Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 082263b5

Přidáno uživatelem Tomáš Pašek před více než 3 roky(ů)

  • ID 082263b55937497c73975ffb5b4f58edd4e9ec8a
  • Rodič a4c65df6

Feature #8522 Login a bezpečnost webové aplikace
Feature #8523 Tvorba uživatele

Zobrazit rozdíly:

application/controller/DeleteUserController.php
1 
<?php
2 
require "../model/DB.php";
3 

  		




  
  4
  
    
$DB = new DB();


  		




  
  5
  
    

  		




  
  6
  
    
$result = $DB->deleteUser($_POST['userId']);


  		












  

    
      application/controller/LoginController.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
require "../model/DB.php";


  		




  
  3
  
    
session_start();


  		




  
  4
  
    
$DB = new DB();


  		




  
  5
  
    
var_dump($_POST);


  		




  
  6
  
    
$result = $DB->getUser($_POST['username']);


  		




  
  7
  
    

  		




  
  8
  
    
if (count($result) == 1) {


  		




  
  9
  
    
    $user = $result[0];


  		




  
  10
  
    
    if (password_verify($_POST['password'], $user['password'])) {


  		




  
  11
  
    
        session_regenerate_id();


  		




  
  12
  
    
        $_SESSION['loggedIn'] = true;


  		




  
  13
  
    
        $_SESSION['username'] = $_POST['username'];


  		




  
  14
  
    
        $_SESSION['id'] = $user['id'];


  		




  
  15
  
    
        $_SESSION['role'] = $user['role'];


  		




  
  16
  
    
    } else {


  		




  
  17
  
    
        // Incorrect password


  		




  
  18
  
    
        echo 'Incorrect username and/or password!';


  		




  
  19
  
    
    }


  		




  
  20
  
    
} else {


  		




  
  21
  
    
    // Incorrect username


  		




  
  22
  
    
    echo 'Incorrect username and/or password!';


  		




  
  23
  
    
}


  		




  
  24
  
    

  		




  
  25
  
    

  		












  

    
      application/controller/LogoutController.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
session_start();


  		




  
  3
  
    
session_destroy();


  		












  

    
      application/controller/RegistrationController.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
require "../model/DB.php";


  		




  
  3
  
    
$DB = new DB();


  		




  
  4
  
    

  		




  
  5
  
    
$result = $DB->createUser($_POST);


  		












  

    
      application/controller/UpdateUserRoleController.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
require "../model/DB.php";


  		




  
  3
  
    

  		




  
  4
  
    
if ($_SESSION['role'] == "ADMIN") {


  		




  
  5
  
    
    $DB = new DB();


  		




  
  6
  
    

  		




  
  7
  
    
    $results = $DB->updateUserRole($_POST["userId"], $_POST["role"]);


  		




  
  8
  
    

  		




  
  9
  
    
    echo json_encode(count($results) == 0 ? null : $results);


  		




  
  10
  
    
}


  		












  

    
      application/controller/UsersListController.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
require "../model/DB.php";


  		




  
  3
  
    

  		




  
  4
  
    
if ($_SESSION['role'] == "ADMIN") {


  		




  
  5
  
    
    $DB = new DB();


  		




  
  6
  
    

  		




  
  7
  
    
    $results = $DB->select("SELECT id, username, role from USERS", array());


  		




  
  8
  
    

  		




  
  9
  
    
    echo json_encode(count($results) == 0 ? null : $results);


  		




  
  10
  
    
}


  		












  

    
      application/index.php
    
  





  
  1
  
    
<?php


  		




  
  2
  
    
session_start();


  		




  
  3
  
    
?>


  		




  
  4
  
    

  		




  1
  5
  
    
<!doctype html>


  		




  2
  6
  
    

  		




  3
  7
  
    
<html >


  		




  ......




  30
  34
  
    
    </div>


  		




  31
  35
  
    
    <?php include "./view/footer.html" ?>


  		




  32
  36
  
    
</div>


  		




  33
  
  
    

  		




  
  37
  
    
<!--TODO logování upravit, zde pouze příklad -->


  		




  34
  38
  
    
<?php include "./view/modals/loginModal.html" ?>


  		




  
  39
  
    
<?php if(isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == true) {?>


  		




  
  40
  
    
<h1>LOGGEDIN!!!!!!!!!</h1>


  		




  
  41
  
    
    <button type="button" class="btn btn-default" data-dismiss="modal" onclick="logout()">Odhlásit se</button>


  		




  
  42
  
    
<?php }?>


  		




  35
  43
  
    
</body>


  		




  36
  44
  
    
</html>


  		




  
  45
  
    

  		




  
  46
  
    
<script>


  		




  
  47
  
    
    function logout () {


  		




  
  48
  
    
        var data = new FormData();


  		




  
  49
  
    
        var xhr = new XMLHttpRequest();


  		




  
  50
  
    
        xhr.open("POST", "controller/LogoutController.php");


  		




  
  51
  
    
        xhr.onload = function(){


  		




  
  52
  
    
            let search = JSON.parse(this.response);


  		




  
  53
  
    
            console.log(search);


  		




  
  54
  
    
        };


  		




  
  55
  
    
        xhr.send(data);


  		




  
  56
  
    
        return false;


  		




  
  57
  
    
    }


  		




  
  58
  
    

  		




  
  59
  
    
</script>


  		












  

    
      application/model/DB.php
    
  





  65
  65
  
    
        }


  		




  66
  66
  
    
    }


  		




  67
  67
  
    

  		




  
  68
  
    
    function getUser($username) {


  		




  
  69
  
    
        $this->stmt = $this->pdo->prepare('SELECT id, username, password, role FROM users WHERE username = :username');


  		




  
  70
  
    
        $this->stmt->bindParam(':username', $username);


  		




  
  71
  
    
        $this->stmt->execute();


  		




  
  72
  
    
        return $this->stmt->fetchAll();


  		




  
  73
  
    
    }


  		




  
  74
  
    

  		




  
  75
  
    
    function createUser($userDetails) {


  		




  
  76
  
    
        $this->stmt = $this->pdo->prepare('INSERT INTO users (username, password, role) VALUES (:username, :password, :role)');


  		




  
  77
  
    
        $password = password_hash($userDetails['username'], PASSWORD_DEFAULT);


  		




  
  78
  
    
        $this->stmt->bindParam(':username', $userDetails['username']);


  		




  
  79
  
    
        $this->stmt->bindParam(':password',$password);


  		




  
  80
  
    
        $this->stmt->bindParam(':role',$userDetails['role']);


  		




  
  81
  
    
        $this->stmt->execute();


  		




  
  82
  
    
        return $this->stmt->fetchAll();


  		




  
  83
  
    
    }


  		




  
  84
  
    

  		




  
  85
  
    
    function updateUserRole($userId, $role) {


  		




  
  86
  
    
        $this->stmt = $this->pdo->prepare("UPDATE users SET role = :role WHERE id = :userId");


  		




  
  87
  
    
        $this->stmt->bindParam(':role', $role);


  		




  
  88
  
    
        $this->stmt->bindParam(':userId',$userId);


  		




  
  89
  
    
        $this->stmt->execute();


  		




  
  90
  
    
        return $this->stmt->fetchAll();


  		




  
  91
  
    
    }


  		




  
  92
  
    

  		




  
  93
  
    
    function deleteUser($userId) {


  		




  
  94
  
    
        $this->stmt = $this->pdo->prepare("DELETE from users WHERE id = :userId");


  		




  
  95
  
    
        $this->stmt->bindParam(':userId',$userId);


  		




  
  96
  
    
        $this->stmt->execute();


  		




  
  97
  
    
        return $this->stmt->fetchAll();


  		




  
  98
  
    
    }


  		




  
  99
  
    

  		




  
  100
  
    

  		




  
  101
  
    

  		




  68
  102
  
    
function update(){


  		




  69
  103
  
    

  		




  70
  104
  
    
    // ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| Tabulka dd_wordform |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||


  		




  ......




  297
  331
  
    

  		




  298
  332
  
    
// (D) DATABASE SETTINGS - CHANGE TO YOUR OWN!


  		




  299
  333
  
    
define('DB_HOST', 'localhost');


  		




  300
  
  
    
define('DB_NAME', 'dalimil1');


  		




  
  334
  
    
define('DB_NAME', 'dalimil2');


  		




  301
  335
  
    
define('DB_CHARSET', 'utf8');


  		




  302
  336
  
    
define('DB_USER', 'postgres');


  		




  303
  337
  
    
define('DB_PASSWORD', 'a');


  		












  

    
      application/view/modals/loginModal.html
    
  





  26
  26
  
    
                </div>


  		




  27
  27
  
    
            </div>


  		




  28
  28
  
    
            <div class="modal-footer">


  		




  29
  
  
    
                <button type="button" class="btn btn-default" data-dismiss="modal">Přihlásit se</button>


  		




  
  29
  
    
                <button type="button" class="btn btn-default" data-dismiss="modal" onclick="login()">Přihlásit se</button>


  		




  30
  30
  
    
                <button type="button" class="btn btn-default" data-dismiss="modal">Zavřít</button>


  		




  31
  31
  
    
            </div>


  		




  32
  32
  
    
        </div>


  		




  33
  33
  
    
    </div>


  		




  34
  
  
    
</div>


  		




  
  34
  
    
</div>


  		




  
  35
  
    

  		




  
  36
  
    
<script>


  		




  
  37
  
    
    function login () {


  		




  
  38
  
    
        var data = new FormData();


  		




  
  39
  
    
        data.append("username", document.getElementById('nick').value);


  		




  
  40
  
    
        data.append("password", document.getElementById('password').value);


  		




  
  41
  
    
        var xhr = new XMLHttpRequest();


  		




  
  42
  
    
        xhr.open("POST", "controller/LoginController.php");


  		




  
  43
  
    
        xhr.onload = function(){


  		




  
  44
  
    
            let search = JSON.parse(this.response);


  		




  
  45
  
    
            console.log(search);


  		




  
  46
  
    
        };


  		




  
  47
  
    
        xhr.send(data);


  		




  
  48
  
    
        return false;


  		




  
  49
  
    
    }


  		




  
  50
  
    

  		




  
  51
  
    
</script>


  		












  

    
      dbUsersUpgrade/users.txt
    
  





  
  1
  
    
--


  		




  
  2
  
    
-- PostgreSQL database dump


  		




  
  3
  
    
--


  		




  
  4
  
    

  		




  
  5
  
    
-- Dumped from database version 10.16


  		




  
  6
  
    
-- Dumped by pg_dump version 10.16


  		




  
  7
  
    

  		




  
  8
  
    
-- Started on 2021-04-10 22:53:56


  		




  
  9
  
    

  		




  
  10
  
    
SET statement_timeout = 0;


  		




  
  11
  
    
SET lock_timeout = 0;


  		




  
  12
  
    
SET idle_in_transaction_session_timeout = 0;


  		




  
  13
  
    
SET client_encoding = 'UTF8';


  		




  
  14
  
    
SET standard_conforming_strings = on;


  		




  
  15
  
    
SELECT pg_catalog.set_config('search_path', '', false);


  		




  
  16
  
    
SET check_function_bodies = false;


  		




  
  17
  
    
SET xmloption = content;


  		




  
  18
  
    
SET client_min_messages = warning;


  		




  
  19
  
    
SET row_security = off;


  		




  
  20
  
    

  		




  
  21
  
    
SET default_tablespace = '';


  		




  
  22
  
    

  		




  
  23
  
    
SET default_with_oids = false;


  		




  
  24
  
    

  		




  
  25
  
    
--


  		




  
  26
  
    
-- TOC entry 203 (class 1259 OID 16487)


  		




  
  27
  
    
-- Name: users; Type: TABLE; Schema: public; Owner: postgres


  		




  
  28
  
    
--


  		




  
  29
  
    

  		




  
  30
  
    
CREATE TABLE public.users (


  		




  
  31
  
    
    id integer NOT NULL,


  		




  
  32
  
    
    password character varying(100) NOT NULL,


  		




  
  33
  
    
    username character varying NOT NULL,


  		




  
  34
  
    
    role character varying NOT NULL


  		




  
  35
  
    
);


  		




  
  36
  
    

  		




  
  37
  
    

  		




  
  38
  
    
ALTER TABLE public.users OWNER TO postgres;


  		




  
  39
  
    

  		




  
  40
  
    
--


  		




  
  41
  
    
-- TOC entry 204 (class 1259 OID 16497)


  		




  
  42
  
    
-- Name: users_id_seq; Type: SEQUENCE; Schema: public; Owner: postgres


  		




  
  43
  
    
--


  		




  
  44
  
    

  		




  
  45
  
    
ALTER TABLE public.users ALTER COLUMN id ADD GENERATED ALWAYS AS IDENTITY (


  		




  
  46
  
    
    SEQUENCE NAME public.users_id_seq


  		




  
  47
  
    
    START WITH 1


  		




  
  48
  
    
    INCREMENT BY 1


  		




  
  49
  
    
    NO MINVALUE


  		




  
  50
  
    
    NO MAXVALUE


  		




  
  51
  
    
    CACHE 1


  		




  
  52
  
    
);


  		




  
  53
  
    

  		




  
  54
  
    

  		




  
  55
  
    
--


  		




  
  56
  
    
-- TOC entry 2814 (class 0 OID 16487)


  		




  
  57
  
    
-- Dependencies: 203


  		




  
  58
  
    
-- Data for Name: users; Type: TABLE DATA; Schema: public; Owner: postgres


  		




  
  59
  
    
--


  		




  
  60
  
    

  		




  
  61
  
    
COPY public.users (id, password, username, role) FROM stdin;


  		




  
  62
  
    
4	$2y$10$liQbaSxcPykR4516JVQ/G.pDYu0niSOF7q/IhJlOrUqXsHwIwp/p2	admin	editor


  		




  
  63
  
    
\.


  		




  
  64
  
    

  		




  
  65
  
    

  		




  
  66
  
    
--


  		




  
  67
  
    
-- TOC entry 2821 (class 0 OID 0)


  		




  
  68
  
    
-- Dependencies: 204


  		




  
  69
  
    
-- Name: users_id_seq; Type: SEQUENCE SET; Schema: public; Owner: postgres


  		




  
  70
  
    
--


  		




  
  71
  
    

  		




  
  72
  
    
SELECT pg_catalog.setval('public.users_id_seq', 4, true);


  		




  
  73
  
    

  		




  
  74
  
    

  		




  
  75
  
    
--


  		




  
  76
  
    
-- TOC entry 2690 (class 2606 OID 16496)


  		




  
  77
  
    
-- Name: users username_unique; Type: CONSTRAINT; Schema: public; Owner: postgres


  		




  
  78
  
    
--


  		




  
  79
  
    

  		




  
  80
  
    
ALTER TABLE ONLY public.users


  		




  
  81
  
    
    ADD CONSTRAINT username_unique UNIQUE (username);


  		




  
  82
  
    

  		




  
  83
  
    

  		




  
  84
  
    
--


  		




  
  85
  
    
-- TOC entry 2692 (class 2606 OID 16491)


  		




  
  86
  
    
-- Name: users users_pkey; Type: CONSTRAINT; Schema: public; Owner: postgres


  		




  
  87
  
    
--


  		




  
  88
  
    

  		




  
  89
  
    
ALTER TABLE ONLY public.users


  		




  
  90
  
    
    ADD CONSTRAINT users_pkey PRIMARY KEY (id);


  		




  
  91
  
    

  		




  
  92
  
    

  		




  
  93
  
    
-- Completed on 2021-04-10 22:53:56


  		




  
  94
  
    

  		




  
  95
  
    
--


  		




  
  96
  
    
-- PostgreSQL database dump complete


  		




  
  97
  
    
--


  		




  
  98
  
    

  		












Také k dispozici:  Unified diff