->uid);
}
?>

12
dev/app/login/attempt_logout.php Normal file
View File

@ -0,0 +1,12 @@
<?php
include_once("UserSession.php");
if(UserSession::isSessionValid()){
Database::invalidateSession(UserSession::getSession()->token);
session_destroy();
}
?>

3
dev/app/login/destroy.php Normal file
View File

@ -0,0 +1,3 @@
<?php
session_destroy();
?>

6
dev/app/pagecontent/content_createthread.php Normal file
View File

@ -0,0 +1,6 @@
<?php
?>

7
dev/app/pagecontent/content_header.php Normal file
View File

@ -0,0 +1,7 @@
<?php
include_once("./app/assets/AssetHandler.php");
AssetHandler::printAsset("logo.png", true, 128);
?>
<nav>
<a href="?p=login">log in</a> <a href="?p=register">register</a> <a href="?p=">home</a>
</nav>

6
dev/app/pagecontent/content_header_signedin.php Normal file
View File

@ -0,0 +1,6 @@
<?php
include("./app/assets/logo.php");
?>
<nav>
<a href="?p=attempt_logout">log out</a> <a href="?p=">home</a> <a href="?p=destroy">simulate browser session expiry</a>
</nav>

3
dev/app/pagecontent/content_index.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>Welkom op hForumPHP. Log in of registreer om iets te doen.</h1>
</article>

57
dev/app/pagecontent/content_page.php Normal file
View File

@ -0,0 +1,57 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>
<?=$sSiteTitle?>
</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" media="screen" href="css/main.css" />
</head>
<body>
<header>
<?php
if(UserSession::isUserSignedIn()){
include("./app/pagecontent/content_header_signedin.php");
}else{
include("./app/pagecontent/content_header.php");
}
?>
</header>
<main>
<?php
//Laad juiste pagina content
switch($p){
case '':
include("./app/pagecontent/content_index.php");
break;
case 'register':
include("./app/pagecontent/login/content_register.php");
break;
case 'login':
include("./app/pagecontent/login/content_login.php");
break;
case 'attempt_reg':
include("We signed you up (probably)");
break;
case 'attempt_login':
if(UserSession::isUserSignedIn()){
include("./app/pagecontent/login/content_login_succesful.php");
}else{
include("./app/pagecontent/login/content_login_unsuccesful.php");
}
break;
case 'attempt_logout':
break;
case 'destroy':
include("./app/pagecontent/login/content_destroy.php");
break;
default:
echo "404";
break;
}
?>
</main>
</body>
</html>

3
dev/app/pagecontent/login/content_destroy.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>You're still signed in thanks to our cookies!</h1>
</article>

10
dev/app/pagecontent/login/content_login.php Normal file
View File

@ -0,0 +1,10 @@
<article>
<form action="?p=attempt_login" method="post">
E-mail: <input type="text" name="email"><br>
Password: <input type="password" name="password"><br>
<input type="submit">
</form>
</article>
<?php
?>

8
dev/app/pagecontent/login/content_login_succesful.php Normal file
View File

@ -0,0 +1,8 @@
<article>
<h1>Login succesful :DDDDDDDD</h1>
</article>
<?php
//print_r($_COOKIE['usersession']);
?>

3
dev/app/pagecontent/login/content_login_unsuccesful.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>UNEXPECTED LOGIN ERROR. OUR CODEMONKEYS DID SOMETHING VERY WRONG :(</h1>
</article>

9
dev/app/pagecontent/login/content_register.php Normal file
View File

@ -0,0 +1,9 @@
<article>
<form action="attempt_register.php" method="post">
Username: <input type="text" name="name"><br>
E-mail: <input type="text" name="email"><br>
Password: <input type="password" name="pass"><br>
Verify Password: <input type="password" name="pass2"><br>
<input type="submit">
</form>
</article>

19
dev/app/registration/attempt_register.php Normal file
View File

@ -0,0 +1,19 @@
<?php
//Include classes
include_once("./app/db/Database.php");
include_once("./app/HUtils.php");
if(HUtils::issetPost(['email', 'pass', 'name'])){
if($_POST['pass'] == $_POST['pass2']){
//Check of email aanwezig is in de database
if(!Database::checkUsedEmail($_POST['email']) && !Database::checkUsedUsername($_POST['name'])){
Database::registerUser($_POST['email'], $_POST['pass'], $_POST['name']);
}
}
else{
echo("REGISTRATION FAILED: PASSWORD VERIFICATION MISSMATCH");
}
}
else{
echo "POST UNSUCCESFUL: POST DATA INCOMPLETE OR NOT FOUND";
}
?>

0
dev/css/main.css Normal file
View File

BIN
dev/img/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

32
dev/index.php Normal file
View File

@ -0,0 +1,32 @@
<?php
//include class lib.
include_once("./app/db/Database.php");
include_once("./app/login/UserSession.php");
include_once("./app/HUtils.php");
session_start();
//initialiseer standaard variabelen
$p="";
//check of pagina gespecificeerd is in de
if(isset($_GET['p'])){
$p = $_GET['p'];
}
//Doe server-side operaties die afgerond moeten worden voordat de pagina is geladen.
switch($p){
case 'destroy':
include("./app/login/destroy.php");
break;
case 'attempt_login':
include("./app/login/attempt_login.php");
break;
case 'attempt_logout':
include("./app/login/attempt_logout.php");
break;
case 'attempt_reg':
include("./app/registration/attempt_register.php");
break;
default:
break;
}
//laad de pagina
include("./app/pagecontent/content_page.php");
?>

12
dev_mvc/controller/AssetHandler.php Normal file
View File

@ -0,0 +1,12 @@
<?php
class AssetHandler{
static function printAsset($image, $doSize=false, $size=128){
if($doSize){
echo '<img src="./view/img/'.$image.'" width='.$size.' height='.$size.' >';
}
else{
echo '<img src="./view/img/'.$image.'>';
}
}
}
?>

218
dev_mvc/controller/Database.php Normal file
View File

@ -0,0 +1,218 @@
<?php
Class Database{
static function connectToDB(){
//Defineer vars
$sql_server = "localhost";
$sql_username = "root";
$sql_password = "kankerlow";
$sql_database = "webforum";
$dsn = "mysql:host=$sql_server;dbname=$sql_database";
//Maak verbinding
$con = new PDO($dsn, $sql_username, $sql_password);
return $con;
}
//Controleert of het email adres al in de database voorkomt. Returnt true indien wel.
static function checkUsedEmail($email){
//Verbind met de database
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where email = :email");
//Bind parameters
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
//Voer de query uit
$query->execute();
//Check de hoeveelheid rijen die de database returnt.
if($query->rowCount() == 0){
//Email adres is niet in gebruik, return false
return false;
}
else{
//Email is al in gebruik of komt meer dan een keer voor. Beide gevallen zijn een probleem dus return true.
return true;
}
}
//Controleert of de gebruikersnaam al in de database voorkomt. Returnt true indien wel.
static function checkUsedUsername($username){
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where username = :username");
//Bind parameters
$query->bindParam(':username', $username, PDO::PARAM_STR, 256);
//Voer de query uit
$query->execute();
//Check de hoeveelheid rijen die de database returnt.
if($query->rowCount() == 0){
//Username adres is niet in gebruik, return false
return false;
}
else{
//Username is al in gebruik of komt meer dan een keer voor. Beide gevallen zijn een probleem dus return true.
return true;
}
}
//Registreert een gebruiker. Neemt als invoer email, wachtwoord, gebruikersnaam.
static function registerUser($email, $password, $username){
$ip = $_SERVER['REMOTE_ADDR'];
//Initit db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("INSERT INTO users (username, email, password, reg_ip) VALUES (:username, :email, :password, :ip)");
//Bind parameters
$query->bindParam(':username', $username, PDO::PARAM_STR, 256);
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
$query->bindParam(':ip', $ip, PDO::PARAM_STR, 256);
//Voer query uit
$query->execute();
}
//Check of gegeven login info in de database voorkomt
static function isLoginValid($email, $password){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM users where email = :email AND password = :password");
//Bind params
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
//login correct (komt voor in de db)
return true;
}
else{
//Incorrect
return false;
}
}
//Vraag gebruikers ID op doormiddel van email en pass
static function getUID($email, $password){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT id FROM users where email = :email AND password = :password");
//Bind params
$query->bindParam(':email', $email, PDO::PARAM_STR, 256);
$query->bindParam(':password', $password, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return -1;
}
}
static function getUsername($uid){
$con = Database::connectToDB();
$query = $con->prepare("SELECT username FROM users where id = :uid");
$query->bindParam(':uid', $uid, PDO::PARAM_STR, 256);
$query->execute();
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return "dbfetcherror";
}
}
static function isSessionTokenInUse($token){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM usersessions where token = :token");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 0){
return false;
}
else{
return true;
}
}
static function registerNewSession($uid, $token, $expires){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("INSERT INTO usersessions (uid, token, expires) VALUES (:uid, :token, :expires)");
//Bind params
$query->bindParam(':uid', $uid, PDO::PARAM_INT);
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->bindParam(':expires', $expires, PDO::PARAM_STR);
//Voer query it
$query->execute();
}
static function isSessionValid($token, $uid){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("SELECT * FROM usersessions where token = :token AND uid = :uid AND expires > NOW()");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->bindParam(':uid', $uid, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
//Check hoeveelheid teruggestuurde rijen
if($query->rowCount() == 1){
return true;
}
else{
return false;
}
}
static function invalidateSession($token){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE token = :token");
//Bind params
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
//Voer query it
$query->execute();
}
static function invalidateSessionByUID($uid){
//Init db connection
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE uid = :uid");
//Bind params
$query->bindParam(':token', $uid, PDO::PARAM_INT);
//Voer query it
$query->execute();
}
static function deleteExpiredSessions(){
$con = Database::connectToDB();
//Bereid query voor
$query = $con->prepare("DELETE FROM usersessions WHERE expires < NOW()");
$query->execute();
}
static function getSessionExpiryDate($token){
$con = Database::connectToDB();
$query = $con->prepare("SELECT expires FROM usersessions where token = :token");
$query->bindParam(':token', $token, PDO::PARAM_STR, 256);
$query->execute();
if($query->rowCount() == 1){
//login correct, return uid
$result = $query->fetch(PDO::FETCH_COLUMN);
return $result;
}
else{
//something went wrong, return -1
return "2000-01-01 00:00:00";
}
}
static function createThread(){
}
}
?>

36
dev_mvc/controller/HUtils.php Normal file
View File

@ -0,0 +1,36 @@
<?php
Class HUtils{
static function issetPost($arr_postvars){
for ($i=0; $i <sizeof($arr_postvars) ; $i++)
{
if(!isset($_POST[$arr_postvars[$i]])){
return false;
}
}
return true;
}
static function issetSession($arr_sessionvars)
{
for ($i=0; $i <sizeof($arr_sessionvars) ; $i++) {
if(!isset($_POST[$arr_sessionvars[$i]])){
return false;
}
}
return true;
}
static function sqlDateToPhpDate($date){
return new DateTime($date);
}
static function getPage(){
$p = "";
if(isset($_GET['p'])){
$p = $_GET['p'];
}
return $p;
}
static function getSiteTitle(){
return "hPHPForum";
}
}
?>

96
dev_mvc/controller/UserSession.php Normal file
View File

@ -0,0 +1,96 @@
<?php
Class UserSession{
public $username = "undefined";
public $uid = -1;
public $token = "undefined";
public $expires;
public function UserSession($username, $uid, $token = "undefined"){
$this->username = $username;
$this->uid = $uid;
$this->token = $token;
$this->setExpiry();
//echo($username."<br>");
//echo($loginSessionToken);
$_SESSION['usersession'] = $this;
setcookie('usersession', $this->token);
setcookie('uid', $this->uid);
}
public function setSessionToken($token){
$this->token = $token;
}
public function getSessionToken(){
return $this->token;
}
public function getFormattedExpiry(){
return $this->expires->format('Y-m-d H:i:s');
}
public function setExpiry(){
$this->expires = new DateTime();
$this->expires->modify("+ 1 hour");
}
public static function generateToken(){
$chars = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$token = "";
for ($i=0; $i < 32 ; $i++) {
$token .= $chars[rand(0, strlen($chars) - 1)];
}
return $token;
}
public static function isSessionValid(){
if(isset($_SESSION['usersession'])){
if(!Database::isSessionValid($_SESSION['usersession']->token, $_SESSION['usersession']->uid)){
include_once("./model/model_attempt_logout.php");
return false;
}
if(!UserSession::isSessionExpired($_SESSION['usersession'])){
//check if session also exists in database
return true;
}
}
else{
if(isset($_COOKIE['usersession'])){
$token = $_COOKIE['usersession'];
$uid = $_COOKIE['uid'];
if(Database::isSessionValid($token,$uid)){
$username = Database::getUsername($uid);
$session = new UserSession($username, $uid, $token);
$session->expires = new DateTime(Database::getSessionExpiryDate($token));
}
else{
return false;
}
if(!UserSession::isSessionExpired($session)){
return true;
}
}
return false;
}
}
public static function getSession()
{
return $_SESSION['usersession'];
}
public static function isSessionExpired($session){
//session is expired
if(new DateTime() > $session->expires){
return true;
}
//session is not expired
else{
return false;
}
}
public static function isUserSignedIn(){
if(UserSession::isSessionValid()){
if(!UserSession::isSessionExpired(UserSession::getSession())){
if(Database::isSessionValid(UserSession::getSession()->token, UserSession::getSession()->uid)){
return true;
}
}
else{
return false;
}
}
}
}
?>

27
dev_mvc/index.php Normal file
View File

@ -0,0 +1,27 @@
<?php
/*Code door Andreas Schaafsma ITA4-1b
*
* Notities voor bij nakijken
* $_POST[] is gebruikt binnen de model_attempt_login.php en model_attempt_register.php bestanden
* Alle regeling van de database connectie zit in ./controller/Database.php doormiddel van static class members om alles makkelijk te groeperen
* Er is ook een rudimentair login token systeem om ervoor te zorgen dat gebruikers ingelogd blijven zelfs als de $_SESSION[] vervalt.
* Deze login status verdwijnt weer na ongeveer een uurtje
*
*/
//include class lib.
include_once("./controller/Database.php");
include_once("./controller/UserSession.php");
include_once("./controller/HUtils.php");
session_start();
//Store de geselecteerde pagina in variabele $page
$page=HUtils::getPage();
//Model side operaties die afgerond moeten worden voor de paginacontent in wordt geladen
$path = "./model/model_".$page.".php";
if($page != ""){
if(file_exists($path)){
include_once($path);
}
}
//laad de pagina view
include("./view/pagecontent/content_page.php");
?>

46
dev_mvc/model/model_attempt_login.php Normal file
View File

@ -0,0 +1,46 @@
<?php
$debuginfo = false;
include_once("./controller/UserSession.php");
include_once("./controller/Database.php");
include_once("./controller/HUtils.php");
if(!UserSession::isSessionValid()){
if(HUtils::issetPost(['email','password'])){
if(Database::isLoginValid($_POST['email'], $_POST['password'])){
//obtain UID
$uid = Database::getUID($_POST['email'], $_POST['password']);
if($uid != -1){
//obtain username
$username = Database::getUsername($uid);
//gen unique session token
$token = UserSession::generateToken();
//regen if already in use
while(Database::isSessionTokenInUse($token)){
$token = UserSession::generateToken();
}
$a = new UserSession($username, $uid, $token);
if($debuginfo){
echo $a->getSessionToken();
echo "<br>";
echo $a->uid;
echo "<br>";
echo $a->username;
}
//clean up expired sessions from ANY users
Database::deleteExpiredSessions();
Database::registerNewSession($a->uid, $a->token, $a->getFormattedExpiry());
//logged in, time to continue with other stuff
}
else{
echo "uid returned -1 from db interface";
}
}
else{
echo("login invalid");
}
}
}
else{
//we're done, don't even need to log in, session already active
//echo($_SESSION['usersession']->uid);
}
?>

12
dev_mvc/model/model_attempt_logout.php Normal file
View File

@ -0,0 +1,12 @@
<?php
include_once("./controller/UserSession.php");
if(UserSession::isSessionValid()){
Database::invalidateSession(UserSession::getSession()->token);
session_destroy();
}
?>

19
dev_mvc/model/model_attempt_register.php Normal file
View File

@ -0,0 +1,19 @@
<?php
//Include classes
include_once("./controller/Database.php");
include_once("./controller/HUtils.php");
if(HUtils::issetPost(['email', 'pass', 'name'])){
if($_POST['pass'] == $_POST['pass2']){
//Check of email aanwezig is in de database
if(!Database::checkUsedEmail($_POST['email']) && !Database::checkUsedUsername($_POST['name'])){
Database::registerUser($_POST['email'], $_POST['pass'], $_POST['name']);
}
}
else{
echo("REGISTRATION FAILED: PASSWORD VERIFICATION MISSMATCH");
}
}
else{
echo "POST UNSUCCESFUL: POST DATA INCOMPLETE OR NOT FOUND";
}
?>

3
dev_mvc/model/model_destroy.php Normal file
View File

@ -0,0 +1,3 @@
<?php
session_destroy();
?>

10
dev_mvc/view/css/main.css Normal file
View File

@ -0,0 +1,10 @@
*{
font-family: Arial, Helvetica, sans-serif;
}
header{
background-color: bisque;
}
a{
margin-right: 10px;
text-decoration: none;
}

BIN
dev_mvc/view/img/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

51
dev_mvc/view/js/checkform.js Normal file
View File

@ -0,0 +1,51 @@
var arrWarnings = [];
var arrProblems = [];
function checkInputs(){
var boolProblem = false;
document.getElementById("jsSignupAlert").innerHTML = "";
if(document.getElementById("name").value == ""){
arrWarnings[0] = "name field is empty<br>";
boolProblem = true
}
else{
arrWarnings[0] = "";
}
if(document.getElementById("email").value == ""){
arrWarnings[1] = "email field is empty<br>";
boolProblem = true
}
else{
arrWarnings[1] = ""
}
if(document.getElementById("pass").value == ""){
arrWarnings[2] = "pass field is empty<br>";
boolProblem = true
}
else{
arrWarnings[2] = ""
}1
if(document.getElementById("pass2").value == ""){
arrWarnings[3] = "pass verification field is empty<br>";
boolProblem = true
}
else{
arrWarnings[3] = ""
}
if(document.getElementById("pass").value == document.getElementById("pass2").value){
arrWarnings[4] = "";
}
else{
arrWarnings[4] = "pass verification field doesnt match";
boolProblem = true
}
for (var i = 0; i < arrWarnings.length; i++) {
document.getElementById("jsSignupAlert").innerHTML += arrWarnings[i];
}
if(boolProblem){
document.getElementById("submitButton").disabled = true;
}
else{
document.getElementById("submitButton").disabled = false;
}
}

3
dev_mvc/view/pagecontent/content_404.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>This page does not exist!</h1>
</article>

7
dev_mvc/view/pagecontent/content_attempt_login.php Normal file
View File

@ -0,0 +1,7 @@
<?php
if(UserSession::isUserSignedIn()){
include("./view/pagecontent/login/content_login_succesful.php");
}else{
include("./view/pagecontent/login/content_login_unsuccesful.php");
}
?>

3
dev_mvc/view/pagecontent/content_attempt_logout.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>You've been succesfully logged out</h1>
</article>

3
dev_mvc/view/pagecontent/content_attempt_register.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>Successfully registered!</h1>
</article>

6
dev_mvc/view/pagecontent/content_createthread.php Normal file
View File

@ -0,0 +1,6 @@
<?php
?>

3
dev_mvc/view/pagecontent/content_destroy.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>You're still signed in thanks to our cookies!</h1>
</article>

7
dev_mvc/view/pagecontent/content_header.php Normal file
View File

@ -0,0 +1,7 @@
<?php
if(UserSession::isUserSignedIn()){
include("./view/pagecontent/header/content_header_signedin.php");
}else{
include("./view/pagecontent/header/content_header_signedout.php");
}
?>

3
dev_mvc/view/pagecontent/content_index.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>Welkom op hForumPHP. Log in of registreer om iets te doen.</h1>
</article>

10
dev_mvc/view/pagecontent/content_login.php Normal file
View File

@ -0,0 +1,10 @@
<article>
<form action="?p=attempt_login" method="post">
E-mail: <input type="text" name="email"><br>
Password: <input type="password" name="password"><br>
<input type="submit">
</form>
</article>
<?php
?>

36
dev_mvc/view/pagecontent/content_page.php Normal file
View File

@ -0,0 +1,36 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>
<?=HUtils::getSiteTitle();?>
</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" media="screen" href="./view/css/main.css" />
</head>
<body>
<header>
<?php
include_once("./view/pagecontent/content_header.php");
?>
</header>
<main>
<?php
//Store de geselecteerde pagina in variabele $page
$page=HUtils::getPage();
//Laad de juiste view
$path = "./view/pagecontent/content_".$page.".php";
if($page != ""){
if(file_exists($path)){
include_once($path);
}
else{
include_once("./view/pagecontent/content_404.php");
}
}
?>
</main>
</body>
</html>

11
dev_mvc/view/pagecontent/content_register.php Normal file
View File

@ -0,0 +1,11 @@
<script type="text/javascript" src="./view/js/checkform.js"></script>
<article>
<form action="?p=attempt_register" method="post">
Username: <input type="text" name="name" id="name" onkeyup="checkInputs()"><br>
E-mail: <input type="text" name="email" id="email" onkeyup="checkInputs()"><br>
Password: <input type="password" name="pass" id="pass" onkeyup="checkInputs()"><br>
Verify Password: <input type="password" name="pass2" id="pass2" onkeyup="checkInputs()"><br>
<input type="submit" id="submitButton" disabled>
</form>
<div id="jsSignupAlert"></div>
</article>

7
dev_mvc/view/pagecontent/header/content_header_signedin.php Normal file
View File

@ -0,0 +1,7 @@
<?php
include_once("./controller/AssetHandler.php");
AssetHandler::printAsset("logo.png", true, 128);
?>
<nav>
<a href="?p=attempt_logout">log out</a> <a href="?p=">home</a> <a href="?p=destroy">simulate $_SESSION expiry</a>
</nav>

7
dev_mvc/view/pagecontent/header/content_header_signedout.php Normal file
View File

@ -0,0 +1,7 @@
<?php
include_once("./controller/AssetHandler.php");
AssetHandler::printAsset("logo.png", true, 128);
?>
<nav>
<a href="?p=login">log in</a> <a href="?p=register">register</a> <a href="?p=">home</a>
</nav>

3
dev_mvc/view/pagecontent/login/content_login_succesful.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>Successfully logged in!</h1>
</article>

3
dev_mvc/view/pagecontent/login/content_login_unsuccesful.php Normal file
View File

@ -0,0 +1,3 @@
<article>
<h1>UNEXPECTED LOGIN ERROR. OUR CODEMONKEYS DID SOMETHING VERY WRONG :(</h1>
</article>

4
globalvars.php Normal file
View File

@ -0,0 +1,4 @@
<?php
$sSiteTitle = "hPHPForum alpha 1.0";
$p = "";
?>