function error_processing() { /* --Old User Authentication-- */ //Users should be a class? Or just SQL? //Users 'key' should be name for lookup purproses, perhaps. $user1 = array('username' => 'admin', 'password' => 'admin'); $user2 = array('username' => 'user', 'password' => 'user'); $users = array($user1, $user2); //Replace $users with db connection //Replace $users with db connection $form_data = $_POST; $errors = array(); $blankness = ""; $submitted_username = $form_data['username']; $submitted_password = $form_data['password']; function blank_form_detection($blankness_test) { foreach ($blankness_test as $key => $value) { if (empty($value)) { $blankness = true; return $blankness; } } } //Error Processing for No known User function username_validation($submitted_username_input, $users_input, $errors_input) { $submitted_username = $submitted_username_input; $errors = $errors_input; //Replace $users with db connection $users = $users_input; //Replace $users with db connection //Replace this validation if ($submitted_username != $users[0]['username'] && $submitted_username != $users[1]['username']) { $errors[] = "Username is not a valid username."; } //Replace this validation return $errors; } //Error Processing for User/PW don't match function user_validation($submitted_username_input, $submitted_password_input, $users_input, $errors_input) { $submitted_username = $submitted_username_input; $submitted_password = $submitted_password_input; $users = $users_input; $errors = $errors_input; if ($submitted_username == $users[0]['username'] && $submitted_password != $users[0]['password']) { $errors[] = "Username and password do not match."; } if ($submitted_username == $users[1]['username'] && $submitted_password != $users[1]['password']) { $errors[] = "Username and password do not match."; } return $errors; } $errors = username_validation($submitted_username, $users, $errors); $errors = user_validation($submitted_username, $submitted_password, $users, $errors); $blankness = blank_form_detection($form_data); $processed_errors = array($errors, $blankness); return $processed_errors; }
<?php session_start(); include 'name_validation.php'; $filename = $_SESSION['filename']; $sharename = $_POST['sharename']; $username = $_SESSION['username']; name_validation($filename, $username); name_validation($filename, $sharename); $_SESSION['share_error'] = "success"; include 'user_validation.php'; if (!user_validation($sharename) & $username == $sharename) { $_SESSION['share_error'] == "Share user name invalid."; header("Location: ./share_failure.php"); } $source_path = sprintf("../module2/%s/%s", $username, htmlentities($filename)); $dest_path = sprintf("../module2/%s/%s", $sharename, htmlentities($filename)); if (copy($source_path, $dest_path)) { $_SESSION['message_return'] = "Share success"; header("Location: ./message_return.php"); exit; } else { $_SESSION['message_return'] = "Share failure"; header("Location: ./message_return.php"); exit; }
<?php session_start(); include 'name_validation.php'; include 'user_validation.php'; $filename = $_GET['filename']; $username = $_SESSION['username']; if (!name_validation($filename, $username)) { $_SESSION['message_return'] = "Username or filename invalid"; header("Location: ./message_return.php"); exit; } if (!user_validation($username)) { $_SESSION['message_return'] = "User not exeist"; header("Location: ./message_return.php"); exit; } $full_path = sprintf("../module2/%s/%s", $username, htmlentities($filename)); if (file_exists($full_path)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($full_path) . '"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($full_path)); readfile($full_path); exit; } // get from http://php.net/manual/en/function.readfile.php
<!DOCTYPE html> <html> <head> <title>Redirecting, please wait.</title> </head> <body> <?php session_start(); $username_list = fopen("../module2/users.txt", "r"); include './user_validation.php'; if (!user_validation($_POST['username'])) { $_SESSION['username_error'] = 1; header("Location: ./login_page.php"); exit; } else { $_SESSION['username_error'] = 0; $_SESSION['username'] = $_POST['username']; header("Location: ./user_file.php"); exit; } ?> </body> </html>