stepan/MSPPPPaM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "old_progress"

Browse Source
This commit is contained in:
stepan
2026-03-16 15:09:56 +01:00
commit ec18c5be93
5 changed files with 688 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
old_progress/index.php
+593
View File
@@ -0,0 +1,593 @@
<?php
// TODO - popisky
// TODO - pøejmenovat promìnné sql pøíkazù, aby byly pokaždé jiné
//ZAÈÁTEK SESSION
session_start();
//PØIPOJENÍ K DB
require_once "mysql_config.php";
/*
-- ------ ------ ------ -- -- --------
-- -- -- -- -- -- -- -- --
-- -- -- -- --- -- -- -- -- --
-- -- -- -- -- -- -- -- -- --
------- ------ ------ ------ ------ --
*/
if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "odhlaseni")){
$_SESSION = array();
session_destroy();
if (isset($_COOKIE['user_id'])) {
unset($_COOKIE['user_id']);
setcookie('user_id', '', time() - 3600, '/'); // empty value and old timestamp
}
if (isset($_COOKIE['selector'])) {
unset($_COOKIE['selector']);
setcookie('selector', '', time() - 3600, '/'); // empty value and old timestamp
}
if (isset($_COOKIE['token'])) {
unset($_COOKIE['token']);
setcookie('token', '', time() - 3600, '/'); // empty value and old timestamp
}
}
/*
------ ------- ------ -- ------- -------- ------ ----- ------ -------
-- -- -- -- -- -- -- -- -- -- -- -- --
------ ----- -- --- -- ------- -- ------ ------- -- -----
-- -- -- -- -- -- -- -- -- -- -- -- -- --
-- -- ------- ------ -- ------- -- -- -- -- -- ------ -------
*/
//PROBÍHÁ REGISTRACE?
if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "registrace")){
echo "<h1>probiha registrace</h1>";
echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"]));
//VYMAZÁNÍ PROMÌNNÝCH
$email = $password = $confirm_password = "";
$email_err = $password_err = $confirm_password_err = $pozdrav_err = $db_err = "";
//OVÌØENÍ EMAILU
if(empty(htmlspecialchars(trim($_POST["reg_email"])))){
$reg_email_err = "Email je prázdný.";
} elseif(!filter_var(htmlspecialchars(trim($_POST["reg_email"])), FILTER_VALIDATE_EMAIL)){
$reg_email_err = "Email je neplatný.";
} else{
//JE EMAIL POUŽITÝ V users?
$sql = "SELECT `user-id` FROM `users` WHERE `email` = ?";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_email);
// Set parameters
$param_email = htmlspecialchars(trim($_POST["reg_email"]));
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$reg_email_err = "Email už je použitý.";
} else{
$reg_email = htmlspecialchars(trim($_POST["reg_email"]));
}
} else{
$reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
// Close statement
mysqli_stmt_close($stmt);
}
//} else{
//JE EMAIL POUŽITÝ V users-pending?
$sql = "SELECT `user-pending-id` FROM `users-pending` WHERE `email` = ?";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_email);
// Set parameters
$param_email = htmlspecialchars(trim($_POST["reg_email"]));
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
/* store result */
mysqli_stmt_store_result($stmt);
if(mysqli_stmt_num_rows($stmt) == 1){
$reg_email_err = "Email už je použitý.";
} else{
$reg_email = htmlspecialchars(trim($_POST["reg_email"]));
}
} else{
$reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// OVÌØENÍ HESLA
if(empty(htmlspecialchars(trim($_POST["reg_password"])))){
$reg_password_err = "Heslo je prázdné.";
} elseif(strlen(htmlspecialchars(trim($_POST["reg_password"]))) < 6){
$reg_password_err = "Heslo musí mít alespoò 6 znakù";
} else{
$reg_password = htmlspecialchars(trim($_POST["reg_password"]));
}
// OVÌØENÍ POTVRZENÍ HESLA
if(empty(htmlspecialchars(trim($_POST["reg_confirm_password"])))){
$reg_confirm_password_err = "Heslo musí být potvrzené.";
} else{
$reg_confirm_password = htmlspecialchars(trim($_POST["reg_confirm_password"]));
if(empty($reg_password_err) && ($reg_password != $reg_confirm_password)){
$reg_confirm_password_err = "Heslo není správnì potvrzené.";
}
}
// OVÌØENÍ POZDRAVU
if(empty(htmlspecialchars(trim($_POST["reg_pozdrav"])))){
$reg_pozdrav_err = "Pozdrav je prázdný";
} else{
$reg_pozdrav = htmlspecialchars(trim($_POST["reg_pozdrav"]));
}
// Check input errors before inserting in database
if(empty($reg_email_err) && empty($reg_password_err) && empty($reg_confirm_password_err) && empty($reg_pozdrav_err) && empty($reg_db_err)){
// Prepare an insert statement
$sql = "INSERT INTO `users-pending` (`email`, `heslo`, `pozdrav`) VALUES (?, ?, ?)";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "sss", $param_email, $param_heslo, $param_pozdrav);
// Set parameters
$param_email = $reg_email;
$param_heslo = password_hash($reg_password, PASSWORD_BCRYPT); // Creates a password hash
$param_pozdrav = $reg_pozdrav;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
echo "Registrace probìhla úspìšnì.";
exit;
} else{
$reg_db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($mysqli);
}
/*
------- --- --- ------- --- -- ----- -- -- ------- ------- -- -----
--- ---- ---- -- ---- -- -- -- -- -- -- -- -- -- --
--- -- ---- -- ----- -- -- -- ------- ------- ----- ------- -- -------
--- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
------- -- -- ------- -- ---- -- -- -- -- ------- ------- ------- -- --
*/
if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "zmenahesla")){
echo "<h1>zmìna hesla</h1>";
//TODO
}
/*
-- ------ ------ -- --- --
-- -- -- -- -- ---- --
-- -- -- -- --- -- -- -- --
-- -- -- -- -- -- -- -- --
------- ------ ------ -- -- ----
*/
//PROBÍHÁ PØIHLAŠOVÁNÍ?
if(($_SERVER["REQUEST_METHOD"] == "POST") && (htmlspecialchars(trim($_POST["probiha"])) == "prihlasovani")){
// echo "<h1>probiha prihlasovani</h1>";
// echo "prave probiha " . htmlspecialchars(trim($_POST["probiha"]));
$email = $password = "";
$email_err = $password_err = $login_err = "";
// KONTROLA EMAILU, JESTLI NENÍ PRÁZDNÝ
if(empty(htmlspecialchars(trim($_POST["email"])))){
$email_err = "Email není vyplnìný.";
} else{
$email = htmlspecialchars(trim($_POST["email"]));
}
// KONTROLA HESLA, JESTLI NENÍ PRÁZDNÉ
if(empty(htmlspecialchars(trim($_POST["password"])))){
$password_err = "Heslo není vyplnìné.";
} else{
$password = htmlspecialchars(trim($_POST["password"]));
}
// OVÌØENÍ JMÉNA A HESLA
if(empty($email_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT `user-id`, `email`, `heslo` FROM `users` WHERE `email` = ?";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_email);
// Set parameters
$param_email = $email;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $user_id, $email, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
// Password is correct, so start a new session
// session_start();
// Store data in session variables
/*
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $user_id;
$_SESSION["email"] = $email;
*/
// PØIHLÁSIT NATRVALO?
if(htmlspecialchars(trim($_POST["zapamatovat"])) == true){
// echo "<br>zapamatovat<br>";
// pøíprava promìnných
$cookie_token = bin2hex(random_bytes(32));
$cookie_token_hashed = password_hash($cookie_token, PASSWORD_BCRYPT);
$cookie_user_id = $user_id;
$cookie_expires = time() + 60 * 60 * 24 * 31;
for ($i = 0; $i <= 1000; $i++) {
$temp_selector = substr(bin2hex(random_bytes(12)),0,12);
$sqlfor = "SELECT `token-id` FROM `tokeny` WHERE `selector` = ?";
if($stmtfor = mysqli_prepare($mysqli, $sqlfor)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmtfor, "s", $param_selector);
// Set parameters
$param_selector = $temp_selector;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmtfor)){
/* store result */
mysqli_stmt_store_result($stmtfor);
if(mysqli_stmt_num_rows($stmtfor) == 1){
} else{
$cookie_selector = $temp_selector;
mysqli_stmt_close($stmtfor);
break;
}
} else{
$login_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
break;
}
// Close statement
mysqli_stmt_close($stmt);
}
if($i = 1000){
$login_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
}
// echo "token: " . $cookie_token . "<br>token_hashed: " . $cookie_token_hashed . "<br>user_id: " . $cookie_user_id . "<br>expires: " . $cookie_expires . "<br>slector: " . $cookie_selector . "<hr>";
if(empty($login_err)) {
// zapsat cookie (selector, token, user-id)
setcookie("user_id", $cookie_user_id, $cookie_expires, "/");
setcookie("selector", $cookie_selector, $cookie_expires, "/");
setcookie("token", $cookie_token, $cookie_expires, "/");
// zapsat do tabulky tokeny (selector, token_heshed, user-id, expires)
$sql = "INSERT INTO `tokeny` (`user-id`, `selector`, `token`, `expires`) VALUES (?, ?, ?, ?)";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssss", $param_user_id, $param_selector, $param_token, $param_expires);
// Set parameters
$param_user_id = $cookie_user_id;
$param_selector = $cookie_selector;
$param_token = $cookie_token_hashed;
$param_expires = $cookie_expires; // TODO - upravit, aby obì data byla stejná
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Redirect to login page
// exit;
} else{
$db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
// Close statement
//mysqli_stmt_close($stmt);
}
}
}
if(empty($login_err)) {
$_SESSION["loggedin"] = true;
$_SESSION["user_id"] = $user_id;
$_SESSION["email"] = $email;
echo "pøihlášeno";
}
// Redirect user to welcome page
// header("location: welcome.php");
} else{
// Password is not valid, display a generic error message
$login_err = "Email je špatnì, nebo heslo je špatnì.";
}
}
} else{
// Username doesn't exist, display a generic error message
$login_err = "Email je špatnì, nebo heslo je špatnì.";
}
} else{
$db_err = "Chyba ryba. Asi to bude potøeba zkusit ještì jednou.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($mysqli);
// exit;
}
/*
------- ------ ------ --- --- -- -- -- ----- ------ -------
-- -- -- -- -- ---- ---- -- -- -- -- -- -- -- --
----- -- -- ------ -- ---- -- -- -- -- ------- ------ -----
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
-- ------ -- -- -- -- ------ ------- -- -- -- -- -------
*/
//JE NÌKDO PØIHLÁŠENÝ?
/*
?1? existuje session
(všechny session promìnné existují)
ANO - pokraèovat na ?6? (pøeskoèit 2 až 5)
NE - kontrola cookies
*/
$jeprihlaseniok = false;
$jeprihlaseniok_err = "";
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || !isset($_SESSION["user_id"]) || !isset($_SESSION["email"])) {
//echo "tadyhle1";
/*
?2? existují cookies
(všechny cookies promìnné existují)
ANO - pokraèovat na ?3?
NE - nepøihlášeno
*/
if(isset($_COOKIE["user_id"]) && isset($_COOKIE["selector"]) && isset($_COOKIE["token"])) {
/*
?3? kontrola cookies - èas
(všechny cookies jsou platné)
ANO - pokraèovat na ?4?
NE - nepøihlášeno
*/
$sql = "SELECT `user-id`, `token`, `expires` FROM `tokeny` WHERE `selector` = ?";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_selector);
// Set parameters
$param_selector = $_COOKIE["selector"];
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $token_user_id, $token_token, $token_expires);
if(mysqli_stmt_fetch($stmt)){
// kontrola èasu (expirace cookie)
if($token_expires > time()){
// kontrola user (jestli je v tokenu stejný uživatel jako v cookies)
if($token_user_id == $_COOKIE["user_id"]) {
//kontrola tokenu (jetli je token správný)
if(password_verify($_COOKIE["token"], $token_token)){
$jeprihlaseniok = true;
//echo "JOJOJO";
$cas_tedkonc = time();
$cookie_prodlouzeni = $cas_tedkonc + 60 * 60 * 24 * 31;
// - prodloužit èas cookies v cookies
setcookie("user_id", $_COOKIE["user_id"], $cookie_prodlouzeni, "/");
setcookie("selector", $_COOKIE["selector"], $cookie_prodlouzeni, "/");
setcookie("token", $_COOKIE["token"], $cookie_prodlouzeni, "/");
// - prodloužit èas cookies v db tokeny
$sql = "UPDATE `tokeny` SET `expires` = ? WHERE `selector` = ?";
if($stmt = mysqli_prepare($mysqli, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "is", $param_expires, $param_selector);
// Set parameters
$param_expires = $cookie_prodlouzeni;
$param_selector = $_COOKIE["selector"];
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
}
}
// - mazání starých tokenù v db
$sql_smazat_stare_tokeny = "DELETE FROM `tokeny` WHERE `expires`<?";
if($stmt_smazat_stare_tokeny = mysqli_prepare($mysqli, $sql_smazat_stare_tokeny)){
mysqli_stmt_bind_param($stmt_smazat_stare_tokeny, "i", $param_sst_expires);
$param_sst_expires = $cas_tedkonc;
if(mysqli_stmt_execute($stmt_smazat_stare_tokeny)){
}
}
}
}
}
}
}
}
}
/*
?4? kontrola cookies - token
(selectorem vybrat token a zkontrolovat jeho správnost)
ANO - pokraèovat na ?5?
NE - nepøihlášeno
*/
/*
?5? zápis session a prodloužení cookies
(zapsat promìnné session jako pøi loginu)
(prodloužit èas cookies v cookies i databázi)
- pokraèovat na ?6?
ERROR - nepøihlášeno
*/
}
}
/*
?6? kontrola session
(všechny promìnné sessions existují)
ANO - pøihlášeno
NE - nepøihlášeno
*/
/*
nepøihlášeno = formuláøe
pøihlášeno = hlavní obsah
*/
if(isset($_SESSION["loggedin"]) && $_SESSION["loggedin"] == true){
$jeprihlaseniok = true;
}
if(!isset($jeprihlaseniok) || $jeprihlaseniok !== true){
echo "<h1>formulare</h1>";
?>
<h2>registrace</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<input type="hidden" name="probiha" value="registrace">
<span class="invalid-feedback"><?php echo $reg_db_err; ?></span>
<div class="form-group">
<label>email</label>
<input type="text" name="reg_email" class="form-control <?php echo (!empty($reg_email_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_email"]; ?>">
<span class="invalid-feedback"><?php echo $reg_email_err; ?></span>
</div>
<div class="form-group">
<label>heslo</label>
<input type="password" name="reg_password" class="form-control <?php echo (!empty($reg_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_password"]; ?>">
<span class="invalid-feedback"><?php echo $reg_password_err; ?></span>
</div>
<div class="form-group">
<label>potvrzeni hesla</label>
<input type="password" name="reg_confirm_password" class="form-control <?php echo (!empty($reg_confirm_password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $_POST["reg_confirm_password"]; ?>">
<span class="invalid-feedback"><?php echo $reg_confirm_password_err; ?></span>
</div>
<div class="form-group">
<label>pozdrav</label>
<textarea type="password" name="reg_pozdrav" class="form-control <?php echo (!empty($reg_pozdrav_err)) ? 'is-invalid' : ''; ?>"><?php echo $_POST["reg_pozdrav"]; ?></textarea>
<span class="invalid-feedback"><?php echo $reg_pozdrav_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-secondary ml-2" value="Reset">
</div>
</form>
<h2>prihlaseni</h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<input type="hidden" name="probiha" value="prihlasovani">
<span class="invalid-feedback"><?php echo $db_err; ?></span>
<span class="invalid-feedback"><?php echo $login_err; ?></span>
<div class="form-group">
<label>email</label>
<input type="text" name="email" class="form-control <?php echo (!empty($email_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $email; ?>">
<span class="invalid-feedback"><?php echo $email_err; ?></span>
</div>
<div class="form-group">
<label>heslo</label>
<input type="password" name="password" class="form-control <?php echo (!empty($password_err)) ? 'is-invalid' : ''; ?>" value="<?php echo $password; ?>">
<span class="invalid-feedback"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<label>zapamatovat?</label>
<input type="checkbox" name="zapamatovat" class="form-control" value="zapamatovat">
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-secondary ml-2" value="Reset">
</div>
</form>
<?php
exit;
}
?>
<h1>parada</h1>
obsah stranky
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<input type="hidden" name="probiha" value="odhlaseni">
<input type="submit" class="btn btn-primary" value="odhlásit">
</form>