Exemplo n.º 1
0
 /** @test */
 public function loginTest()
 {
     //using http post method to post empty strings.
     $_POST['account'] = "";
     $_POST['password'] = "";
     $res = handle_login();
     $this->assertEquals('<p>帳號錯誤!</p>', $res);
     //using http post method to post big strings.Their string length 100,but $_POST['account'] is normal.
     $str = "";
     for ($counter = 1; $counter <= 100; $counter++) {
         $str .= "a";
     }
     $_POST['account'] = "10011204";
     $_POST['password'] = $str;
     $res = handle_login();
     $this->assertEquals('<p>帳號錯誤!</p>', $res);
     //$_POST['account'] is normal, but password is abnormal string to check SQL injection.
     $_POST['account'] = "10011201";
     $_POST['password'] = '******';
     $res = handle_login();
     $this->assertEquals('<p>帳號錯誤!</p>', $res);
     //There are abnormal string to check SQL injection.(It has SQL injection.)
     $_POST['account'] = "1' OR '1'='1";
     $_POST['password'] = "******";
     $res = handle_login();
     $this->assertEquals('登入成功!使用完後,務必登出以免遭他人使用!', $res);
     //check if sqlite file is not existed.
     copy("../sqlite/books_web.s3db", "./books_web.s3db");
     @unlink("../sqlite/books_web.s3db");
     $res = handle_login();
     $this->assertEquals('<span>error,cannot link database.</span>', $res);
 }
if ($path_info == '/.well-known/openid-configuration') {
    require_once 'discovery.php';
    handle_openid_config();
} else {
    if ($path_info == '/auth') {
        handle_auth();
    } elseif ($path_info == '/token') {
        handle_token();
    } elseif ($path_info == '/validatetoken') {
        handle_validatetoken();
    } elseif ($path_info == '/userinfo') {
        handle_userinfo();
    } elseif ($path_info == '/distributedinfo') {
        handle_distributedinfo();
    } elseif ($path_info == '/login') {
        handle_login();
    } elseif ($path_info == '/oplogin') {
        echo loginform('', '', null, true);
    } elseif ($path_info == '/confirm_userinfo') {
        handle_confirm_userinfo();
    } elseif ($path_info == '/registration') {
        handle_client_registration();
    } elseif (strpos($path_info, '/client') !== false) {
        handle_client_operations();
    } elseif ($path_info == '/endsession') {
        handle_end_session();
    } elseif ($path_info == '/logout') {
        handle_logout();
    } elseif ($path_info == '/proxy/done') {
        handle_proxy();
    } else {
Exemplo n.º 3
0
<?php

/**
 * Created by PhpStorm.
 * User: will
 * Date: 12/30/2015
 * Time: 8:15 PM
 */
require_once "functions.php";
if (isset($_POST["m"]) && $_POST["m"] != "") {
    switch ($_POST["m"]) {
        case "submit_login":
            $u = sanitizeString($_POST['u']);
            $p = sanitizeString($_POST['p']);
            handle_login($u, $p);
            break;
        default:
            echo "Login.php doesn't know what to do with that request";
            break;
    }
}
function handle_login($u, $p)
{
    session_start();
    $_SESSION['u'] = $u;
    $_SESSION['p'] = $p;
    echo $u . " " . $p;
}
function sanitizeString($var)
{
    $var = strip_tags($var);
Exemplo n.º 4
0
function handle_failed_login()
{
    return handle_login(array("loginFailure" => true));
}