/** @test */ public function loginTest() { //using http post method to post empty strings. $_POST['account'] = ""; $_POST['password'] = ""; $res = handle_login(); $this->assertEquals('<p>帳號錯誤!</p>', $res); //using http post method to post big strings.Their string length 100,but $_POST['account'] is normal. $str = ""; for ($counter = 1; $counter <= 100; $counter++) { $str .= "a"; } $_POST['account'] = "10011204"; $_POST['password'] = $str; $res = handle_login(); $this->assertEquals('<p>帳號錯誤!</p>', $res); //$_POST['account'] is normal, but password is abnormal string to check SQL injection. $_POST['account'] = "10011201"; $_POST['password'] = '******'; $res = handle_login(); $this->assertEquals('<p>帳號錯誤!</p>', $res); //There are abnormal string to check SQL injection.(It has SQL injection.) $_POST['account'] = "1' OR '1'='1"; $_POST['password'] = "******"; $res = handle_login(); $this->assertEquals('登入成功!使用完後,務必登出以免遭他人使用!', $res); //check if sqlite file is not existed. copy("../sqlite/books_web.s3db", "./books_web.s3db"); @unlink("../sqlite/books_web.s3db"); $res = handle_login(); $this->assertEquals('<span>error,cannot link database.</span>', $res); }
if ($path_info == '/.well-known/openid-configuration') { require_once 'discovery.php'; handle_openid_config(); } else { if ($path_info == '/auth') { handle_auth(); } elseif ($path_info == '/token') { handle_token(); } elseif ($path_info == '/validatetoken') { handle_validatetoken(); } elseif ($path_info == '/userinfo') { handle_userinfo(); } elseif ($path_info == '/distributedinfo') { handle_distributedinfo(); } elseif ($path_info == '/login') { handle_login(); } elseif ($path_info == '/oplogin') { echo loginform('', '', null, true); } elseif ($path_info == '/confirm_userinfo') { handle_confirm_userinfo(); } elseif ($path_info == '/registration') { handle_client_registration(); } elseif (strpos($path_info, '/client') !== false) { handle_client_operations(); } elseif ($path_info == '/endsession') { handle_end_session(); } elseif ($path_info == '/logout') { handle_logout(); } elseif ($path_info == '/proxy/done') { handle_proxy(); } else {
<?php /** * Created by PhpStorm. * User: will * Date: 12/30/2015 * Time: 8:15 PM */ require_once "functions.php"; if (isset($_POST["m"]) && $_POST["m"] != "") { switch ($_POST["m"]) { case "submit_login": $u = sanitizeString($_POST['u']); $p = sanitizeString($_POST['p']); handle_login($u, $p); break; default: echo "Login.php doesn't know what to do with that request"; break; } } function handle_login($u, $p) { session_start(); $_SESSION['u'] = $u; $_SESSION['p'] = $p; echo $u . " " . $p; } function sanitizeString($var) { $var = strip_tags($var);
function handle_failed_login() { return handle_login(array("loginFailure" => true)); }