first commit: some account management files

RyanTorok · Jun 21, 2018 · 0c00e55 · 0c00e55
commit 0c00e55
Show file tree

Hide file tree

Showing 14 changed files with 667 additions and 0 deletions.
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/.idea/modules.xml b/.idea/modules.xml
diff --git a/.idea/paintbrush.org.iml b/.idea/paintbrush.org.iml
diff --git a/.idea/sqldialects.xml b/.idea/sqldialects.xml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
diff --git a/public_html/acct/SaltRepeat.php b/public_html/acct/SaltRepeat.php
@@ -0,0 +1,14 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/20/18
+ * Time: 10:45 PM
+ */
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$salt = $_POST['salt'];
+echo $salt;
+
diff --git a/public_html/acct/changePassword.php b/public_html/acct/changePassword.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/20/18
+ * Time: 3:19 PM
+ */
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$id = (is_numeric($_POST['id']) ? (int)$_POST['id'] : 0);
+$password = $_POST['password'];
+$salt = $_POST['salt'];
+
+$hash = password_hash($password, PASSWORD_DEFAULT);
+
+//create connection
+$servername = "localhost:3306";
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed: " . $connection->connect_error);
+}
+
+//echo $id;
+// prepare database update
+$stmt = $connection->prepare("UPDATE users SET password = ?, salt = ? WHERE id = ?");
+$stmt->bind_param("ssi", $hash, $salt, $id);
+$stmt->execute();
+$error = $connection->error;
+if (strlen($error) > 0) {
+    echo $error;
+} else {
+    if ($id == 0) {
+        echo "invalid id";
+    } else {
+        echo "done";
+    }
+}
diff --git a/public_html/acct/createAccount.php b/public_html/acct/createAccount.php
@@ -0,0 +1,57 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/18/18
+ * Time: 2:01 PM
+ */
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$username = $_POST['username'];
+$password = $_POST['password'];
+$salt = $_POST['salt'];
+$first = $_POST['first'];
+$last = $_POST['last'];
+$email = $_POST['email'];
+$schoolCode = $_POST['schoolcode'];
+
+$hash = password_hash($password, PASSWORD_DEFAULT);
+
+//create connection
+$servername = "localhost:3306";
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed: " . $connection->connect_error);
+}
+
+//check validity of school code if there is one
+if (strlen($schoolCode) > 0) {
+
+    $stmt = $connection->prepare("SELECT schoolcode FROM users WHERE schoolcode = ? ;");
+    $stmt->bind_param("s", $schoolCode);
+    $stmt->execute();
+
+    $exists = false;
+    if ($fetch = $stmt->fetch()) {
+        $exists = true;
+    }
+
+    if (!$exists) {
+        die("badSC");
+    }
+} else {
+    $schoolCode = "0";
+}
+
+
+// prepare database insertion
+$stmt = $connection->prepare("INSERT INTO users VALUE (null, ?, ?, ?, ?, ?, ?, ?, null );");
+$stmt->bind_param("sssssss", $username, $hash, $salt, $first, $last, $email, $schoolCode);
+$stmt->execute();
+echo $connection->error;
+$result = $stmt->fetch();
+
+echo "done";
diff --git a/public_html/acct/getLocalSalt.php b/public_html/acct/getLocalSalt.php
@@ -0,0 +1,44 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/20/18
+ * Time: 1:58 PM
+ */
+
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$username = $_POST['username'];
+
+//create connection
+$servername = "localhost:3306";
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed: " . $connection->connect_error);
+}
+
+// get the user's salt
+
+$stmt = $connection->prepare("SELECT salt FROM users WHERE username = ?");
+$stmt->bind_param("s", $username);
+$stmt->execute();
+$result = $stmt->get_result();
+$atLeastOne = false;
+while ($row = $result->fetch_row()) {
+    $atLeastOne = true;
+    echo $row[0] . "\n";
+}
+
+if (!$atLeastOne) {
+    //output a random string of characters, to hide that the username doesn't exist
+    try {
+        echo base64_encode(random_bytes(random_int(45, 65))) . "\n";
+    } catch (Exception $e) {
+    }
+}
+
+echo $connection->error;
+
diff --git a/public_html/acct/login.php b/public_html/acct/login.php
@@ -0,0 +1,49 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/18/18
+ * Time: 4:36 PM
+ */
+
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$username = $_POST['username'];
+$passwordAttempt = $_POST['password'];
+$needFile = $_POST['needfile'];
+
+//create connection
+$servername = 'localhost:3306';
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed!");
+}
+
+$stmt = $connection->prepare("SELECT * FROM users WHERE username = ?");
+$stmt->bind_param("s", $username);
+$stmt->execute();
+
+
+$allResults = $stmt->get_result();
+while($result = $allResults->fetch_row()) {
+    //verify password
+    $encryptedPassword = $result[2]; //password
+    $match = password_verify($passwordAttempt, $encryptedPassword);
+    if ($match) {
+        echo $result[0] . " "; //id
+        //get the rest of the user details
+        if ($needFile == "true") {
+            $serFile = $result[8];
+            if (strlen($serFile) == 0)
+                echo "true";
+            else
+                echo $serFile;
+        } else {
+            echo "true";
+        }
+        echo "\n";
+    }
+}
diff --git a/public_html/acct/testQuery.php b/public_html/acct/testQuery.php
@@ -0,0 +1,39 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/19/18
+ * Time: 10:41 PM
+ */
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+
+//create connection
+$servername = "localhost:3306";
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed: " . $connection->connect_error);
+}
+
+try {
+    $bytes = random_bytes(50);
+} catch (Exception $e) {
+}
+echo $bytes . "<br>";
+
+// do a test query
+$stmt = $connection->prepare("INSERT INTO users VALUE (null, 'test4', 'pass', ?, 'first', 'last', 'email', '0', null );");
+$stmt->bind_param("s", $bytes);
+$stmt->execute();
+
+//$stmt = $connection->prepare("SELECT 1,2,3 FROM dual;");
+$stmt = $connection->prepare("SELECT salt FROM users WHERE username = 'test4' ;");
+$stmt->execute();
+$result = $stmt->get_result();
+$row = $result->fetch_row();
+echo $row[0] . "<br>";
+
+echo $bytes == $row[0];
+
diff --git a/public_html/acct/updateSerFile.php b/public_html/acct/updateSerFile.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: rtorok
+ * Date: 6/21/18
+ * Time: 1:26 PM
+ */
+
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
+
+$id = (is_numeric($_POST['id']) ? (int)$_POST['id'] : 0);
+$serFile = $_POST['serfile'];
+
+//create connection
+$servername = "localhost:3306";
+$connection = new mysqli($servername, 'java', 'B584xha1eM*gFA', 'paintbrush_server');
+
+if ($connection->connect_error) {
+    die("Connection failed: " . $connection->connect_error);
+}
+
+
+// prepare database update
+$stmt = $connection->prepare("UPDATE users SET userData = ? WHERE id = ?");
+$stmt->bind_param("si", $serFile, $id);
+$stmt->execute();
+$error = $connection->error;
+if (strlen($error) > 0) {
+    echo $error . "\n";
+}
+echo "done";
diff --git a/public_html/index.php b/public_html/index.php
@@ -0,0 +1,13 @@
+<?php
+echo ('<p>This is php output</p>');
+
+?>
+
+<html>
+  <head>
+    <title>Paintbrush LMS Home Page</title>
+  </head>
+  <body>
+    <p>This is a web server used for the function of the Paintbrush LMS client program. Please visit our home page for more information.</p>
+  </body>
+</html>