F diff --git a/index.php b/index.php --- a/index.php +++ b/index.php<html><head><meta charset="utf-8">- <title>shady file upload</title> <link rel="stylesheet" type="text/css" href="css/style.css"> </head>+ <title>shady file upload</title> <link rel="stylesheet" type="text/css" href="css/style.css">+ </head><body><div class="overlay" style="height: 100%;"></div><div id="page">- <div id="hero" class="overlay">- <div id="arrows">- <img src="svg/arrow.svg" id="protoarrow" style="display: none">- </div>- <div class="vcenter">- <p>file upload service</p>- <p class="big">that <span class="blue">just about works</span></p>- <p>most of the time</p>- </div>- </div>- <div class="vcenter" id="signupform">- <form name="register_form" action="/php/register.php" method="post" onsubmit="return validate_hero_form()">- <h2>Get started</h2>- <div class="content">- <p>Username</p>- <input type="text" id="username" name="username">- <p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p>+ <?php+ session_start();+ if (array_key_exists("username", $_SESSION)) {+ echo "Welcome, $_SESSION[username]";+ ?>- <p>Email address</p>- <input type="text" id="email" name="email">- <p id="email-error" class="hero_form_error" hidden>Invalid email address</p>-- <p>Password</p>- <input type="password" id="password" name="password">- <p id="password-length-error" class="hero_form_error" hidden>Please provide a password</p>-- <p>Repeat Password</p>- <input type="password" id="password2" name="password2">- <p id="password-match-error" class="hero_form_error" hidden>Passwords didn't match</p>- <input type="submit" value="Sign up">- <p style="font-size: 1.1em;">Already have an account? <a href="#" onclick="showLogin(true)">Log in</a>- </div>- </form>- </div>-- <div class="vcenter" id="loginform">- <form name="login_form" action="/php/login.php" method="post" onsubmit="return validate_hero_login_form()">- <h2>Login</h2>- <div class="content">- <p>Username</p>- <input type="text" id="username" name="username">- <p id="username-length-error" class="hero_form_error" hidden>Please enter a username</p>- <p>Password</p>- <input type="password" id="password" name="password">- <input type="submit" value="Login">- <p style="font-size: 1.1em;">Don't have an account? <a href="#" onclick="showLogin(false)">Sign up</a>- </div>- </form>- </div>+ <a href="/php/logout.php">Log out</a>+ <?php+ }+ else {+ require_once("loginregister.html");+ }+ ?></div></div>-<img src="svg/bottom.svg" class="bgbottom"></div>-<script src="main.js"></script>-</body>- <html>+ <html>F diff --git a/loginregister.html b/loginregister.html new file mode 100644 --- /dev/null +++ b/loginregister.html+ <div id="hero" class="overlay">+ <div id="arrows">+ <img src="svg/arrow.svg" id="protoarrow" style="display: none">+ </div>++ <div class="vcenter">+ <p>file upload service</p>+ <p class="big">that <span class="blue">just about works</span></p>+ <p>most of the time</p>+ </div>+ </div>++ <div class="vcenter" id="signupform">+ <form name="register_form" action="/php/register.php" method="post" onsubmit="return validate_hero_form()">+ <h2>Get started</h2>+ <div class="content">+ <p>Username</p>+ <input type="text" id="username" name="username">+ <p id="username-length-error" class="hero_form_error" hidden>Please specify a username</p>++ <p>Email address</p>+ <input type="text" id="email" name="email">+ <p id="email-error" class="hero_form_error" hidden>Invalid email address</p>++ <p>Password</p>+ <input type="password" id="password" name="password">+ <p id="password-length-error" class="hero_form_error" hidden>Please provide a password</p>++ <p>Repeat Password</p>+ <input type="password" id="password2" name="password2">+ <p id="password-match-error" class="hero_form_error" hidden>Passwords didn't match</p>+ <input type="submit" value="Sign up">+ <p style="font-size: 1.1em;">Already have an account? <a href="#" onclick="showLogin(true)">Log in</a>+ </div>+ </form>+ </div>++ <div class="vcenter" id="loginform">+ <form name="login_form" action="/php/login.php" method="post" onsubmit="return validate_hero_login_form()">+ <h2>Login</h2>+ <div class="content">+ <p>Username</p>+ <input type="text" id="username" name="username">+ <p id="username-length-error" class="hero_form_error" hidden>Please enter a username</p>+ <p>Password</p>+ <input type="password" id="password" name="password">+ <input type="submit" value="Login">+ <p style="font-size: 1.1em;">Don't have an account? <a href="#" onclick="showLogin(false)">Sign up</a>+ </div>+ </form>+ </div>++F diff --git a/php/login.php b/php/login.php --- a/php/login.php +++ b/php/login.phprequire_once "database.php";require_once "misc.php";+ session_start();+$username=$_POST["username"];$password=$_POST["password"];/*server side verification*/die("Password or username is incorrect");}- echo "Username: {$user->username}\n";- echo "Email: {$user->email_address}";-+ $_SESSION['username'] = $user->username;+ header('Location: /');?>F diff --git a/php/logout.php b/php/logout.php new file mode 100644 --- /dev/null +++ b/php/logout.php+ <?php+ // TODO+ // This is dangerous and stupid+ // Right now every webpage can redirect any of its users to http://shady.upload/logout+ // which will log the user out of our webpage++ session_start();+ unset($_SESSION['username']);+ header('Location: /');+ ?>F diff --git a/php/register.php b/php/register.php --- a/php/register.php +++ b/php/register.phpecho "didn't register";}++ $_SESSION['username'] = $username;+ header('Location: /');+?>