forked from root/threadr.lostcave.ddnss.de
removed testme.php
parent
30e779214f
commit
28f7b92ad3
|
|
@ -1,67 +0,0 @@
|
||||||
<?php
|
|
||||||
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
|
|
||||||
|
|
||||||
function generate_salt($input, $strength = 5) {
|
|
||||||
$input_length = strlen($input);
|
|
||||||
$random_string = '';
|
|
||||||
for($i = 0; $i < $strength; $i++) {
|
|
||||||
$random_character = $input[random_int(0, $input_length - 1)];
|
|
||||||
$random_string .= $random_character;
|
|
||||||
}
|
|
||||||
return $random_string;
|
|
||||||
}
|
|
||||||
|
|
||||||
$random_salt = generate_salt($permitted_chars);
|
|
||||||
$password_hash_method = "sha256";
|
|
||||||
|
|
||||||
$pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
|
|
||||||
$query = "SELECT id, name, authentication_algorithm FROM users;";
|
|
||||||
|
|
||||||
if (isset($_GET['action'])) {
|
|
||||||
if ($_GET['action']=='add') {
|
|
||||||
$error = false;
|
|
||||||
$error_message = "";
|
|
||||||
if ($_POST['name']=='' || $_POST['password']=='' || $_POST['password_confirmation']=='') {
|
|
||||||
$error = true;
|
|
||||||
$error_message = "<p>Error: Not all values populated.</p>";
|
|
||||||
}
|
|
||||||
if ($_POST['password'] != $_POST['password_confirmation']) {
|
|
||||||
$error = true;
|
|
||||||
$error_message = "<p>Error: Password confirmation does not match password.</p>";
|
|
||||||
}
|
|
||||||
if (!$error) {
|
|
||||||
$statement = $pdo->prepare('INSERT INTO users (name, authentication_string, authentication_salt, authentication_algorithm) VALUES (:name, :authentication_string, :authentication_salt, :authentication_algorithm)');
|
|
||||||
$result = $statement->execute(array('name' => $_POST['name'], 'authentication_string' => hash($password_hash_method, $_POST['password'] . $random_salt), 'authentication_salt' => $random_salt, 'authentication_algorithm' => $password_hash_method));
|
|
||||||
if (!$result) {
|
|
||||||
$error_message = "<p>Error: SQL error.</p><pre>" . $statement->queryString . "</pre><pre>" . $statement->errorInfo()[2] . "</pre>";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
<!DOCTYPE html>
|
|
||||||
<html>
|
|
||||||
<head>
|
|
||||||
<title> LostCave Admin Page </title>
|
|
||||||
<meta charset="utf-8" />
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<h1> Users </h1>
|
|
||||||
<table>
|
|
||||||
<tr><td>User ID</td><td>Name</td><td>Authentication algorithm</td></tr>
|
|
||||||
<?php
|
|
||||||
foreach ($pdo->query($query) as $row) {
|
|
||||||
echo "<tr><td>".$row['id']."</td><td>".$row['name']."</td><td>".$row['authentication_algorithm']."</td></tr>";
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</table>
|
|
||||||
<h1> Add user </h1>
|
|
||||||
<form action="?action=add" method="post">
|
|
||||||
<input type="text" maxlength="20" name="name" placeholder="Username" />
|
|
||||||
<input type="password" maxlength="256" name="password" placeholder="Password" />
|
|
||||||
<input type="password" maxlength="256" name="password_confirmation" placeholder="Repeat password" />
|
|
||||||
<input type="submit" value="Add" />
|
|
||||||
<?php echo $error_message; ?>
|
|
||||||
</form>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
Loading…
Reference in New Issue