From ec18c5be93d3110e56f7daa3da5795074a0c076d Mon Sep 17 00:00:00 2001 From: stepan Date: Mon, 16 Mar 2026 15:09:56 +0100 Subject: [PATCH] Upload files to "old_progress" --- old_progress/datum.php | 18 + old_progress/heslahash.php | 11 + old_progress/index.php | 593 +++++++++++++++++++++++++++++++++ old_progress/login.php | 21 ++ old_progress/login_process.php | 45 +++ 5 files changed, 688 insertions(+) create mode 100644 old_progress/datum.php create mode 100644 old_progress/heslahash.php create mode 100644 old_progress/index.php create mode 100644 old_progress/login.php create mode 100644 old_progress/login_process.php diff --git a/old_progress/datum.php b/old_progress/datum.php new file mode 100644 index 0000000..2fc5608 --- /dev/null +++ b/old_progress/datum.php @@ -0,0 +1,18 @@ +"; + +$cas_format = date("Y-m-d H:i:s", $cas); + +echo "cas_format:" .$cas_format . "
"; + +$cas_timestamp = strtotime($cas_format); + +echo "cas timestamp:" . $cas_timestamp . "
"; + +echo "timestamp 123: " . date("Y-m-d H:i:s", "123") . "
"; +echo "timestamp 1649194733: " . date("Y-m-d H:i:s", "1649194733") . "
"; +echo "timestamp 9999999999: " . date("Y-m-d H:i:s", "9999999999") . "
"; +echo "timestamp 1234567890: " . date("Y-m-d H:i:s", "1234567890") . "
"; +?> \ No newline at end of file diff --git a/old_progress/heslahash.php b/old_progress/heslahash.php new file mode 100644 index 0000000..7e5f459 --- /dev/null +++ b/old_progress/heslahash.php @@ -0,0 +1,11 @@ +"; + +$heslohash = password_hash($heslo, PASSWORD_BCRYPT); +echo "zahashovane heslo je: " . $heslohash . "
"; + +$jeheslook = password_verify($heslo, $heslohash); +echo "je heslo ok? " . $jeheslook; + +?> \ No newline at end of file diff --git a/old_progress/index.php b/old_progress/index.php new file mode 100644 index 0000000..aaf8cdd --- /dev/null +++ b/old_progress/index.php @@ -0,0 +1,593 @@ +probiha registrace"; + echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"])); + + //VYMAZÁNÍ PROMĚNNÝCH + $email = $password = $confirm_password = ""; + $email_err = $password_err = $confirm_password_err = $pozdrav_err = $db_err = ""; + + //OVĚŘENÍ EMAILU + if(empty(htmlspecialchars(trim($_POST["reg_email"])))){ + $reg_email_err = "Email je prázdný."; + } elseif(!filter_var(htmlspecialchars(trim($_POST["reg_email"])), FILTER_VALIDATE_EMAIL)){ + $reg_email_err = "Email je neplatný."; + } else{ + //JE EMAIL POUŽITÝ V users? + $sql = "SELECT `user-id` FROM `users` WHERE `email` = ?"; + + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_email); + + // Set parameters + $param_email = htmlspecialchars(trim($_POST["reg_email"])); + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + /* store result */ + mysqli_stmt_store_result($stmt); + + if(mysqli_stmt_num_rows($stmt) == 1){ + $reg_email_err = "Email už je použitý."; + } else{ + $reg_email = htmlspecialchars(trim($_POST["reg_email"])); + } + } else{ + $reg_db_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + //} else{ + //JE EMAIL POUŽITÝ V users-pending? + $sql = "SELECT `user-pending-id` FROM `users-pending` WHERE `email` = ?"; + + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_email); + + // Set parameters + $param_email = htmlspecialchars(trim($_POST["reg_email"])); + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + /* store result */ + mysqli_stmt_store_result($stmt); + + if(mysqli_stmt_num_rows($stmt) == 1){ + $reg_email_err = "Email už je použitý."; + } else{ + $reg_email = htmlspecialchars(trim($_POST["reg_email"])); + } + } else{ + $reg_db_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // OVĚŘENÍ HESLA + if(empty(htmlspecialchars(trim($_POST["reg_password"])))){ + $reg_password_err = "Heslo je prázdné."; + } elseif(strlen(htmlspecialchars(trim($_POST["reg_password"]))) < 6){ + $reg_password_err = "Heslo musí mít alespoň 6 znaků"; + } else{ + $reg_password = htmlspecialchars(trim($_POST["reg_password"])); + } + + // OVĚŘENÍ POTVRZENÍ HESLA + if(empty(htmlspecialchars(trim($_POST["reg_confirm_password"])))){ + $reg_confirm_password_err = "Heslo musí být potvrzené."; + } else{ + $reg_confirm_password = htmlspecialchars(trim($_POST["reg_confirm_password"])); + if(empty($reg_password_err) && ($reg_password != $reg_confirm_password)){ + $reg_confirm_password_err = "Heslo není správně potvrzené."; + } + } + + // OVĚŘENÍ POZDRAVU + if(empty(htmlspecialchars(trim($_POST["reg_pozdrav"])))){ + $reg_pozdrav_err = "Pozdrav je prázdný"; + } else{ + $reg_pozdrav = htmlspecialchars(trim($_POST["reg_pozdrav"])); + } + + // Check input errors before inserting in database + if(empty($reg_email_err) && empty($reg_password_err) && empty($reg_confirm_password_err) && empty($reg_pozdrav_err) && empty($reg_db_err)){ + // Prepare an insert statement + $sql = "INSERT INTO `users-pending` (`email`, `heslo`, `pozdrav`) VALUES (?, ?, ?)"; + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "sss", $param_email, $param_heslo, $param_pozdrav); + // Set parameters + $param_email = $reg_email; + $param_heslo = password_hash($reg_password, PASSWORD_BCRYPT); // Creates a password hash + $param_pozdrav = $reg_pozdrav; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Redirect to login page + echo "Registrace proběhla úspěšně."; + exit; + } else{ + $reg_db_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Close connection + mysqli_close($mysqli); +} + +/* +------- --- --- ------- --- -- ----- -- -- ------- ------- -- ----- + --- ---- ---- -- ---- -- -- -- -- -- -- -- -- -- -- + --- -- ---- -- ----- -- -- -- ------- ------- ----- ------- -- ------- + --- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +------- -- -- ------- -- ---- -- -- -- -- ------- ------- ------- -- -- +*/ + +if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "zmenahesla")){ + + echo "

změna hesla

"; + //TODO +} + + + +/* +-- ------ ------ -- --- -- +-- -- -- -- -- ---- -- +-- -- -- -- --- -- -- -- -- +-- -- -- -- -- -- -- -- -- +------- ------ ------ -- -- ---- +*/ + +//PROBÍHÁ PŘIHLAŠOVÁNÍ? +if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "prihlasovani")){ + + // echo "

probiha prihlasovani

"; + // echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"])); + + $email = $password = ""; + $email_err = $password_err = $login_err = ""; + + // KONTROLA EMAILU, JESTLI NENÍ PRÁZDNÝ + if(empty(htmlspecialchars(trim($_POST["email"])))){ + $email_err = "Email není vyplněný."; + } else{ + $email = htmlspecialchars(trim($_POST["email"])); + } + + // KONTROLA HESLA, JESTLI NENÍ PRÁZDNÉ + if(empty(htmlspecialchars(trim($_POST["password"])))){ + $password_err = "Heslo není vyplněné."; + } else{ + $password = htmlspecialchars(trim($_POST["password"])); + } + + + + + + // OVĚŘENÍ JMÉNA A HESLA + if(empty($email_err) && empty($password_err)){ + // Prepare a select statement + $sql = "SELECT `user-id`, `email`, `heslo` FROM `users` WHERE `email` = ?"; + + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_email); + + // Set parameters + $param_email = $email; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Store result + mysqli_stmt_store_result($stmt); + + // Check if username exists, if yes then verify password + if(mysqli_stmt_num_rows($stmt) == 1){ + // Bind result variables + mysqli_stmt_bind_result($stmt, $user_id, $email, $hashed_password); + if(mysqli_stmt_fetch($stmt)){ + if(password_verify($password, $hashed_password)){ + // Password is correct, so start a new session +// session_start(); + + // Store data in session variables + /* + $_SESSION["loggedin"] = true; + $_SESSION["user_id"] = $user_id; + $_SESSION["email"] = $email; + */ + + // PŘIHLÁSIT NATRVALO? + if(htmlspecialchars(trim($_POST["zapamatovat"])) == true){ + // echo "
zapamatovat
"; + // příprava proměnných + $cookie_token = bin2hex(random_bytes(32)); + $cookie_token_hashed = password_hash($cookie_token, PASSWORD_BCRYPT); + $cookie_user_id = $user_id; + $cookie_expires = time() + 60 * 60 * 24 * 31; + + for ($i = 0; $i <= 1000; $i++) { + + $temp_selector = substr(bin2hex(random_bytes(12)),0,12); + + $sqlfor = "SELECT `token-id` FROM `tokeny` WHERE `selector` = ?"; + + if($stmtfor = mysqli_prepare($mysqli, $sqlfor)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmtfor, "s", $param_selector); + + // Set parameters + $param_selector = $temp_selector; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmtfor)){ + /* store result */ + mysqli_stmt_store_result($stmtfor); + + if(mysqli_stmt_num_rows($stmtfor) == 1){ + + } else{ + $cookie_selector = $temp_selector; + mysqli_stmt_close($stmtfor); + break; + } + } else{ + $login_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + break; + } + + // Close statement + mysqli_stmt_close($stmt); + } + + if($i = 1000){ + $login_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + } + + + + // echo "token: " . $cookie_token . "
token_hashed: " . $cookie_token_hashed . "
user_id: " . $cookie_user_id . "
expires: " . $cookie_expires . "
slector: " . $cookie_selector . "
"; + if(empty($login_err)) { + // zapsat cookie (selector, token, user-id) + setcookie("user_id", $cookie_user_id, $cookie_expires, "/"); + setcookie("selector", $cookie_selector, $cookie_expires, "/"); + setcookie("token", $cookie_token, $cookie_expires, "/"); + // zapsat do tabulky tokeny (selector, token_heshed, user-id, expires) + $sql = "INSERT INTO `tokeny` (`user-id`, `selector`, `token`, `expires`) VALUES (?, ?, ?, ?)"; + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "ssss", $param_user_id, $param_selector, $param_token, $param_expires); + // Set parameters + $param_user_id = $cookie_user_id; + $param_selector = $cookie_selector; + $param_token = $cookie_token_hashed; + $param_expires = $cookie_expires; // TODO - upravit, aby obě data byla stejná + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Redirect to login page + // exit; + } else{ + $db_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + // Close statement + //mysqli_stmt_close($stmt); + } + + + + } + } + + if(empty($login_err)) { + + $_SESSION["loggedin"] = true; + $_SESSION["user_id"] = $user_id; + $_SESSION["email"] = $email; + + echo "přihlášeno"; + + } + + // Redirect user to welcome page +// header("location: welcome.php"); + + } else{ + // Password is not valid, display a generic error message + $login_err = "Email je špatně, nebo heslo je špatně."; + } + } + } else{ + // Username doesn't exist, display a generic error message + $login_err = "Email je špatně, nebo heslo je špatně."; + } + } else{ + $db_err = "Chyba ryba. Asi to bude potřeba zkusit ještě jednou."; + } + + // Close statement + mysqli_stmt_close($stmt); + } + } + + // Close connection + mysqli_close($mysqli); + + + + + + +// exit; + +} + +/* +------- ------ ------ --- --- -- -- -- ----- ------ ------- +-- -- -- -- -- ---- ---- -- -- -- -- -- -- -- -- +----- -- -- ------ -- ---- -- -- -- -- ------- ------ ----- +-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +-- ------ -- -- -- -- ------ ------- -- -- -- -- ------- +*/ + +//JE NĚKDO PŘIHLÁŠENÝ? +/* +?1? existuje session +(všechny session proměnné existují) +ANO - pokračovat na ?6? (přeskočit 2 až 5) +NE - kontrola cookies +*/ +$jeprihlaseniok = false; +$jeprihlaseniok_err = ""; +if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || !isset($_SESSION["user_id"]) || !isset($_SESSION["email"])) { + +//echo "tadyhle1"; +/* +?2? existují cookies +(všechny cookies proměnné existují) +ANO - pokračovat na ?3? +NE - nepřihlášeno +*/ + if(isset($_COOKIE["user_id"]) && isset($_COOKIE["selector"]) && isset($_COOKIE["token"])) { +/* +?3? kontrola cookies - čas +(všechny cookies jsou platné) +ANO - pokračovat na ?4? +NE - nepřihlášeno +*/ + $sql = "SELECT `user-id`, `token`, `expires` FROM `tokeny` WHERE `selector` = ?"; + + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "s", $param_selector); + + // Set parameters + $param_selector = $_COOKIE["selector"]; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + // Store result + mysqli_stmt_store_result($stmt); + + // Check if username exists, if yes then verify password + if(mysqli_stmt_num_rows($stmt) == 1){ + // Bind result variables + mysqli_stmt_bind_result($stmt, $token_user_id, $token_token, $token_expires); + if(mysqli_stmt_fetch($stmt)){ + // kontrola času (expirace cookie) + if($token_expires > time()){ + // kontrola user (jestli je v tokenu stejný uživatel jako v cookies) + if($token_user_id == $_COOKIE["user_id"]) { + //kontrola tokenu (jetli je token správný) + if(password_verify($_COOKIE["token"], $token_token)){ + $jeprihlaseniok = true; + //echo "JOJOJO"; + + $cas_tedkonc = time(); + $cookie_prodlouzeni = $cas_tedkonc + 60 * 60 * 24 * 31; + // - prodloužit čas cookies v cookies + setcookie("user_id", $_COOKIE["user_id"], $cookie_prodlouzeni, "/"); + setcookie("selector", $_COOKIE["selector"], $cookie_prodlouzeni, "/"); + setcookie("token", $_COOKIE["token"], $cookie_prodlouzeni, "/"); + + // - prodloužit čas cookies v db tokeny + $sql = "UPDATE `tokeny` SET `expires` = ? WHERE `selector` = ?"; + if($stmt = mysqli_prepare($mysqli, $sql)){ + // Bind variables to the prepared statement as parameters + mysqli_stmt_bind_param($stmt, "is", $param_expires, $param_selector); + + // Set parameters + $param_expires = $cookie_prodlouzeni; + $param_selector = $_COOKIE["selector"]; + + // Attempt to execute the prepared statement + if(mysqli_stmt_execute($stmt)){ + } + } + // - mazání starých tokenů v db + $sql_smazat_stare_tokeny = "DELETE FROM `tokeny` WHERE `expires`formulare"; +?> +

registrace

+ +
" method="post"> + + +
+ + "> + +
+
+ + "> + +
+
+ + "> + +
+
+ + + +
+
+ + +
+
+ +

prihlaseni

+ +
" method="post"> + + + +
+ + + +
+
+ + + +
+
+ + +
+
+ + +
+
+ + + + +

parada

+obsah stranky + +
" method="post"> + + +
\ No newline at end of file diff --git a/old_progress/login.php b/old_progress/login.php new file mode 100644 index 0000000..279ee41 --- /dev/null +++ b/old_progress/login.php @@ -0,0 +1,21 @@ + + +

prihlasovaci formular

+ +
+ +

+ Remember me

+ +
+ + + \ No newline at end of file diff --git a/old_progress/login_process.php b/old_progress/login_process.php new file mode 100644 index 0000000..ca63935 --- /dev/null +++ b/old_progress/login_process.php @@ -0,0 +1,45 @@ +POST
uemail: " . $uemail . "
upass: " . $upass . "
urem: " . $urem . "
"; + + //$query=mysqli_query($mysqli,"select * from `users` where username='$username' && password='$password'"); + + $stmt = mysqli_prepare($mysqli, "SELECT `user-id`, `email`, `heslo` FROM users WHERE email = ?"); + mysqli_stmt_bind_param($stmt, "s", $uemail); + mysqli_stmt_execute($stmt); + $row = mysqli_stmt_fetch($stmt); + mysqli_stmt_bind_result($stmt, $muserid, $memail, $mheslo); + + echo "
MYSQL
muserid: " . $muserid . "
memail: " . $memail . "
mheslo: " . $mheslo . "
"; +/* + if (mysqli_num_rows($query) == 0){ + $_SESSION['message']="Login Failed. User not Found!"; + header('location:login.php'); + } + else{ + $row=mysqli_fetch_array($query); + + if (isset($_POST['remember'])){ + //set up cookie + setcookie("user", $row['username'], time() + (86400 * 30)); + setcookie("pass", $row['password'], time() + (86400 * 30)); + } + + $_SESSION['id']=$row['userid']; + header('location:success.php'); + } + */ + } + else{ + header('location:login.php'); + $_SESSION['message']="Please Login!"; + } +?> \ No newline at end of file