FILEUP

LOG | FILES | OVERVIEW 

F diff --git a/README b/README
new file mode 100644
--- /dev/null
+++ b/README

+ FILEUP

+ 

+ 

+ 

+ for this to work you need to have mysql. Create a database and a user for this service then 

+ modify php/configure.php as needed. Create tables described in sql/fileshare.sql

F diff --git a/css/style.css b/css/style.css
--- a/css/style.css
+++ b/css/style.css

  	box-shadow: 0 0.2rem 0.6rem #eee;

  	background: #231179;

  	color: white;

+ 	outline: none;

  }

  

  input:focus,

F diff --git a/index.html b/index.html
new file mode 100644
--- /dev/null
+++ b/index.html

+ <!DOCTYPE html>

+ <html>

+ 	<head>

+ 		<meta charset="utf-8">

+ 		<title>shady file upload</title>

+ 		<link rel="stylesheet" type="text/css" href="css/style.css">

+ 	</head>

+ 

+ 	<body>

+ 		<div class="overlay" style="height: 100%;">

+ 			<div class="vert2">

+ 				<div id="header">

+ 					<p class="logo">shady_file_upload</p>

+ 				</div>

+ 

+ 				<div id="page">

+ 					<div id="hero" class="overlay">

+ 						<div id="arrows">

+ 							<img src="svg/arrow.svg" id="protoarrow" style="display: none">

+ 						</div>

+ 

+ 						<div class="vcenter">

+ 							<p>file upload service</p>

+ 							<p class="big">that <span class="blue">just about works</span></p>

+ 							<p>most of the time</p>

+ 						</div>

+ 					</div>

+ 

+ 					<div class="vcenter">

+ 						<form name="hero_form" action="/php/register.php" method="post" onsubmit="return validate_hero_form()">

+ 							<h2>Get started</h2>

+ 							<div class="content">

+ 								<p>Username</p>

+ 								<input type="text" id="username" name="username">

+ 								<p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p>

+ 

+ 								<p>Email address</p> 

+ 								<input type="text" id="email" name="email">

+ 								<p id="email-error" class="hero_form_error" hidden>Invalid email address</p>

+ 

+ 								<p>Password</p>

+ 								<input type="password" id="password" name="password">

+ 								<p id="password-length-error" class="hero_form_error" hidden>Please provide a password</p>

+ 

+ 								<p>Repeat Password</p>

+ 								<input type="password" id="password2" name="password2">

+ 								<p id="password-match-error" class="hero_form_error" hidden>Passwords didn't match</p>

+ 								<input type="submit" value="Sign up">

+ 								<p style="font-size: 1.1em;">Don't have an account? <a href="login.html">Log in</a>

+ 							</div>

+ 						</form>

+ 					</div>

+ 

+ 

+ 				</div>

+ 			</div>

+ 

+ 			<img src="svg/bottom.svg" class="bgbottom">

+ 		</div>

+ 

+ 		<script src="js/arrows.js"></script>

+ 		<script src="js/validate_hero.js"></script>

+ 

+ 	</body>

+ 	<html>

F diff --git a/index.php b/index.php
deleted file mode 100644
--- a/index.php
+++ /dev/null

- <!DOCTYPE html>

- <html>

- 	<head>

- 		<meta charset="utf-8">

- 		<title>shady file upload</title>

- 		<link rel="stylesheet" type="text/css" href="css/style.css">

- 	</head>

- 

- 	<body>

- 		<div class="overlay" style="height: 100%;">

- 			<div class="vert2">

- 				<div id="header">

- 					<p class="logo">shady_file_upload</p>

- 				</div>

- 

- 				<div id="page">

- 					<div id="hero" class="overlay">

- 						<div id="arrows">

- 							<img src="svg/arrow.svg" id="protoarrow" style="display: none">

- 						</div>

- 

- 						<div class="vcenter">

- 							<p>file upload service</p>

- 							<p class="big">that <span class="blue">just about works</span></p>

- 							<p>most of the time</p>

- 						</div>

- 					</div>

- 

- 					<div class="vcenter">

- 						<form name="hero_form" action="/register.php" method="post" onsubmit="return validate_hero_form()">

- 							<h2>Get started</h2>

- 							<div class="content">

- 								<p>Username</p>

- 								<input type="text" id="username" name="username">

- 								<p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p>

- 

- 								<p>Email address</p> 

- 								<input type="text" id="email" name="email">

- 								<p id="email-error" class="hero_form_error" hidden>Invalid email address</p>

- 

- 								<p>Password</p>

- 								<input type="password" id="password" name="password">

- 

- 								<p>Repeat Password</p>

- 								<input type="password" id="password2" name="password2">

- 								<p id="password-error" class="hero_form_error" hidden>Passwords didn't match</p>

- 								<input type="submit" value="Sign up">

- 								<p style="font-size: 1.1em;">Already have an account? <a href="login.html">Sign in</a>

- 							</div>

- 						</form>

- 					</div>

- 

- 

- 				</div>

- 			</div>

- 

- 			<img src="svg/bottom.svg" class="bgbottom">

- 		</div>

- 

- 		<script src="js/arrows.js"></script>

- 		<script src="js/validate_hero.js"></script>

- 

- 	</body>

- 	<html>

F diff --git a/js/arrows.js b/js/arrows.js
--- a/js/arrows.js
+++ b/js/arrows.js

  	setTimeout(make_arrow, delay);

  	setTimeout(() => {

  		svg.remove();

- 		arrows.remove(ob);

+ 		arrows.shift();

  	}, lifetime);

  }

  

F diff --git a/js/validate_hero.js b/js/validate_hero.js
--- a/js/validate_hero.js
+++ b/js/validate_hero.js

  		errors[i].hidden = true;

  	}

  }

+ function validate_hero_login_form()

+ {

+ 			var username=document.forms["hero_form"]["username"].value;

+ 			var flag=true;

+ 			clear_hero_errors();

+ 

+ 			if(username.length==0)

+ 			{

+ 				document.getElementById("username-length-error").hidden=false;

+ 				flag=false;

+ 			}

+ 			document.activeElement.blur();

+ 			return flag;

+ }

  function validate_hero_form()

  {

  			var username=document.forms["hero_form"]["username"].value;

  				document.getElementById("email-error").hidden=false;

  				flag=false;

  			}

- 			if(password !== password2)

+ 			if(password.length==0)

  			{

- 				document.getElementById("password-error").hidden=false;

+ 				document.getElementById("password-length-error").hidden=false;

  				flag=false;

  			}

- 

- 			if(flag)

+ 			if(password !== password2)

  			{

- 				document.getElementById("success").hidden=false;

+ 				document.getElementById("password-match-error").hidden=false;

+ 				flag=false;

  			}

+ 			document.activeElement.blur();

  			return flag;

  

  }

F diff --git a/login.html b/login.html
new file mode 100644
--- /dev/null
+++ b/login.html

+ <!DOCTYPE html>

+ <html>

+ 	<head>

+ 		<meta charset="utf-8">

+ 		<title>shady file upload</title>

+ 		<link rel="stylesheet" type="text/css" href="css/style.css">

+ 	</head>

+ 

+ 	<body>

+ 		<div class="overlay" style="height: 100%;">

+ 			<div class="vert2">

+ 				<div id="header">

+ 					<p class="logo">shady_file_upload</p>

+ 				</div>

+ 

+ 				<div id="page">

+ 					<div id="hero" class="overlay">

+ 						<div id="arrows">

+ 							<img src="svg/arrow.svg" id="protoarrow" style="display: none">

+ 						</div>

+ 

+ 						<div class="vcenter">

+ 							<p>file upload service</p>

+ 							<p class="big">that <span class="blue">just about works</span></p>

+ 							<p>most of the time</p>

+ 						</div>

+ 					</div>

+ 

+ 					<div class="vcenter">

+ 						<form name="hero_form" action="/php/login.php" method="post" onsubmit="return validate_hero_login_form()">

+ 							<h2>Login</h2>

+ 							<div class="content">

+ 								<p>Username</p>

+ 								<input type="text" id="username" name="username">

+ 								<p id="username-length-error" class="hero_form_error" hidden>Please enter a username</p>

+ 								<p>Password</p>

+ 								<input type="password" id="password" name="password">

+ 								<input type="submit" value="Login">

+ 								<p style="font-size: 1.1em;">Already have an account? <a href="index.html">Sign up</a>

+ 							</div>

+ 						</form>

+ 					</div>

+ 

+ 

+ 				</div>

+ 			</div>

+ 

+ 			<img src="svg/bottom.svg" class="bgbottom">

+ 		</div>

+ 

+ 		<script src="js/arrows.js"></script>

+ 		<script src="js/validate_hero.js"></script>

+ 

+ 	</body>

+ 	<html>

F diff --git a/php/database.php b/php/database.php
--- a/php/database.php
+++ b/php/database.php

  			}

  		}

  

- 		/*returns false if this isn't a user, otherwise returns the userid*/

+ 		/*returns false if this isn't a user, otherwise returns the user*/

  		function get_user(string $user) 

  		{

  			$ret=new User;

  		function authenticate(string $user, string $password) 

  		{

  			$ret=new User;

- 			global $password_hash_algo;

- 			

- 

  

- 			$hashed_pass=password_hash($password,$password_hash_algo);

- 			$prep=$this->pdo->prepare("select user_id,username,email from users where username=:username and password=:password");

+ 			$prep=$this->pdo->prepare("select user_id,username,email,password from users where username=:username");

  			$prep->bindParam(':username',$user);

- 			$prep->bindParam(':password',$hashed_pass);

- 

  			$prep->execute();

  

  			$hold=$prep->fetch(PDO::FETCH_ASSOC);

+ 

  			if($hold)

  			{

- 				$ret->user_id=hold["user_id"];

- 				$ret->username=hold["username"];

- 				$ret->email_address["email"];

- 				return $ret;

+ 				if(password_verify($password,$hold["password"]))

+ 				{

+ 					$ret->user_id=$hold["user_id"];

+ 					$ret->username=$hold["username"];

+ 					$ret->email_address=$hold["email"];

+ 					return $ret;

+ 				}else

+ 				{

+ 					return false;

+ 				}

  			}else

  			{

  				return false;

F diff --git a/php/login.php b/php/login.php
new file mode 100644
--- /dev/null
+++ b/php/login.php

+ <?php

+ require_once "user.php";

+ require_once "database.php";

+ require_once "misc.php";

+ 

+ $username=$_POST["username"];

+ $password=$_POST["password"];

+ /*server side verification*/

+ if(gettype($username)!="string" || gettype($password)!="string")

+ {

+ 	die("You didn't specify the pass or the username");

+ }

+ 

+ $database=new Database();

+ $user=$database->authenticate($username,$password);

+ if(!$user)

+ {

+ 	die("Password or username is incorrect");

+ }

+ 

+ echo "Username: {$user->username}\n";

+ echo "Email: {$user->email_address}";

+ 

+ 

+ ?>

F diff --git a/php/register.php b/php/register.php
new file mode 100644
--- /dev/null
+++ b/php/register.php

+ <?php

+ require_once "database.php";

+ require_once "misc.php";

+ require_once "configuration.php";

+ 

+ $username=$_POST["username"];

+ $password=$_POST["password"];

+ $password2=$_POST["password2"];

+ $email=$_POST["email"];

+ 

+ /*check if we are given shady credentials*/

+ if(!validate_credentials($username,$email,$password,$password2))

+ {

+ 	error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");

+ 	die();

+ }

+ $database= new Database;

+ 

+ if($database->register_user($username,$password,$email))

+ {

+ 	echo "registered";

+ }else

+ {

+ 	echo "didn't register";

+ }

+ 

+ ?>

F diff --git a/register.php b/register.php
deleted file mode 100644
--- a/register.php
+++ /dev/null

- <?php

- require_once "php/database.php";

- require_once "php/misc.php";

- require_once "php/configuration.php";

- 

- $username=$_POST["username"];

- $password=$_POST["password"];

- $password2=$_POST["password2"];

- $email=$_POST["email"];

- 

- /*check if we are given shady credentials*/

- if(!validate_credentials($username,$email,$password,$password2))

- {

- 	error_log("Invalid registration that has probbably bypassed client side verification. This could be an attack!");

- 	die();

- }

- $database= new Database;

- 

- if($database->register_user($username,$password,$email))

- {

- 	echo "registered";

- }else

- {

- 	echo "didn't register";

- }

- 

- ?>