Pocket-science/Labchain
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit of the Labchain OS software

Browse Source
This commit is contained in:
Norbert Schmidt
2021-12-20 09:55:27 +01:00
committed by GitHub
parent 10a270e506
commit 247b8dac6a
82 changed files with 115892 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
includes/error_log Normal file
View File

@@ -0,0 +1,63 @@
[27-Sep-2016 08:48:19 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:28) in /home/familieqwiek/public_html/includes/process_login.php on line 35
[27-Sep-2016 08:48:39 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:28) in /home/familieqwiek/public_html/includes/process_login.php on line 35
[27-Sep-2016 08:49:07 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:28) in /home/familieqwiek/public_html/includes/process_login.php on line 31
[19-Oct-2016 11:28:55 UTC] PHP Parse error: syntax error, unexpected '';' (T_CONSTANT_ENCAPSED_STRING), expecting ',' or ';' in /home/familieqwiek/public_html/includes/process_login.php on line 30
[19-Oct-2016 11:29:42 UTC] PHP Parse error: syntax error, unexpected '';' (T_CONSTANT_ENCAPSED_STRING), expecting ',' or ';' in /home/familieqwiek/public_html/includes/process_login.php on line 25
[19-Oct-2016 11:30:07 UTC] PHP Fatal error: Call to a member function fetch_assoc() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:30:23 UTC] PHP Fatal error: Call to a member function fetch_assoc() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:30:39 UTC] PHP Fatal error: Call to a member function fetch_assoc() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:31:07 UTC] PHP Fatal error: Call to a member function fetch_assoc() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:32:11 UTC] PHP Fatal error: Call to a member function fetch_assoc() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 11:33:49 UTC] PHP Warning: mysqli_query() expects at least 2 parameters, 1 given in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:33:49 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:19) in /home/familieqwiek/public_html/includes/process_login.php on line 28
[19-Oct-2016 11:34:13 UTC] PHP Warning: mysqli_query(): Empty query in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:34:13 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:19) in /home/familieqwiek/public_html/includes/process_login.php on line 28
[19-Oct-2016 11:34:34 UTC] PHP Warning: mysqli_query(): Empty query in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:34:34 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:19) in /home/familieqwiek/public_html/includes/process_login.php on line 29
[19-Oct-2016 11:35:20 UTC] PHP Warning: mysqli_query(): Empty query in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:35:20 UTC] PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 11:35:20 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:19) in /home/familieqwiek/public_html/includes/process_login.php on line 29
[19-Oct-2016 11:36:32 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:29) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:37:01 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:29) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:37:24 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:21) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:37:34 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:29) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:37:43 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:21) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:38:09 UTC] PHP Catchable fatal error: Object of class mysqli_result could not be converted to string in /home/familieqwiek/public_html/includes/process_login.php on line 21
[19-Oct-2016 11:38:21 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:21) in /home/familieqwiek/public_html/includes/process_login.php on line 37
[19-Oct-2016 11:38:59 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:29) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:41:06 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:30) in /home/familieqwiek/public_html/includes/process_login.php on line 35
[19-Oct-2016 11:42:02 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 36
[19-Oct-2016 11:42:19 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 36
[19-Oct-2016 11:43:11 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 36
[19-Oct-2016 11:43:58 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 36
[19-Oct-2016 11:45:10 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:45:34 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:12) in /home/familieqwiek/public_html/includes/process_login.php on line 35
[19-Oct-2016 11:51:43 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 21
[19-Oct-2016 11:52:06 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 11:53:42 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 11:54:11 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 11:55:45 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 19
[19-Oct-2016 11:57:09 UTC] PHP Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in /home/familieqwiek/public_html/includes/process_login.php on line 23
[19-Oct-2016 11:57:09 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:23) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:57:44 UTC] PHP Warning: mysqli_stmt::bind_result(): Number of bind variables doesn't match number of fields in prepared statement in /home/familieqwiek/public_html/includes/process_login.php on line 23
[19-Oct-2016 11:57:44 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:23) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:58:17 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:26) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:58:35 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:26) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 11:58:41 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:26) in /home/familieqwiek/public_html/includes/process_login.php on line 34
[19-Oct-2016 12:47:22 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:22) in /home/familieqwiek/public_html/includes/process_login.php on line 27
[19-Oct-2016 12:48:09 UTC] PHP Parse error: syntax error, unexpected '$stmt' (T_VARIABLE) in /home/familieqwiek/public_html/includes/process_login.php on line 17
[19-Oct-2016 12:48:28 UTC] PHP Catchable fatal error: Object of class mysqli_stmt could not be converted to string in /home/familieqwiek/public_html/includes/process_login.php on line 18
[19-Oct-2016 12:49:27 UTC] PHP Fatal error: Call to a member function bind_param() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 17
[19-Oct-2016 12:49:43 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:22) in /home/familieqwiek/public_html/includes/process_login.php on line 27
[19-Oct-2016 12:49:54 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:15) in /home/familieqwiek/public_html/includes/process_login.php on line 27
[19-Oct-2016 12:52:10 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:15) in /home/familieqwiek/public_html/includes/process_login.php on line 27
[19-Oct-2016 12:53:50 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:15) in /home/familieqwiek/public_html/includes/process_login.php on line 28
[19-Oct-2016 12:55:02 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:15) in /home/familieqwiek/public_html/includes/process_login.php on line 24
[19-Oct-2016 12:55:28 UTC] PHP Fatal error: Call to a member function fetch_object() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 16
[19-Oct-2016 12:55:53 UTC] PHP Fatal error: Call to a member function fetch_object() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 16
[19-Oct-2016 12:56:05 UTC] PHP Fatal error: Call to a member function fetch_object() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 16
[19-Oct-2016 12:56:34 UTC] PHP Fatal error: Call to a member function fetch_object() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 16
[19-Oct-2016 12:56:37 UTC] PHP Fatal error: Call to a member function fetch_object() on a non-object in /home/familieqwiek/public_html/includes/process_login.php on line 16
[19-Oct-2016 12:57:39 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:18) in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 12:57:49 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:18) in /home/familieqwiek/public_html/includes/process_login.php on line 20
[19-Oct-2016 12:57:52 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/familieqwiek/public_html/includes/process_login.php:18) in /home/familieqwiek/public_html/includes/process_login.php on line 20

7
includes/footer.php Normal file
View File

@@ -0,0 +1,7 @@
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<!-- Include all compiled plugins (below), or include individual files as needed -->
<script src="js/bootstrap.min.js"></script>
</body>
</html>

205
includes/functions.php Normal file
View File

@@ -0,0 +1,205 @@
<?php
include_once 'db_connect.php';
function sec_session_start() {
$session_name = 'sec_session_id'; // Set a custom session name
$secure = SECURE;
// This stops JavaScript being able to access the session id.
$httponly = true;
// Forces sessions to only use cookies.
if (ini_set('session.use_only_cookies', 1) === FALSE) {
header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
exit();
}
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
// Sets the session name to the one set above.
session_name($session_name);
session_start(); // Start the PHP session
session_regenerate_id(); // regenerated the session, delete the old one.
}
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, iszorginstelling, invitedby, naam, username, password, salt
FROM tbl_users
WHERE email = ? LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $iszorginstelling, $invitedby, $naam, $username, $db_password, $salt);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['naam'] = $naam;
$_SESSION['invitedby'] = $invitedby;
$_SESSION['iszorginstelling'] = $iszorginstelling;
$_SESSION['login_string'] = hash('sha512', $password . $user_browser);
// Login successful.
return true;
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
if (!$mysqli->query("INSERT INTO tbl_login_attempts(user_id, time)
VALUES ('$user_id', '$now')")) {
header("Location: ../error.php?err=Database error: login_attempts");
exit();
}
return false;
}
}
} else {
// No user exists.
return false;
}
} else {
// Could not create a prepared statement
header("Location: ../error.php?err=Database error: cannot prepare statement");
exit();
}
}
function checkbrute($user_id, $mysqli) {
// Get timestamp of current time
$now = time();
// All login attempts are counted from the past 2 hours.
$valid_attempts = $now - (2 * 60 * 60);
if ($stmt = $mysqli->prepare("SELECT time
FROM tbl_login_attempts
WHERE user_id = ? AND time > '$valid_attempts'")) {
$stmt->bind_param('i', $user_id);
// Execute the prepared query.
$stmt->execute();
$stmt->store_result();
// If there have been more than 5 failed logins
if ($stmt->num_rows > 5) {
return true;
} else {
return false;
}
} else {
// Could not create a prepared statement
header("Location: ../error.php?err=Database error: cannot prepare statement");
exit();
}
}
function login_check($mysqli) {
// Check if all session variables are set
if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
$user_id = $_SESSION['user_id'];
$login_string = $_SESSION['login_string'];
$username = $_SESSION['username'];
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
if ($stmt = $mysqli->prepare("SELECT password
FROM tbl_users
WHERE id = ? LIMIT 1")) {
// Bind "$user_id" to parameter.
$stmt->bind_param('i', $user_id);
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
if ($stmt->num_rows == 1) {
// If the user exists get variables from result.
$stmt->bind_result($password);
$stmt->fetch();
$login_check = hash('sha512', $password . $user_browser);
if ($login_check == $login_string) {
// Logged In!!!!
return true;
} else {
// Not logged in
return false;
}
} else {
// Not logged in
return false;
}
} else {
// Could not prepare statement
header("Location: ../error.php?err=Database error: cannot prepare statement");
exit();
}
} else {
// Not logged in
return false;
}
}
function esc_url($url) {
if ('' == $url) {
return $url;
}
$url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
$strip = array('%0d', '%0a', '%0D', '%0A');
$url = (string) $url;
$count = 1;
while ($count) {
$url = str_replace($strip, '', $url, $count);
}
$url = str_replace(';//', '://', $url);
$url = htmlentities($url);
$url = str_replace('&amp;', '&#038;', $url);
$url = str_replace("'", '&#039;', $url);
if ($url[0] !== '/') {
// We're only interested in relative links from $_SERVER['PHP_SELF']
return '';
} else {
return $url;
}
}

36
includes/header.php Normal file
View File

@@ -0,0 +1,36 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<title><?php echo $page_title; ?></title>
<!-- Bootstrap -->
<link href="css/bootstrap.min.css" rel="stylesheet">
<!-- Font -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,600" rel="stylesheet">
<!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
<script type="text/JavaScript" src="js/sha512.js"></script>
<script type="text/JavaScript" src="js/forms.js"></script>
<link rel="stylesheet" href="css/signin.css">
<!-- Custom style -->
<link rel="stylesheet" href="css/qwiek.css">
</head>
<body>

35
includes/logout.php Normal file
View File

@@ -0,0 +1,35 @@
<?php
/*
* Copyright (C) 2013 peredur.net
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once 'functions.php';
sec_session_start();
// Unset all session values
$_SESSION = array();
// get session parameters
$params = session_get_cookie_params();
// Delete the actual cookie.
setcookie(session_name(),'', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
// Destroy session
session_destroy();
header("Location: ../index.php");
exit();

34
includes/playlist.php Normal file
View File

@@ -0,0 +1,34 @@
<?php
function generatePlaylist ($dir)
{
// Basisfunctionaliteit voor een JSON-achtige playlist
$return_array = array();
if(is_dir($dir)){
if($dh = opendir($dir)){
while(($file = readdir($dh)) != false){
if($file == "." or $file == ".." or $file =="playlist.json"){
} else {
$return_array[] = $file; // Add the file to the array
}
}
}
$ds ="/";
$savePath=$dir . $ds ."playlist.json";
$fileContent= json_encode($return_array);
$file = fopen($savePath,"w");
fwrite($file,$fileContent);
fclose($file);
}
}
?>

47
includes/process_login.php Normal file
View File

@@ -0,0 +1,47 @@
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['p']; // The hashed password.
if (login($email, $password, $mysqli) == true) {
// Login success
$tiepe = $mysqli->query("SELECT `iszorginstelling` FROM `tbl_users` WHERE `email` = '$email'")->fetch_object()->iszorginstelling;
// echo $tiepe;
if ($tiepe=='1') {
header("Location: ../startzorginstelling.php");
exit(); }
else
{ header("Location: ../upload.php");
exit(); }
}
else {
// Login failed
header('Location: ../index.php?error=1');
exit();
}
} else {
// The correct POST variables were not sent to this page.
header('Location: ../error.php?err=Kan niet inloggen');
exit();
}

58
includes/psl-config.php Normal file
View File

@@ -0,0 +1,58 @@
<?php
/**
* Copyright (C) 2013 peredur.net
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* This file contains global configuration variables
* Things like whether anyone can register.
*
* Whether or not it's a secure (https) connection could
* also go here...
*/
/**
* These are the database login details
*/
define("HOST", "localhost"); // The host you want to connect to.
define("USER", "familieq_db"); // The database username.
define("PASSWORD", "Z?h_[Z055NU{"); // The database password.
define("DATABASE", "familieq_db"); // The database name.
/**
* Who can register and what the default role will be
* Values for who can register under a standard setup can be:
* any == anybody can register (default)
* admin == members must be registered by an administrator
* root == only the root user can register members
*
* Values for default role can be any valid role, but it's hard to see why
* the default 'member' value should be changed under the standard setup.
* However, additional roles can be added and so there's nothing stopping
* anyone from defining a different default.
*/
define("CAN_REGISTER", "any");
define("DEFAULT_ROLE", "member");
/**
* Is this a secure connection? The default is FALSE, but the use of an
* HTTPS connection for logging in is recommended.
*
* If you are using an HTTPS connection, change this to TRUE
*/
define("SECURE", FALSE); // For development purposes only!!!!

84
includes/register.inc.org.php Normal file
View File

@@ -0,0 +1,84 @@
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'], $_POST['invitedby'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$invitedby = filter_input(INPUT_POST, 'invitedby', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM tbl_users WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">Een gebruiker met dit emailadres bestaat al.</p>';
}
} else {
$error_msg .= '<p class="error">Databasefout</p>';
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// echo ("jawel!");
// Insert the new user into the database
// DEBUG
$iszorginstelling="0";
if ($insert_stmt = $mysqli->prepare("INSERT INTO tbl_users ( naam,username, email, password, salt) VALUES ( ?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
// Execute the prepared query.
// echo $insert_stmt;
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
echo (mysql_error());
exit();
}
}
header('Location: ./register_success.php');
exit();
}
}

88
includes/register.inc.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
/*
* Copyright (C) 2013 peter
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
include_once 'db_connect.php';
include_once 'psl-config.php';
$error_msg = "";
if (isset($_POST['username'], $_POST['email'], $_POST['p'], $_POST['invitedby'])) {
// Sanitize and validate the data passed in
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
// Not a valid email
$error_msg .= '<p class="error">The email address you entered is not valid</p>';
}
$invitedby = $_POST['invitedby'];
$password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
// Username validity and password validity have been checked client side.
// This should should be adequate as nobody gains any advantage from
// breaking these rules.
//
$prep_stmt = "SELECT id FROM tbl_users WHERE email = ? LIMIT 1";
$stmt = $mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">Een gebruiker met dit emailadres bestaat al.</p>';
}
} else {
$error_msg .= '<p class="error">Databasefout</p>';
}
// TODO:
// We'll also have to account for the situation where the user doesn't have
// rights to do registration, by checking what type of user is attempting to
// perform the operation.
if (empty($error_msg)) {
// Create a random salt
$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$password = hash('sha512', $password . $random_salt);
// Insert the new user into the database
if ($insert_stmt = $mysqli->prepare("INSERT INTO tbl_users (invitedby, username, email, password, salt) VALUES (?, ?, ?, ?, ?)")) {
$insert_stmt->bind_param('issss', $invitedby, $username, $email, $password, $random_salt);
// Execute the prepared query.
if (! $insert_stmt->execute()) {
header('Location: ../error.php?err=Registration failure: INSERT');
exit();
}
}
header('Location: ./register_success.php');
exit();
}
}