API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 12th, 2018
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 8.77 KB | None | 0 0
raw download clone embed print report
  1. Index.php:
  2. <?php
  3.  
  4. session_start();
  5. include "user.php";
  6. include "util.php";
  7.  
  8. $CURRENT_USER = false;
  9. if(!empty($_SESSION['CURRENT_USER'])) {
  10.     $CURRENT_USER = unserialize($_SESSION['CURRENT_USER']);
  11. }
  12.  
  13. $action = !empty(@$_GET['action'])?strtolower($_GET['action']):'login';
  14. if($action == 'index') $action='login';
  15.  
  16. switch($action) {
  17.     case 'login':
  18.     case 'register':
  19.         if($CURRENT_USER) $action = 'home';
  20.         break;
  21.     default:
  22.         if(!$CURRENT_USER) $action = 'login';
  23. }
  24.  
  25. if($CURRENT_USER && !$CURRENT_USER->isAdmin()) {
  26.     switch($action) {
  27.         case 'flag':
  28.             $error = 'You need administrative privileges do perform this action';
  29.             $action = 'home';
  30.     }
  31. }
  32.  
  33.  
  34.  
  35. $action = preg_replace('/[[:^print:]]/', '', $action) . '.php';
  36. include $action;
  37.  
  38. ?>
  39.  
  40. User.php:
  41. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  42. <?php
  43. class User {
  44.     var $Name = '';
  45.     var $Notes = [];
  46.     var $Password = '';
  47.     var $IsAdmin = false;
  48.     function __construct($name, $password) {
  49.         $this->Name = $name;
  50.         $this->Password = hash('sha256',$password);
  51.     }
  52.  
  53.     function checkPassword($input) {
  54.         return $this->Password == hash('sha256', $input);
  55.     }
  56.  
  57.     function isAdmin() {
  58.         return $this->IsAdmin;
  59.     }
  60.  
  61.     function getName() {
  62.         return $this->Name;
  63.     }
  64.  
  65.     function getNote($id) {
  66.         return $this->Notes[$id];
  67.     }
  68.  
  69.     function getNoteCount() {
  70.         return count($this->Notes);
  71.     }
  72.  
  73.     function updateNote($id,$content) {
  74.         $this->Notes[$id] = $content;
  75.     }
  76.     function createNote($content) {
  77.         $this->Notes[] = $content;
  78.     }
  79.  
  80.     function forceAdmin() {
  81.         $this->IsAdmin = true;
  82.     }
  83.  
  84. }
  85.  
  86. Util.php:
  87. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  88. <?php
  89.  
  90.     function saveCurrentUser() {
  91.         $u = $GLOBALS['CURRENT_USER'];
  92.         if(!$u) return;
  93.         $swears = ["shit", "fuck", "bitch", "bastard", "asshole", "douche"];
  94.         $_SESSION['USERS'][$u->getName()] = str_replace($swears, '**********', serialize($u));
  95.         $_SESSION['CURRENT_USER'] = $_SESSION['USERS'][$u->getName()];
  96.     }
  97.  
  98. ?>
  99.  
  100. Login.php:
  101. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  102. <?php
  103. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  104.     $user  = @$_POST['username'];
  105.     $pass  = @$_POST['password'];
  106.     if(empty($user) || empty($pass)) {
  107.         $error = 'You must fill out the entire form.';
  108.     } elseif(empty($_SESSION['USERS'][$user])) {
  109.         $error = 'Invalid credentials.';
  110.     } else {
  111.         $u = unserialize($_SESSION['USERS'][$user]);
  112.         if(!$u->checkPassword($pass)) {
  113.             $error = 'Invalid Credentials.';
  114.         } else {
  115.             $_SESSION['CURRENT_USER'] = $_SESSION['USERS'][$user];
  116.             header('Location: /?action=home');
  117.             die();
  118.         }
  119.     }
  120. }
  121.  
  122. include "header.php"
  123.  
  124. ?>
  125. <style>
  126. .form-signin input {
  127.     margin-bottom:15px;
  128. }
  129. </style>
  130. <div class="container">
  131.  
  132.     <form method="POST" action="?action=login" class="form-signin">
  133.         <h2 class="form-signin-heading">Temporary Note Service</h2>
  134.         <label for="username" class="sr-only">Username</label>
  135.         <input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
  136.         <label for="password" class="sr-only">Password</label>
  137.         <input type="password" name="password" class="form-control" placeholder="Password" required>
  138.         <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
  139.         <a href="/?action=register"><button class="btn btn-lg btn-danger btn-block" type="button">or Register</button></a>
  140.     </form>
  141.  
  142. </div>
  143.  
  144. Header.php:
  145. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  146. <head>
  147. <title>Temporary Notetaking Service></title>
  148. <style>
  149.     html, body {
  150.         margin:0px;
  151.         padding:0px;
  152.     }
  153. </style>
  154. <meta charset="utf-8">
  155. <meta name="viewport" content="width=device-width, initial-scale=1">
  156. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
  157. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
  158. <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>
  159. </head>
  160. <body>
  161.  
  162. <?php if($CURRENT_USER) { ?>
  163. <ol class="breadcrumb">
  164.   <li class="breadcrumb-item"><a href="?action=home">Home</a></li>
  165.   <li class="breadcrumb-item"><a href="?action=logout">Logout</a></li>
  166. </ol>
  167. <?php } ?>
  168.  
  169. <?php if (isset($error)) { ?>
  170.  
  171. <div class="alert alert-danger"><?php echo $error; ?></div>
  172.  
  173. <?php } ?>
  174. <?php if (isset($success)) { ?>
  175.  
  176. <div class="alert alert-success"><?php echo $success; ?></div>
  177.  
  178. <?php } ?>
  179.  
  180. flag:
  181. <?php
  182.     if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die();
  183.     if($CURRENT_USER->isAdmin()) echo file_get_contents('flag.txt');
  184. ?>
  185.  
  186. home:
  187. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  188. <?php
  189.     include "header.php";
  190. ?>
  191. <div class="container">
  192. <div class="row"><h2>Welcome back, <?php echo $CURRENT_USER->getName() ?></h2></div>
  193. <div class="row">
  194. <ul>
  195. <?php  
  196.     for($i=1;$i<=$CURRENT_USER->getNoteCount();$i++) {
  197.         echo "<li><a href='?action=readnote&id=$i'>Note $i</a></li>";
  198.     }
  199.     if($CURRENT_USER->getNoteCount() == 0) {
  200.         echo '<li>No noted were found.</li>';
  201.     }
  202. ?>
  203. <li><a href="?action=addnote">Add Note</a></li>
  204. </ul>
  205. </div>
  206.  
  207. </div>
  208.  
  209. register:
  210. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  211. <?php
  212. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  213.     $user  = @$_POST['username'];
  214.     $pass  = @$_POST['password'];
  215.     $pass2 = @$_POST['password2'];
  216.     if(empty($user) || empty($pass) || empty($pass2)) {
  217.         $error = 'You must fill out the entire form.';
  218.     } elseif(!empty($_SESSION['USERS'][$user])) {
  219.         $error = 'Account already exists.';
  220.     } elseif($pass != $pass2) {
  221.         $error = 'Passwords do not match.';
  222.     } else {
  223.         $_SESSION['USERS'][$user] = serialize(new User($user, $pass));
  224.         $success = "Account has been created.";
  225.         $_SERVER['REQUEST_METHOD'] = 'GET';
  226.         include "login.php";
  227.         die();
  228.     }
  229.  
  230. }
  231.  
  232. include "header.php"
  233.  
  234.  
  235.  
  236. ?>
  237.  
  238. <div class="container">
  239.  
  240.     <form method="POST" class="form-register">
  241.         <h2 class="form-register-heading">Register a Temporary Account</h2>
  242.         <label for="username" class="sr-only">Username</label>
  243.         <input type="text" name="username" class="form-control" placeholder="Username" required autofocus>
  244.         <label for="password" class="sr-only">Password</label>
  245.         <input type="password" name="password" class="form-control" placeholder="Password" required>
  246.         <label for="password" class="sr-only">Confirm Password</label>
  247.         <input type="password" name="password2" class="form-control" placeholder="Confirm Password" required>
  248.         <button class="btn btn-lg btn-primary btn-block" type="submit">Register</button>
  249.         <a href="/?action=login"><button class="btn btn-lg btn-danger btn-block" type="button">or Login</button></a>
  250.     </form>
  251.  
  252. </div>
  253.  
  254. addnote:
  255. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  256. <?php
  257.  
  258. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  259.     $content  = @$_POST['content'];
  260.     if(empty($content)) {
  261.         $error = "You must provide some content";
  262.     } else {
  263.         $CURRENT_USER->createNote($content);
  264.         $success = "Note has been created.";
  265.         saveCurrentUser();
  266.     }
  267. }
  268.  
  269. include "header.php"
  270.  
  271. ?>
  272.  
  273. <div class="container">
  274.     <div class="row"><h2>Create a Note</h2></div>
  275.     <form method="POST" class="form-register">
  276.         <div class="row">
  277.             <div class="col-xs-2">Content:</div>
  278.             <div class="col-xs-10"><textarea name="content" class="form-control" rows="8" style="width:100%;"></textarea></div>
  279.         </div>
  280.         <div class="row">
  281.             <div class="col-xs-2"></div>
  282.             <div class="col-xs-10"><button type="submit" class="btn btn-lg btn-primary btn-block">Add note!</button></div>
  283.  
  284.         </div>
  285.     </form>
  286. </div>
  287.  
  288. readnote:
  289. <?php if(strtolower($_SERVER['SCRIPT_NAME'])!='/index.php') die() ?>
  290. <?php
  291.  
  292. $id = @$_GET['id'];
  293. $content = '';
  294. if(empty($id) || !is_numeric($id)) {
  295.     $error = 'Cannot find requested note.';
  296. } else {
  297.     $id = (int)$id -1;
  298.     $count = $CURRENT_USER->getNoteCount();
  299.     if($id >= $count) $error = 'Cannot find requested note.';
  300.     else {
  301.         $content = $CURRENT_USER->getNote($id);
  302.     }
  303. }
  304.  
  305. if(empty($error) && $_SERVER['REQUEST_METHOD'] === 'POST') {
  306.     $newContent = @$_POST['content'];
  307.     if(empty($newContent)) {
  308.         $error = 'You must provide some content.';
  309.     } else {
  310.         $CURRENT_USER->updateNote($id,$newContent);
  311.         saveCurrentUser();
  312.         $content = $newContent;
  313.         $success = "Note has been saved.";
  314.        
  315.     }
  316. }
  317.  
  318.  
  319.  
  320. include "header.php";
  321. ?>
  322.  
  323. <div class="container">
  324.     <div class="row"><h2>Note <?php echo $id+1; ?></h2></div>
  325.     <form method="POST" class="form-register">
  326.         <div class="row">
  327.             <div class="col-xs-2">Content:</div>
  328.             <div class="col-xs-10"><textarea name="content" class="form-control" rows="8" style="width:100%;"><?php echo htmlentities($content); ?></textarea></div>
  329.         </div>
  330.         <div class="row">
  331.             <div class="col-xs-2"></div>
  332.             <div class="col-xs-10"><button type="submit" class="btn btn-lg btn-primary btn-block">Save note!</button></div>
  333.  
  334.         </div>
  335.     </form>
  336. </div>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!