#logout.php
<?php
session_start();
require_once ('db/dbhelper.php');
require_once ('utils/utility.php');
$token = getCOOKIE('token');
if (empty($token)) {
header('Location: login.php');
die();
}
// Xoa token khoi database
$sql = "delete from login_tokens where token = '$token'";
execute($sql);
// Xoa token khoi cookie
setcookie('token', '', time()-7*24*60*60, '/');
header('Location: login.php');
die();
#utility.php
<?php
function fixSqlInjection($str) {
// abc\okok -> abc\\okok
//abc\okok (user) -> abc\okok (server) -> sql (abc\okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc\okok (user) -> abc\okok (server) -> convert -> abc\\okok -> sql (abc\\okok) -> chinh xac
$str = str_replace('\\', '\\\\', $str);
//abc'okok -> abc\'okok
//abc'okok (user) -> abc'okok (server) -> sql (abc'okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc'okok (user) -> abc'okok (server) -> convert -> abc\'okok -> sql (abc\'okok) -> chinh xac
$str = str_replace('\'', '\\\'', $str);
return $str;
}
function authenToken() {
if (isset($_SESSION['user'])) {
return $_SESSION['user'];
}
$token = getCOOKIE('token');
if (empty($token)) {
return null;
}
$sql = "select users.* from users, login_tokens where users.id = login_tokens.id_user and login_tokens.token = '$token'";
$result = executeResult($sql);
if ($result != null && count($result) > 0) {
$_SESSION['user'] = $result[0];
return $result[0];
}
return null;
}
function getPOST($key) {
$value = '';
if (isset($_POST[$key])) {
$value = $_POST[$key];
}
return fixSqlInjection($value);
}
function getCOOKIE($key) {
$value = '';
if (isset($_COOKIE[$key])) {
$value = $_COOKIE[$key];
}
return fixSqlInjection($value);
}
function getGET($key) {
$value = '';
if (isset($_GET[$key])) {
$value = $_GET[$key];
}
return fixSqlInjection($value);
}
function md5Security($pwd) {
return md5(md5($pwd).MD5_PRIVATE_KEY);
}
#users.php
<?php
session_start();
require_once ('db/dbhelper.php');
require_once ('utils/utility.php');
// $status = getCOOKIE('status');
// if ($status != 'login') {
// header('Location: login.php');
// die();
// }
$user = authenToken();
if ($user == null) {
header('Location: login.php');
die();
}
$userList = executeResult('select * from users');
?>
<!DOCTYPE html>
<html>
<head>
<title>User Management Page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="panel panel-primary">
<div class="panel-heading">
<h2 class="text-center">Users Management (<a href="logout.php"><?=$user['fullname']?></a>)</h2>
</div>
<div class="panel-body">
<table class="table table-bordered">
<thead>
<tr>
<th>No</th>
<th>Full Name</th>
<th>User Name</th>
<th>Email</th>
<th>Address</th>
<th></th>
<th></th>
</tr>
</thead>
<tbody>
<?php
$count = 0;
foreach ($userList as $item) {
echo '<tr>
<td>'.(++$count).'</td>
<td>'.$item['fullname'].'</td>
<td>'.$item['username'].'</td>
<td>'.$item['email'].'</td>
<td>'.$item['address'].'</td>
<td><button class="btn btn-warning">Edit</button></td>
<td><button class="btn btn-danger" onclick="deleteUser('.$item['id'].')">Delete</button></td>
</tr>';
}
?>
</tbody>
</table>
</div>
</div>
</div>
<script type="text/javascript">
function deleteUser(id) {
var option = confirm('Ban co chac chan muon xoa thong tin nguoi dung khong???')
if(!option) return
$.post('form/form-user.php', {
'action': 'delete',
'id': id
}, function(data) {
location.reload()
})
}
</script>
</body>
</html>
#test.php
<?php
session_start();
// $_SESSION['fullname'] = 'TRAN VAN A';
// $_SESSION['email'] = '';
var_dump($_SESSION);
// echo $_SESSION['fullname'];
// unset($_SESSION['fullname']);
// session_destroy();
#register.php
<?php
session_start();
require_once ('db/dbhelper.php');
require_once ('utils/utility.php');
require_once ('form/form-register.php');
// $status = getCOOKIE('status');
// if ($status == 'login') {
// header('Location: users.php');
// die();
// }
$user = authenToken();
if ($user != null) {
header('Location: users.php');
die();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Register Page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="panel panel-primary">
<div class="panel-heading">
<h2 class="text-center">Create New Account</h2>
<?php
if (!empty($username)) {
echo '<h2 class="text-center" style="color: red">Username or email existed!!!</h2>';
}
?>
</div>
<div class="panel-body">
<form method="post">
<div class="form-group">
<label for="usr">Full Name (<font color="red">*</font>):</label>
<input required="true" type="text" class="form-control" id="fullname" name="fullname" value="<?=$fullname?>">
</div>
<div class="form-group">
<label for="usr">User Name (<font color="red">*</font>):</label>
<input required="true" type="text" class="form-control" id="username" name="username" value="<?=$username?>">
</div>
<div class="form-group">
<label for="email">Email (<font color="red">*</font>):</label>
<input required="true" type="email" class="form-control" id="email" name="email" value="<?=$email?>">
</div>
<div class="form-group">
<label for="pwd">Password (<font color="red">*</font>):</label>
<input required="true" type="password" class="form-control" id="pwd" name="password">
</div>
<div class="form-group">
<label for="confirmation_pwd">Confirmation Password (<font color="red">*</font>):</label>
<input required="true" type="password" class="form-control" id="confirmation_pwd" name="confirmation_pwd">
</div>
<div class="form-group">
<label for="address">Address:</label>
<input type="text" class="form-control" id="address" name="address" value="<?=$address?>">
</div>
<p>
<a href="login.php">I have a account</a>
</p>
<button type="submit" class="btn btn-success">Register</button>
</form>
</div>
</div>
</div>
<script type="text/javascript">
$(function() {
$('form').submit(function() {
var pwd = $('#pwd').val()
var confirmPwd = $('#confirmation_pwd').val()
if(pwd != confirmPwd) {
alert('Mat khau khong khop, vui long kiem tra lai!!!')
return false
}
return true
})
})
</script>
</body>
</html>
#readme.txt
Nội dung kiến thức
- login/register/users
- cookie
Giải pháp cũ:
login
-> thành công: cookie (status = login) -> validate thông tin này để tự login.
-> Ko xác thực được ai đã login vào hệ thông.
-> Liên quan tới tính năng bảo mật => Ko có bảo mất => Ko sử dụng.
Giải pháp:
login -> thành công -> token:
- Duy nhất
- Khác nhau ở các thời điểm login
-> save token xuống cookie
-> save token vào database -> mapping tocken tương ứng với người dùng đã login
Gửi yêu cầu lên server -> đọc $_COOKIE: token -> query xác thực xem token là của người dùng nào.
-> login multi platforms & multi devices.
create table login_tokens (
id_user int references users (id),
token varchar(32) not null unique,
primary key (id_user, token)
)
Giải pháp single token:
https://www.youtube.com/watch?v=HkanPPB72Z4&list=PLMPBVRu4TjAw0uDNojnQkOFEocCulmngQ&index=30
users -> token -> moi 1 nguoi dung se co 1 token duy nhat
Chrome
login -> thanh cong -> token A1 -> cookie (token: A1)
-> update token A -> A1
URL -> server -> token (cookie: A1) -> Tim dc id: 4 (TVD)
TH sau khi Firefox login thanh cong
URL -> server -> token (cookie: A2) -> Ko tim dc tk nao ung vs token A2 -> failed.
Firefox
login -> thanh cong -> token A2 -> cookie (token: A2)
-> update token A -> A2
-> OK
#login.php
<?php
session_start();
require_once ('db/dbhelper.php');
require_once ('utils/utility.php');
require_once ('form/form-login.php');
// $status = getCOOKIE('status');
// if ($status == 'login') {
// header('Location: users.php');
// die();
// }
$user = authenToken();
if ($user != null) {
header('Location: users.php');
die();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Login Page</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css">
<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<!-- Popper JS -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
<!-- Latest compiled JavaScript -->
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<div class="panel panel-primary">
<div class="panel-heading">
<h2 class="text-center">Login</h2>
<?php
if (!empty($email)) {
echo '<h2 class="text-center" style="color: red">Login failed</h2>';
}
?>
</div>
<div class="panel-body">
<form method="post">
<div class="form-group">
<label for="email">Email (<font color="red">*</font>):</label>
<input required="true" type="email" class="form-control" id="email" name="email" value="<?=$email?>">
</div>
<div class="form-group">
<label for="pwd">Password (<font color="red">*</font>):</label>
<input required="true" type="password" class="form-control" id="pwd" name="password">
</div>
<p>
<a href="register.php">Create new account</a>
</p>
<button type="submit" class="btn btn-success">Login</button>
</form>
</div>
</div>
</div>
</body>
</html>
<?php
require_once ('../db/dbhelper.php');
require_once ('../utils/utility.php');
$action = getPOST('action');
switch ($action) {
case 'delete':
doDeleteUser();
break;
}
function doDeleteUser() {
$id = getPOST('id');
$sql = "delete from users where id = $id";
execute($sql);
}
________số 8
<?php
$username = $fullname = $email = $password = $address = '';
if (!empty($_POST)) {
$email = getPOST('email');
$password = getPOST('password');
$password = md5Security($password);
$sql = "select * from users where email = '$email' and password = '$password'";
$result = executeResult($sql);
if ($result != null && count($result) > 0) {
//login success
$email = $result[0]['email'];
$id = $result[0]['id'];
$token = md5Security($email.time().$id);
// setcookie('status', 'login', time()+7*24*60*60, '/');
setcookie('token', $token, time()+7*24*60*60, '/');
// save database
$sql = "insert into login_tokens (id_user, token) values ('$id', '$token')";
execute($sql);
header('Location: users.php');
die();
}
}
#dbhelper.php
<?php
function fixSqlInjection($str) {
// abc\okok -> abc\\okok
//abc\okok (user) -> abc\okok (server) -> sql (abc\okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc\okok (user) -> abc\okok (server) -> convert -> abc\\okok -> sql (abc\\okok) -> chinh xac
$str = str_replace('\\', '\\\\', $str);
//abc'okok -> abc\'okok
//abc'okok (user) -> abc'okok (server) -> sql (abc'okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc'okok (user) -> abc'okok (server) -> convert -> abc\'okok -> sql (abc\'okok) -> chinh xac
$str = str_replace('\'', '\\\'', $str);
return $str;
}
function authenToken() {
if (isset($_SESSION['user'])) {
return $_SESSION['user'];
}
$token = getCOOKIE('token');
if (empty($token)) {
return null;
}
$sql = "select users.* from users, login_tokens where users.id = login_tokens.id_user and login_tokens.token = '$token'";
$result = executeResult($sql);
if ($result != null && count($result) > 0) {
$_SESSION['user'] = $result[0];
return $result[0];
}
return null;
}
function getPOST($key) {
$value = '';
if (isset($_POST[$key])) {
$value = $_POST[$key];
}
return fixSqlInjection($value);
}
function getCOOKIE($key) {
$value = '';
if (isset($_COOKIE[$key])) {
$value = $_COOKIE[$key];
}
return fixSqlInjection($value);
}
function getGET($key) {
$value = '';
if (isset($_GET[$key])) {
$value = $_GET[$key];
}
return fixSqlInjection($value);
}
function md5Security($pwd) {
return md5(md5($pwd).MD5_PRIVATE_KEY);
}
0#config.php
<?php
function fixSqlInjection($str) {
// abc\okok -> abc\\okok
//abc\okok (user) -> abc\okok (server) -> sql (abc\okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc\okok (user) -> abc\okok (server) -> convert -> abc\\okok -> sql (abc\\okok) -> chinh xac
$str = str_replace('\\', '\\\\', $str);
//abc'okok -> abc\'okok
//abc'okok (user) -> abc'okok (server) -> sql (abc'okok) -> xuat hien ky tu \ -> ky tu dac biet -> error query
//abc'okok (user) -> abc'okok (server) -> convert -> abc\'okok -> sql (abc\'okok) -> chinh xac
$str = str_replace('\'', '\\\'', $str);
return $str;
}
function authenToken() {
if (isset($_SESSION['user'])) {
return $_SESSION['user'];
}
$token = getCOOKIE('token');
if (empty($token)) {
return null;
}
$sql = "select users.* from users, login_tokens where users.id = login_tokens.id_user and login_tokens.token = '$token'";
$result = executeResult($sql);
if ($result != null && count($result) > 0) {
$_SESSION['user'] = $result[0];
return $result[0];
}
return null;
}
function getPOST($key) {
$value = '';
if (isset($_POST[$key])) {
$value = $_POST[$key];
}
return fixSqlInjection($value);
}
function getCOOKIE($key) {
$value = '';
if (isset($_COOKIE[$key])) {
$value = $_COOKIE[$key];
}
return fixSqlInjection($value);
}
function getGET($key) {
$value = '';
if (isset($_GET[$key])) {
$value = $_GET[$key];
}
return fixSqlInjection($value);
}
function md5Security($pwd) {
return md5(md5($pwd).MD5_PRIVATE_KEY);
}
1
| 
