MikeCod
diff --git a/‎.htaccess
Lines changed: 12 additions & 0 deletions b/‎.htaccess
Lines changed: 12 additions & 0 deletions
diff --git a/‎Controller.zip
5.83 KB b/‎Controller.zip
5.83 KB
diff --git a/‎Controller/badges.php
Lines changed: 121 additions & 0 deletions b/‎Controller/badges.php
Lines changed: 121 additions & 0 deletions
diff --git a/‎Controller/config.php
Lines changed: 24 additions & 0 deletions b/‎Controller/config.php
Lines changed: 24 additions & 0 deletions
diff --git a/‎Controller/leaderboard.php
Lines changed: 21 additions & 0 deletions b/‎Controller/leaderboard.php
Lines changed: 21 additions & 0 deletions
diff --git a/‎Controller/profile/C_delete.php
Lines changed: 40 additions & 0 deletions b/‎Controller/profile/C_delete.php
Lines changed: 40 additions & 0 deletions
diff --git a/‎Controller/profile/C_edit.php
Lines changed: 64 additions & 0 deletions b/‎Controller/profile/C_edit.php
Lines changed: 64 additions & 0 deletions
diff --git a/‎Controller/profile/C_index.php
Lines changed: 29 additions & 0 deletions b/‎Controller/profile/C_index.php
Lines changed: 29 additions & 0 deletions
diff --git a/‎Controller/sign-in.php
Lines changed: 39 additions & 0 deletions b/‎Controller/sign-in.php
Lines changed: 39 additions & 0 deletions
diff --git a/‎Controller/sign-out.php
Lines changed: 10 additions & 0 deletions b/‎Controller/sign-out.php
Lines changed: 10 additions & 0 deletions
diff --git a/‎Controller/sign-up/finalize.php
Lines changed: 3 additions & 0 deletions b/‎Controller/sign-up/finalize.php
Lines changed: 3 additions & 0 deletions
@@ -0,0 +1,12 @@
+ErrorDocument 400 /error.php?code=400
+ErrorDocument 401 /error.php?code=401
+ErrorDocument 402 /error.php?code=402
+ErrorDocument 403 /error.php?code=403
+ErrorDocument 404 /error.php?code=404
+ErrorDocument 405 /error.php?code=405
+ErrorDocument 500 /error.php?code=500
+ErrorDocument 501 /error.php?code=501
+ErrorDocument 502 /error.php?code=502
+ErrorDocument 503 /error.php?code=503
+ErrorDocument 504 /error.php?code=504
+ErrorDocument 505 /error.php?code=505
@@ -0,0 +1,121 @@
+<?php
+require "../../Model/badges.php";
+
+
+function option_badge($type) {
+    if ($type == "display") { display_badge(); }
+    else if ($type == "add") { 
+        if ($_SESSION['administrator'] == '1') {
+            add_badge();
+        }
+    } 
+    else if($type == "delete") {
+        if ($_SESSION['administrator'] == '1') {
+            req_delete_badge();
+        }
+    }
+    else {
+        #...
+    }
+}
+
+function display_badge() {
+    $none = req_displayN_badge();
+    if($none->rowCount() > 0)
+        echo '<h1 style="float:left; position:absolute; top:0; left:40px; margin-top:-100px; color:#ddd; font-size:32pt;">'.$_GET['t'].' badges</h1>';
+    else {
+        echo '<h1 style="float:left; position:absolute; top:0; left:40px; margin-top:-100px; color:white; font-size:32pt;">Unavailable category</h1>';
+        return ;
+    }
+    $complete = req_displayC_badge();
+    $badgeC = array();
+    while($badge = $complete->fetch())
+        $badgeC[] = $badge['id'];
+    $i = 0;
+    //var_dump($badgeC);
+    $completed = false;
+    while ($badgeN = $none->fetch()) {
+        $completed = in_array($badgeN['id'], $badgeC);
+        //var_dump($completed);
+        if ($badgeN['value'] == "Master") {
+            if ($_GET['t'] == "Score") {
+                $icon = "masterCode";
+            }
+            else if ($_GET['t'] == "Challenge") {
+                $icon = "masterSQL";
+            } 
+            else {
+                $icon = "Flag";
+            }
+        } 
+        else if ($badgeN['value'] == "Experimented") {
+            if ($_GET['t'] == "Score") {
+                $icon = "expertCode";
+            }
+            else if ($_GET['t'] == "Challenge") {
+                $icon = "expertSQL";
+            } 
+            else {
+                $icon = "expertCSRF";
+            }
+        } 
+        else {
+            if ($_GET['t'] == "Score") {
+                $icon = "beginnerCode";
+            }
+            else if ($_GET['t'] == "Challenge") {
+                $icon = "beginnerSQL";
+            } 
+            else {
+                $icon = "beginnerCSRF";
+            }
+        }
+        echo '
+        <div class="card">
+            <div class="face face1">
+                <div class="content"'.($completed ? ' style="opacity:0.8;"' : '').'>
+                    <img src="../../include/img/complete-badge/'.$icon.'.png">
+                    <h3>'.$badgeN['name'].'</h3>
+                </div>
+            </div>
+            <div class="face face2">
+                <div class="content">
+                    <p>'.$badgeN['description'].'</p>
+                    '.($completed ? '<a>COMPLETED</a>' : '').'
+                    <a href="badges.php?t='.$_GET['t'].'&id='.$badgeN['id'].'&del=1"><i class="fas fa-times" style="color: #FF0000"></i></a>
+                </div>
+            </div>
+        </div>
+        ';
+        $i++;
+    }
+}
+
+function add_badge() {
+    $error = '';
+    if(!isset($_POST['name']))
+        $_POST['name'] = '';
+    if(!isset($_POST['level']))
+        $_POST['level'] = '';
+    if(!isset($_POST['desc']))
+        $_POST['desc'] = '';
+    if(!isset($_POST['type']))
+        $_POST['type'] = '';
+    if(!isset($_POST['goal']))
+    $_POST['goal'] = '';
+
+    if(isset($_POST['createB'])) {
+        if(!isset($_POST['name']) or empty($_POST['name']) or
+        !isset($_POST['level']) or empty($_POST['level']) or
+        !isset($_POST['desc']) or empty($_POST['desc']) or 
+        !isset($_POST['goal']) or empty($_POST['goal']) or !is_numeric($_POST['goal']) or
+        !isset($_POST['type']) or empty($_POST['type']))
+        {
+            echo $error;
+        } 
+        else {
+            req_add_badge();
+        }
+    }
+}
+?>
@@ -0,0 +1,24 @@
+<?php
+
+define('NAME', 'Hack Ops');
+
+# Database management system to use
+define('DBMS', 'MySQL');
+
+define('HOST', 'localhost');
+define('DB_NAME', "HackOps");
+define('USER', 'root');
+define('PASS', '');
+
+# Tables
+define('USERS', 'users'); # Users
+
+#Badges
+define('B_SCORE', 'Score');
+define('B_CHALL', 'Challenge');
+define('B_RANK', 'Rank');
+
+/* -- */
+
+
+?>
@@ -0,0 +1,21 @@
+<?php
+
+$rank = order();
+$i = 0;
+$last_score = -1;
+$same = 0;
+while($user = $rank->fetch()) {
+	if($last_score == $user['score'])
+		++$same;
+	else
+		$same = 0;
+	echo '<tr'.($user['username'] == $_SESSION['username'] ? ' style="background:grey; color:black;"' : '').'>
+        <td>'.(++$i - $same).'</td>
+        <td>'.$user['username'].'</td>
+        <td>'.$user['score'].'</td>
+    </tr>
+    ';
+    $last_score = $user['score'];
+}
+
+?>
@@ -0,0 +1,40 @@
+<?php
+// ===========================================================================================
+// Gestion de : Controller/profile/C_delete.php
+// Auteurs : Charles Régniez
+// Version du : 22/01/2019
+// ===========================================================================================
+session_start();
+require "../../Model/DB.php";
+redirect();
+
+$link = NULL;
+try
+{
+	if (!isset($_POST['delete-password']))
+		throw new Exception("A field is missing");
+
+	$link = connect_start();
+
+	if (!($response = $link->query("SELECT password FROM users WHERE id = ".$_SESSION['id'])))
+		throw new Exception("Internal error: Cannot retrieve current password");
+
+	if ($response->rowCount() != 1)
+		throw new Exception("Internal error: Current user not found");
+
+	// test if the password is good or not
+	if (hash("sha3-512", $_POST['delete-password']) == $response->fetch()['password']) {
+		// delete a line from user 
+		//$link->query("DELETE FROM `completed-badges` WHERE user = ". $_SESSION['id']);
+		//$link->query("DELETE FROM `completed-challenges` WHERE user = ". $_SESSION['id']);
+		$link->query("DELETE FROM users WHERE id = ". $_SESSION['id']);
+		echo "*";
+	}
+	else throw new Exception("Error Password is wrong");	
+}
+catch(Exception $e)
+{
+	echo "<p class=\"error\">".$e->getMessage()."</p>";
+}
+connect_end($link);
+?>
@@ -0,0 +1,64 @@
+<?php
+// ===========================================================================================
+// Gestion de : affichage de edit profile
+// Auteurs : Charles Régniez, Dimtri Simon
+// Version du : 20/12/2019
+// ===========================================================================================
+session_start();
+require "../../Model/DB.php";
+redirect();
+
+$link = NULL;
+try
+{
+	if (!isset($_POST['edit-username']) or 
+		!isset($_POST['edit-email']) or 
+		!isset($_POST['edit-password']))
+		throw new Exception("A field is missing"); // permet de lancer l'erreur pas trop loin pour pouvoir la rattraper
+
+	
+	$link = connect_start();
+	if (!($response = $link->query("SELECT password FROM users WHERE id = ".$_SESSION['id'])))
+		throw new Exception("Internal error: Cannot retrieve current password");
+
+	if ($response->rowCount() != 1)
+		throw new Exception("Internal error: Current user not found");
+		
+	if (hash("sha3-512", $_POST['edit-password']) != $response->fetch()['password'])
+		throw new Exception("Unavailable current password");
+
+	if (!filter_var($_POST['edit-email'], FILTER_VALIDATE_EMAIL))
+		throw new Exception("Unavailable email");
+
+	if (!preg_match("#^[a-zA-Z0-9_ -].{3,16}$#", $_POST['edit-username']))
+		throw new Exception("Unavailable username");
+
+	$new_password = "";
+	if (isset($_POST['edit-password-new']) and isset($_POST['edit-password-new-confirm']) and !empty($_POST['edit-password-new']))
+	{
+		if (!preg_match("#^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*\W).{8,64}$#", $_POST['edit-password-new']))
+			throw new Exception("Unavailable new password");
+
+		if ($_POST['edit-password-new'] != $_POST['edit-password-new-confirm'])
+			throw new Exception("Confirmation of the new password doesn't match");	
+
+		$new_password = ", password = '".hash("sha3-512", $_POST['edit-password-new'])."'";
+	}
+
+	$req = $link->prepare("UPDATE users SET username = :username, email = :email".$new_password." WHERE id = ".$_SESSION['id']);
+	$req->bindParam(':username', $_POST['edit-username']);
+	$req->bindParam(':email', $_POST['edit-email']);
+	$req->execute();
+
+	$_SESSION['username'] = $_POST['edit-username'];
+	$_SESSION['email'] = $_POST['edit-email'];
+
+	echo "*";
+
+}
+catch(Exception $e)
+{
+	echo "<p class=\"error\">".$e->getMessage()."</p>";
+}
+connect_end($link);
+?>
@@ -0,0 +1,29 @@
+<!--===========================================================================================
+// Gestion de : C_index.php
+// Auteurs : Charles Régniez
+// Version du : 18/12/2019
+=============================================================================================-->
+<?php
+	if (!(isset($_GET['rubrique'])))
+	{
+		$_GET['rubrique'] = 'view';
+	}
+	if (isset($_GET['rubrique']))
+	{	
+		switch ($_GET['rubrique']) 
+		{
+			case 'view':
+				include ("profile/V_view.php");
+				break;
+			case 'edit':
+				include ("profile/V_edit.php");
+				break;
+			case 'delete':
+				include ("profile/V_delete.php");
+				break;
+			default: 
+				include ("profile/V_view.php");
+				break;
+		}
+	}
+?>
@@ -0,0 +1,39 @@
+<?php
+
+session_start();
+require "../Model/DB.php";
+if(is_connected()) {
+	header("Location: ../View/dashboard.php");
+	exit();
+}
+
+try
+{
+	if (!isset($_POST['username']) or !isset($_POST['password']) or empty($_POST['username']))
+		throw new Exception("All the fields must be fill");
+	
+	if (!($link = connect_start()))
+		throw new Exception("Could not connect to database. Sorry for the inconvenience.");
+
+	$result = $link->query("SELECT id, username, email, score, administrator FROM ".USERS." WHERE `username` = ".$link->quote($_POST['username'])." AND `password` = '".hash('sha3-512', $_POST['password'])."'");
+	connect_end($link);
+	
+	if ($result->rowCount() != 1)
+		throw new Exception("Unavailable username or password");
+
+	$_SESSION = array();
+	$_SESSION = $result->fetch();
+	mconnect();
+
+	header("Location: ../View/dashboard.php");
+	exit();
+}
+catch (Exception $e)
+{
+	connect_end($link);
+	$_SESSION['error'] = $e->getMessage();
+}
+header("Location: ../View/sign-in.php");
+exit();
+
+?>
@@ -0,0 +1,10 @@
+<?php
+
+session_start();
+
+$_SESSION = array();
+session_destroy();
+
+header("Location: ../View/");
+exit();
+?>
@@ -0,0 +1,3 @@
+<?php
+
+?>