Skip to content

Instantly share code, notes, and snippets.

@Graph-X
Last active May 31, 2020
Embed
What would you like to do?
poc server
<?php
session_start(['cookie_secure' => true, 'cookie_path' => '/', 'cookie_httponly' => true]);
if ($_SERVER['HTTP_REQUEST'] === "POST"){
if (isset($_POST['user']) && isset($_POST['pass'])){
//for this POC we assume successful login and regenerate the session id
session_regenerate_id();
$_SESSION['user'] = $_POST['user'];
$_SESSION['authorized'] = true;
echo("Session is now authorized");
exit;
}
else{
//check if we have an authorized session
if ($_SESSION['authorized']){
$query = $_SERVER['QUERY_STRING'];
$adminId = $query['adminId'];
$userinfo = array(
'adminId' => $adminId,
'role' => $_POST['role'],
'email' => $_POST['email'],
'password' => $_POST['password'],
'password2' => $_POST['password2'],
'name' => $_POST['name']
);
//simulate setting userid information
$handle = fopen('/tmp/testfile.txt','w');
$handle.write($adminId . var_dump($userinfo));
$handle.close();
echo("We have updated the info for adminId ".$adminId.".");
exit;
}
}
}
//simulate login
if ($_SERVER['HTTP_REQUEST'] === "GET"){
echo("
<html>
<head>
<title>login page</title>
</head>
<body>
<form name='login' action='' method='POST'>
<table>
<tr>
<td>
Username: <input type='text' name='user'>
</td>
</tr>
<tr>
<td>
Password: <input type='password' name='pass'>
</td>
</tr>
<tr>
<td>
<input type='submit' name='submit' value='Submit'>
</td>
</tr>
</table>
</form>
</body>
</html>");
}
@Graph-X

This comment has been minimized.

Copy link
Owner Author

@Graph-X Graph-X commented Oct 24, 2019

Got a little happy with the '==='. Fixed the code and it all works now. I'm a dummy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment