Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Index.php:
- <?php
- session_start();
- include "user.php";
- include "util.php";
- $CURRENT_USER = false;
- if(!empty($_SESSION['CURRENT_USER'])) {
- $CURRENT_USER = unserialize($_SESSION['CURRENT_USER']);
- }
- $action = !empty(@$_GET['action'])?strtolower($_GET['action']):'login';
- if($action == 'index') $action='login';
- switch($action) {
- case 'login':
- case 'register':
- if($CURRENT_USER) $action = 'home';
- break;
- default:
- if(!$CURRENT_USER) $action = 'login';
- }
- if($CURRENT_USER && !$CURRENT_USER->isAdmin()) {
- switch($action) {
- case 'flag':
- $error = 'You need administrative privileges do perform this action';
- $action = 'home';
- }
- }
- $action = preg_replace('/[[:^print:]]/', '', $action) . '.php';
- include $action;
- ?>
- User.php:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- class User {
- var $Name = '';
- var $Notes = [];
- var $Password = '';
- var $IsAdmin = false;
- function __construct($name, $password) {
- $this->Name = $name;
- $this->Password = hash('sha256',$password);
- }
- function checkPassword($input) {
- return $this->Password == hash('sha256', $input);
- }
- function isAdmin() {
- return $this->IsAdmin;
- }
- function getName() {
- return $this->Name;
- }
- function getNote($id) {
- return $this->Notes[$id];
- }
- function getNoteCount() {
- return count($this->Notes);
- }
- function updateNote($id,$content) {
- $this->Notes[$id] = $content;
- }
- function createNote($content) {
- $this->Notes[] = $content;
- }
- function forceAdmin() {
- $this->IsAdmin = true;
- }
- }
- Util.php:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- function saveCurrentUser() {
- $u = $GLOBALS['CURRENT_USER'];
- if(!$u) return;
- $swears = ["shit", "fuck", "bitch", "bastard", "asshole", "douche"];
- $_SESSION['USERS'][$u->getName()] = str_replace($swears, '**********', serialize($u));
- $_SESSION['CURRENT_USER'] = $_SESSION['USERS'][$u->getName()];
- }
- ?>
- Login.php:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $user = @$_POST['username'];
- $pass = @$_POST['password'];
- if(empty($user) || empty($pass)) {
- $error = 'You must fill out the entire form.';
- } elseif(empty($_SESSION['USERS'][$user])) {
- $error = 'Invalid credentials.';
- } else {
- $u = unserialize($_SESSION['USERS'][$user]);
- if(!$u->checkPassword($pass)) {
- $error = 'Invalid Credentials.';
- } else {
- $_SESSION['CURRENT_USER'] = $_SESSION['USERS'][$user];
- header('Location: /?action=home');
- die();
- }
- }
- }
- include "header.php"
- ?>
- <style>
- .form-signin input {
- margin-bottom:15px;
- }
- </style>
- <div class="container">
- <form method="POST" action="?action=login" class="form-signin">
- <h2 class="form-signin-heading">Temporary Note Service</h2>
- <label for="username" class="sr-only">Username</label>
- <input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
- <label for="password" class="sr-only">Password</label>
- <input type="password" name="password" class="form-control" placeholder="Password" required>
- <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
- <a href="/?action=register"><button class="btn btn-lg btn-danger btn-block" type="button">or Register</button></a>
- </form>
- </div>
- Header.php:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <head>
- <title>Temporary Notetaking Service></title>
- <style>
- html, body {
- margin:0px;
- padding:0px;
- }
- </style>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
- </head>
- <body>
- <?php if($CURRENT_USER) { ?>
- <ol class="breadcrumb">
- <li class="breadcrumb-item"><a href="?action=home">Home</a></li>
- <li class="breadcrumb-item"><a href="?action=logout">Logout</a></li>
- </ol>
- <?php } ?>
- <?php if (isset($error)) { ?>
- <div class="alert alert-danger"><?php echo $error; ?></div>
- <?php } ?>
- <?php if (isset($success)) { ?>
- <div class="alert alert-success"><?php echo $success; ?></div>
- <?php } ?>
- flag:
- <?php
- if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die();
- if($CURRENT_USER->isAdmin()) echo file_get_contents('flag.txt');
- ?>
- home:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- include "header.php";
- ?>
- <div class="container">
- <div class="row"><h2>Welcome back, <?php echo $CURRENT_USER->getName() ?></h2></div>
- <div class="row">
- <ul>
- <?php
- for($i=1;$i<=$CURRENT_USER->getNoteCount();$i++) {
- echo "<li><a href='?action=readnote&id=$i'>Note $i</a></li>";
- }
- if($CURRENT_USER->getNoteCount() == 0) {
- echo '<li>No noted were found.</li>';
- }
- ?>
- <li><a href="?action=addnote">Add Note</a></li>
- </ul>
- </div>
- </div>
- register:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $user = @$_POST['username'];
- $pass = @$_POST['password'];
- $pass2 = @$_POST['password2'];
- if(empty($user) || empty($pass) || empty($pass2)) {
- $error = 'You must fill out the entire form.';
- } elseif(!empty($_SESSION['USERS'][$user])) {
- $error = 'Account already exists.';
- } elseif($pass != $pass2) {
- $error = 'Passwords do not match.';
- } else {
- $_SESSION['USERS'][$user] = serialize(new User($user, $pass));
- $success = "Account has been created.";
- $_SERVER['REQUEST_METHOD'] = 'GET';
- include "login.php";
- die();
- }
- }
- include "header.php"
- ?>
- <div class="container">
- <form method="POST" class="form-register">
- <h2 class="form-register-heading">Register a Temporary Account</h2>
- <label for="username" class="sr-only">Username</label>
- <input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
- <label for="password" class="sr-only">Password</label>
- <input type="password" name="password" class="form-control" placeholder="Password" required>
- <label for="password" class="sr-only">Confirm Password</label>
- <input type="password" name="password2" class="form-control" placeholder="Confirm Password" required>
- <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
- <a href="/?action=login"><button class="btn btn-lg btn-danger btn-block" type="button">or Login</button></a>
- </form>
- </div>
- addnote:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- if ($_SERVER['REQUEST_METHOD'] === 'POST') {
- $content = @$_POST['content'];
- if(empty($content)) {
- $error = "You must provide some content";
- } else {
- $CURRENT_USER->createNote($content);
- $success = "Note has been created.";
- saveCurrentUser();
- }
- }
- include "header.php"
- ?>
- <div class="container">
- <div class="row"><h2>Create a Note</h2></div>
- <form method="POST" class="form-register">
- <div class="row">
- <div class="col-xs-2">Content:</div>
- <div class="col-xs-10"><textarea name="content" class="form-control" rows="8" style="width:100%;"></textarea></div>
- </div>
- <div class="row">
- <div class="col-xs-2"></div>
- <div class="col-xs-10"><button type="submit" class="btn btn-lg btn-primary btn-block">Add note!</button></div>
- </div>
- </form>
- </div>
- readnote:
- <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
- <?php
- $id = @$_GET['id'];
- $content = '';
- if(empty($id) || !is_numeric($id)) {
- $error = 'Cannot find requested note.';
- } else {
- $id = (int)$id -1;
- $count = $CURRENT_USER->getNoteCount();
- if($id >= $count) $error = 'Cannot find requested note.';
- else {
- $content = $CURRENT_USER->getNote($id);
- }
- }
- if(empty($error) && $_SERVER['REQUEST_METHOD'] === 'POST') {
- $newContent = @$_POST['content'];
- if(empty($newContent)) {
- $error = 'You must provide some content.';
- } else {
- $CURRENT_USER->updateNote($id,$newContent);
- saveCurrentUser();
- $content = $newContent;
- $success = "Note has been saved.";
- }
- }
- include "header.php";
- ?>
- <div class="container">
- <div class="row"><h2>Note <?php echo $id+1; ?></h2></div>
- <form method="POST" class="form-register">
- <div class="row">
- <div class="col-xs-2">Content:</div>
- <div class="col-xs-10"><textarea name="content" class="form-control" rows="8" style="width:100%;"><?php echo htmlentities($content); ?></textarea></div>
- </div>
- <div class="row">
- <div class="col-xs-2"></div>
- <div class="col-xs-10"><button type="submit" class="btn btn-lg btn-primary btn-block">Save note!</button></div>
- </div>
- </form>
- </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement