From 0844e907591c2337d9cfe113104fa987d1949703 Mon Sep 17 00:00:00 2001 From: Dushan Date: Wed, 1 Apr 2015 06:35:20 +0000 Subject: [PATCH 01/15] added check to protect from local file inclusion in route handler --- application/config/config.php | 3 ++- system/pip.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/application/config/config.php b/application/config/config.php index d34579b..ba8c8c6 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -10,4 +10,5 @@ $config['db_username'] = ''; // Database username $config['db_password'] = ''; // Database password -?> \ No newline at end of file +$config['valid_controllers'] = array('error', 'main',); // For each controller you create, add it here +?> diff --git a/system/pip.php b/system/pip.php index c69195c..8d75427 100644 --- a/system/pip.php +++ b/system/pip.php @@ -23,9 +23,9 @@ function pip() if(isset($segments[0]) && $segments[0] != '') $controller = $segments[0]; if(isset($segments[1]) && $segments[1] != '') $action = $segments[1]; - // Get our controller file + // Get our controller file (and check it's valid to protect from LFI) $path = APP_DIR . 'controllers/' . $controller . '.php'; - if(file_exists($path)){ + if(in_array($controller, $config['valid_controllers']) && file_exists($path)) { require_once($path); } else { $controller = $config['error_controller']; From d7818518463e6295a0cd2ff3d963ee3a42999954 Mon Sep 17 00:00:00 2001 From: Dushan Date: Wed, 1 Apr 2015 06:44:29 +0000 Subject: [PATCH 02/15] typo --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/config.php b/application/config/config.php index ba8c8c6..8c247e7 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -10,5 +10,5 @@ $config['db_username'] = ''; // Database username $config['db_password'] = ''; // Database password -$config['valid_controllers'] = array('error', 'main',); // For each controller you create, add it here +$config['valid_controllers'] = array('error', 'main'); // For each controller you create, add it here ?> From 4e937c5ec2df8178b04f5248c2063e2362907384 Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 9 Jun 2015 15:38:33 +1000 Subject: [PATCH 03/15] massive overhaull, pdo conversion, removing redundant stuff, smaller directory structure --- .htaccess | 8 +- README.md | 22 +----- application/config/config.php | 14 ---- application/controllers/error.php | 25 +++---- application/controllers/main.php | 18 ++--- application/helpers/session_helper.php | 22 ------ application/helpers/url_helper.php | 21 ------ application/models/example.php | 17 +++++ application/models/example_model.php | 14 ---- application/plugins/{.gitignore => .gitkeep} | 0 application/views/footer.php | 2 - application/views/header.php | 12 --- application/views/main_view.php | 10 --- application/views/view.php | 9 +++ index.php | 40 +++++----- static/{.gitignore => .gitkeep} | 0 static/css/style.css | 4 +- static/images/{.gitignore => .gitkeep} | 0 static/js/{.gitignore => .gitkeep} | 0 system/config.php | 20 +++++ system/controller.php | 55 +++++--------- system/controllers.php | 8 ++ system/model.php | 79 +++++--------------- system/pip.php | 74 +++++++++--------- system/view.php | 42 +++++------ 25 files changed, 189 insertions(+), 327 deletions(-) delete mode 100644 application/config/config.php delete mode 100644 application/helpers/session_helper.php delete mode 100644 application/helpers/url_helper.php create mode 100644 application/models/example.php delete mode 100644 application/models/example_model.php rename application/plugins/{.gitignore => .gitkeep} (100%) delete mode 100644 application/views/footer.php delete mode 100644 application/views/header.php delete mode 100644 application/views/main_view.php create mode 100644 application/views/view.php rename static/{.gitignore => .gitkeep} (100%) rename static/images/{.gitignore => .gitkeep} (100%) rename static/js/{.gitignore => .gitkeep} (100%) create mode 100644 system/config.php create mode 100644 system/controllers.php diff --git a/.htaccess b/.htaccess index cfffd1b..369eb63 100644 --- a/.htaccess +++ b/.htaccess @@ -1,8 +1,8 @@ -RewriteEngine On -RewriteCond %{REQUEST_FILENAME} !-f -RewriteCond %{REQUEST_FILENAME} !-d -RewriteRule . index.php [L] + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteRule . index.php [L] # Prevent file browsing diff --git a/README.md b/README.md index 5416c52..e339045 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,9 @@ #PIP -PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use. - -Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) for more information and documentation. - -## Requirements - -* PHP 5.1 or greater -* MySQL 4.1.2 or greater -* The mod_rewrite Apache module - -## Installation - -* Download PIP and extract -* Navigate to `application/config/config.php` and fill in your `base_url` -* You are ready to rock! Point your browser to your `base_url` and hopefully see a welcome message. - -## Documentation - -Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) to see the documentation. +PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use. This is Dushan's fork. ## License PIP is released under the MIT license. -Want to say thanks? [Consider tipping me](https://www.gittip.com/gilbitron). +Credit to original author [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/). diff --git a/application/config/config.php b/application/config/config.php deleted file mode 100644 index 8c247e7..0000000 --- a/application/config/config.php +++ /dev/null @@ -1,14 +0,0 @@ - diff --git a/application/controllers/error.php b/application/controllers/error.php index 99d72f7..56d8f1c 100644 --- a/application/controllers/error.php +++ b/application/controllers/error.php @@ -1,18 +1,11 @@ error404(); - } - - function error404() - { - echo '

404 Error

'; - echo '

Looks like this page doesn\'t exist

'; - } - -} - + class Error extends Controller { + function index() { + $this->errorMsg(); + } + + function errorMsg() { + echo 'There is an error, that is all we know...'; + } + } ?> diff --git a/application/controllers/main.php b/application/controllers/main.php index b1c40ac..99ffb9a 100644 --- a/application/controllers/main.php +++ b/application/controllers/main.php @@ -1,13 +1,9 @@ loadView('main_view'); - $template->render(); - } - -} - + class Main extends Controller { + function index() { + $template = $this->loadView('view'); + $template->set('data', 'Hello World!'); + $template->render(); + } + } ?> diff --git a/application/helpers/session_helper.php b/application/helpers/session_helper.php deleted file mode 100644 index 5322e9c..0000000 --- a/application/helpers/session_helper.php +++ /dev/null @@ -1,22 +0,0 @@ - \ No newline at end of file diff --git a/application/helpers/url_helper.php b/application/helpers/url_helper.php deleted file mode 100644 index c9caf98..0000000 --- a/application/helpers/url_helper.php +++ /dev/null @@ -1,21 +0,0 @@ - \ No newline at end of file diff --git a/application/models/example.php b/application/models/example.php new file mode 100644 index 0000000..215e273 --- /dev/null +++ b/application/models/example.php @@ -0,0 +1,17 @@ +connection; + $stmt = $db->prepare($sql); + $stmt->bindParam('id', $id, PDO::PARAM_INT); + $stmt->execute(); + $result = $stmt->fetchAll(); + return $result; + } catch (PDOException $e) { + echo $e->getMessage(); + } + } + } +?> diff --git a/application/models/example_model.php b/application/models/example_model.php deleted file mode 100644 index 18c960a..0000000 --- a/application/models/example_model.php +++ /dev/null @@ -1,14 +0,0 @@ -escapeString($id); - $result = $this->query('SELECT * FROM something WHERE id="'. $id .'"'); - return $result; - } - -} - -?> diff --git a/application/plugins/.gitignore b/application/plugins/.gitkeep similarity index 100% rename from application/plugins/.gitignore rename to application/plugins/.gitkeep diff --git a/application/views/footer.php b/application/views/footer.php deleted file mode 100644 index 691287b..0000000 --- a/application/views/footer.php +++ /dev/null @@ -1,2 +0,0 @@ - - \ No newline at end of file diff --git a/application/views/header.php b/application/views/header.php deleted file mode 100644 index c93a60a..0000000 --- a/application/views/header.php +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - Welcome to PIP - - - - - - diff --git a/application/views/main_view.php b/application/views/main_view.php deleted file mode 100644 index 9c101d2..0000000 --- a/application/views/main_view.php +++ /dev/null @@ -1,10 +0,0 @@ - - -
- -

Welcome to PIP

-

To get started please read the documentation at http://pip.dev7studios.com.

- -
- - \ No newline at end of file diff --git a/application/views/view.php b/application/views/view.php new file mode 100644 index 0000000..4e858e8 --- /dev/null +++ b/application/views/view.php @@ -0,0 +1,9 @@ + + + + + + +

+ + diff --git a/index.php b/index.php index ed8010b..5ae6bd3 100644 --- a/index.php +++ b/index.php @@ -1,26 +1,26 @@ diff --git a/static/.gitignore b/static/.gitkeep similarity index 100% rename from static/.gitignore rename to static/.gitkeep diff --git a/static/css/style.css b/static/css/style.css index 933b736..a8f7ab4 100644 --- a/static/css/style.css +++ b/static/css/style.css @@ -1 +1,3 @@ -/* CSS Styles */ \ No newline at end of file +p { + font-family: Arial; +} diff --git a/static/images/.gitignore b/static/images/.gitkeep similarity index 100% rename from static/images/.gitignore rename to static/images/.gitkeep diff --git a/static/js/.gitignore b/static/js/.gitkeep similarity index 100% rename from static/js/.gitignore rename to static/js/.gitkeep diff --git a/system/config.php b/system/config.php new file mode 100644 index 0000000..f3afd83 --- /dev/null +++ b/system/config.php @@ -0,0 +1,20 @@ + diff --git a/system/controller.php b/system/controller.php index dc51490..2ed64f9 100644 --- a/system/controller.php +++ b/system/controller.php @@ -1,40 +1,23 @@ \ No newline at end of file + public function redirect($loc) { + global $config; + header('Location: '. $config['base_url'] . $loc); + } + } +?> diff --git a/system/controllers.php b/system/controllers.php new file mode 100644 index 0000000..91e9dc9 --- /dev/null +++ b/system/controllers.php @@ -0,0 +1,8 @@ + diff --git a/system/model.php b/system/model.php index 04503ca..6197e40 100644 --- a/system/model.php +++ b/system/model.php @@ -1,63 +1,20 @@ connection = mysql_pconnect($config['db_host'], $config['db_username'], $config['db_password']) or die('MySQL Error: '. mysql_error()); - mysql_select_db($config['db_name'], $this->connection); - } - - public function escapeString($string) - { - return mysql_real_escape_string($string); - } - - public function escapeArray($array) - { - array_walk_recursive($array, create_function('&$v', '$v = mysql_real_escape_string($v);')); - return $array; - } - - public function to_bool($val) - { - return !!$val; - } - - public function to_date($val) - { - return date('Y-m-d', $val); - } - - public function to_time($val) - { - return date('H:i:s', $val); - } - - public function to_datetime($val) - { - return date('Y-m-d H:i:s', $val); - } - - public function query($qry) - { - $result = mysql_query($qry) or die('MySQL Error: '. mysql_error()); - $resultObjects = array(); - - while($row = mysql_fetch_object($result)) $resultObjects[] = $row; - - return $resultObjects; - } - - public function execute($qry) - { - $exec = mysql_query($qry) or die('MySQL Error: '. mysql_error()); - return $exec; - } - -} + class Model { + private $connection; + + public function __construct() { + global $config; + try { + $this->connection = new PDO('mysql:host='.$config['dbhost'].';dbname='.$config['dbname'],$config['dbuser'],$config['dbpass']); + $this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + } catch(PDOException $e) { + die('Could not connect to database...'); + } + } + + public function __destruct() { + $this->connection = null; + } + + } ?> diff --git a/system/pip.php b/system/pip.php index 8d75427..2e5b282 100644 --- a/system/pip.php +++ b/system/pip.php @@ -1,47 +1,45 @@ diff --git a/system/view.php b/system/view.php index 1548f6a..94f9b93 100644 --- a/system/view.php +++ b/system/view.php @@ -1,29 +1,21 @@ template = APP_DIR .'views/'. $template .'.php'; + } - private $pageVars = array(); - private $template; + public function set($var, $val) { + $this->pageVars[$var] = $val; + } - public function __construct($template) - { - $this->template = APP_DIR .'views/'. $template .'.php'; - } - - public function set($var, $val) - { - $this->pageVars[$var] = $val; - } - - public function render() - { - extract($this->pageVars); - - ob_start(); - require($this->template); - echo ob_get_clean(); - } - -} - -?> \ No newline at end of file + public function render() { + extract($this->pageVars); + ob_start(); + require($this->template); + echo ob_get_clean(); + } + } +?> From b3c2987f6e90182b543a6d74434afe79e361945b Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 9 Jun 2015 15:40:20 +1000 Subject: [PATCH 04/15] database stuff in another file --- system/config.php | 9 ++------- system/db.php | 7 +++++++ 2 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 system/db.php diff --git a/system/config.php b/system/config.php index f3afd83..1b77a15 100644 --- a/system/config.php +++ b/system/config.php @@ -8,13 +8,8 @@ } else { $config['base_url'] = 'http://'.$_SERVER['HTTP_HOST'].'/'; } - - // Database - $config['db_host'] = ''; - $config['db_name'] = ''; - $config['db_user'] = ''; - $config['db_pass'] = ''; - // Controllers + // Database credentials and default/permitted controllers + require_once('db.php'); require_once('controllers.php'); ?> diff --git a/system/db.php b/system/db.php new file mode 100644 index 0000000..936c002 --- /dev/null +++ b/system/db.php @@ -0,0 +1,7 @@ + From 893eae58d0d235efedae5715a6db15f10e94e8f6 Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 9 Jun 2015 15:55:41 +1000 Subject: [PATCH 05/15] readme --- README.md | 24 +++++++++++++++++++++++- system/db.php | 8 ++++---- 2 files changed, 27 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e339045..b03e9fe 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,28 @@ #PIP -PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use. This is Dushan's fork. +PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use. + +This is Dushan's fork which features. + +* Security fix for a Local File Inclusion (credit LB) +* Removal of redundant/legacy code +* Cleanup of directory structure +* Upgraded database handling (using PDO) +* Various minor upgrades + +Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) for more information and documentation. + +## Requirements + +* A recent version of PHP (with PDO support) +* A recent version of MySQL or MariaDB +* A recent version of Apache with mod_rewrite and htaccess enabled (or another compatible web server such as Nginx) + +## Installation + +* Download PIP and extract to your web root +* Navigate to `system/` and edit `db.php`, `config.php` and `controllers.php` as needed +* Point your browser to your `base_url` ## License diff --git a/system/db.php b/system/db.php index 936c002..8bfda71 100644 --- a/system/db.php +++ b/system/db.php @@ -1,7 +1,7 @@ From 0a509a66a03ea23593607add96926f615a8ed8fe Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 9 Jun 2015 15:59:31 +1000 Subject: [PATCH 06/15] tiny fixes --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b03e9fe..443b91e 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ #PIP -PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to set up and use. +PIP is a tiny application framework built for people who use a LAMP stack. PIP aims to be as simple as possible to setup and use. -This is Dushan's fork which features. +This is Dushan's fork which features: * Security fix for a Local File Inclusion (credit LB) * Removal of redundant/legacy code @@ -28,4 +28,4 @@ Visit [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) for mo PIP is released under the MIT license. -Credit to original author [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/). +Credit to original author [http://gilbitron.github.com/PIP](http://gilbitron.github.com/PIP/) From 87131c13a3482b7e9700412d253533ea17d8c423 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Jun 2015 06:46:40 +0000 Subject: [PATCH 07/15] debugging --- application/controllers/main.php | 8 +++++--- application/controllers/test.php | 9 +++++++++ application/models/example.php | 8 +++----- system/config.php | 2 +- system/controllers.php | 2 +- system/db.php | 4 ++-- system/model.php | 6 +++++- 7 files changed, 26 insertions(+), 13 deletions(-) create mode 100644 application/controllers/test.php diff --git a/application/controllers/main.php b/application/controllers/main.php index 99ffb9a..c71e5cc 100644 --- a/application/controllers/main.php +++ b/application/controllers/main.php @@ -1,9 +1,11 @@ loadView('view'); - $template->set('data', 'Hello World!'); - $template->render(); + $data = $this->loadModel('example'); + $data->addID(100); + $template = $this->loadView('view'); + $template->set('data', 'Hello World'); + $template->render(); } } ?> diff --git a/application/controllers/test.php b/application/controllers/test.php new file mode 100644 index 0000000..d591c5a --- /dev/null +++ b/application/controllers/test.php @@ -0,0 +1,9 @@ + diff --git a/application/models/example.php b/application/models/example.php index 215e273..cd8e657 100644 --- a/application/models/example.php +++ b/application/models/example.php @@ -1,14 +1,12 @@ connection; + $sql = 'INSERT INTO id (id) VALUES (:id)'; + $db = $this->getDB(); $stmt = $db->prepare($sql); $stmt->bindParam('id', $id, PDO::PARAM_INT); $stmt->execute(); - $result = $stmt->fetchAll(); - return $result; } catch (PDOException $e) { echo $e->getMessage(); } diff --git a/system/config.php b/system/config.php index 1b77a15..fc03da1 100644 --- a/system/config.php +++ b/system/config.php @@ -1,6 +1,6 @@ diff --git a/system/db.php b/system/db.php index 8bfda71..70299b7 100644 --- a/system/db.php +++ b/system/db.php @@ -2,6 +2,6 @@ // Database $config['db_host'] = 'localhost'; $config['db_name'] = 'test'; - $config['db_user'] = 'test'; - $config['db_pass'] = 'test'; + $config['db_user'] = 'root'; + $config['db_pass'] = 'root'; ?> diff --git a/system/model.php b/system/model.php index 6197e40..1bbde00 100644 --- a/system/model.php +++ b/system/model.php @@ -5,7 +5,7 @@ class Model { public function __construct() { global $config; try { - $this->connection = new PDO('mysql:host='.$config['dbhost'].';dbname='.$config['dbname'],$config['dbuser'],$config['dbpass']); + $this->connection = new PDO('mysql:host='.$config['db_host'].';dbname='.$config['db_name'],$config['db_user'],$config['db_pass']); $this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e) { die('Could not connect to database...'); @@ -16,5 +16,9 @@ public function __destruct() { $this->connection = null; } + public function getDB() { + return $this->connection; + } + } ?> From 8995096a2a1a16773b2901deaff1b120e1782ecc Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 9 Jun 2015 16:58:01 +1000 Subject: [PATCH 08/15] minor fixes --- application/controllers/main.php | 13 ++++++------- application/controllers/test.php | 14 +++++++------- system/model.php | 8 ++++---- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/application/controllers/main.php b/application/controllers/main.php index c71e5cc..b87b9a1 100644 --- a/application/controllers/main.php +++ b/application/controllers/main.php @@ -1,11 +1,10 @@ loadModel('example'); - $data->addID(100); - $template = $this->loadView('view'); - $template->set('data', 'Hello World'); - $template->render(); - } + function index() { + $data = $this->loadModel('example'); + $template = $this->loadView('view'); + $template->set('data', 'Hello World'); + $template->render(); + } } ?> diff --git a/application/controllers/test.php b/application/controllers/test.php index d591c5a..cd42167 100644 --- a/application/controllers/test.php +++ b/application/controllers/test.php @@ -1,9 +1,9 @@ diff --git a/system/model.php b/system/model.php index 1bbde00..4dd793e 100644 --- a/system/model.php +++ b/system/model.php @@ -6,6 +6,7 @@ public function __construct() { global $config; try { $this->connection = new PDO('mysql:host='.$config['db_host'].';dbname='.$config['db_name'],$config['db_user'],$config['db_pass']); + // NOTE: Specify SSL parameters if database is not on localhost $this->connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e) { die('Could not connect to database...'); @@ -16,9 +17,8 @@ public function __destruct() { $this->connection = null; } - public function getDB() { - return $this->connection; - } - + public function getDB() { + return $this->connection; + } } ?> From 19e221610687d0795a5e8533ddc4be98a20b918d Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:00:19 +0000 Subject: [PATCH 09/15] TEST PENDING: session security stuff --- index.php | 33 +++++++++++++++++++++++++-------- system/config.php | 10 ++++++++++ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/index.php b/index.php index 5ae6bd3..17e00ca 100644 --- a/index.php +++ b/index.php @@ -1,17 +1,28 @@ $config['rotation_interval']) { + $_SESSION['regen'] = 0; + session_regenerate_id(true); + } // PHP settings for dev mode if(!$config['production']) { @@ -21,6 +32,12 @@ set_time_limit(0); } + // Base classes for application + require(ROOT_DIR .'system/model.php'); + require(ROOT_DIR .'system/view.php'); + require(ROOT_DIR .'system/controller.php'); + require(ROOT_DIR .'system/pip.php'); + // Call PIP pip(); ?> diff --git a/system/config.php b/system/config.php index fc03da1..b96f17d 100644 --- a/system/config.php +++ b/system/config.php @@ -1,12 +1,22 @@ Date: Tue, 16 Jun 2015 10:20:35 +0000 Subject: [PATCH 10/15] session bugfix --- index.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/index.php b/index.php index 17e00ca..0018049 100644 --- a/index.php +++ b/index.php @@ -9,9 +9,13 @@ define('BASE_URL', $config['base_url']); // Secure session - session_name($config['session_name']); - session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); - session_start(); + if(session_id() == '' || !isset($_SESSION)) { + session_name($config['session_name']); + session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); + session_start(); + } else { + session_start(); + } // Set variable for tracking the number of requests per session id if(!isset($_SESSION['regen'])) { From 1301b03b68776b492290ca1fa0e3dcfea0038a6c Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:22:02 +0000 Subject: [PATCH 11/15] session testing --- application/controllers/sess.php | 8 ++++++++ system/controllers.php | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 application/controllers/sess.php diff --git a/application/controllers/sess.php b/application/controllers/sess.php new file mode 100644 index 0000000..56ee504 --- /dev/null +++ b/application/controllers/sess.php @@ -0,0 +1,8 @@ + diff --git a/system/controllers.php b/system/controllers.php index 5aa7599..ed2ee4e 100644 --- a/system/controllers.php +++ b/system/controllers.php @@ -4,5 +4,5 @@ $config['error_controller'] = 'error'; // Permitted controllers - $config['valid_controllers'] = array('error', 'main', 'test'); + $config['valid_controllers'] = array('error', 'main', 'test', 'sess'); ?> From 0779fb2e960d911e79981f9c65134f2bcf31f56a Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:31:28 +0000 Subject: [PATCH 12/15] session --- application/controllers/sess.php | 4 +++- index.php | 17 ++++++++++------- kill.php | 4 ++++ system/db.php | 2 +- 4 files changed, 18 insertions(+), 9 deletions(-) create mode 100644 kill.php diff --git a/application/controllers/sess.php b/application/controllers/sess.php index 56ee504..142e115 100644 --- a/application/controllers/sess.php +++ b/application/controllers/sess.php @@ -1,8 +1,10 @@ '; + echo $_SESSION['regen']; } } ?> diff --git a/index.php b/index.php index 0018049..c2efb91 100644 --- a/index.php +++ b/index.php @@ -9,13 +9,16 @@ define('BASE_URL', $config['base_url']); // Secure session - if(session_id() == '' || !isset($_SESSION)) { - session_name($config['session_name']); - session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); - session_start(); - } else { - session_start(); - } + // if(session_id() == '' || !isset($_SESSION)) { + // session_name($config['session_name']); + // session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); + // session_start(); + // } else { + // session_start(); + // } + + // Start a session + session_start(); // Set variable for tracking the number of requests per session id if(!isset($_SESSION['regen'])) { diff --git a/kill.php b/kill.php new file mode 100644 index 0000000..1e01f62 --- /dev/null +++ b/kill.php @@ -0,0 +1,4 @@ + diff --git a/system/db.php b/system/db.php index 70299b7..e903899 100644 --- a/system/db.php +++ b/system/db.php @@ -3,5 +3,5 @@ $config['db_host'] = 'localhost'; $config['db_name'] = 'test'; $config['db_user'] = 'root'; - $config['db_pass'] = 'root'; + $config['db_pass'] = 'toor'; ?> From 6e2844a9a44986be2672fdf2ecc8ea8902d95f1f Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:41:09 +0000 Subject: [PATCH 13/15] more sessions --- kill.php | 4 ---- system/controllers.php | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 kill.php diff --git a/kill.php b/kill.php deleted file mode 100644 index 1e01f62..0000000 --- a/kill.php +++ /dev/null @@ -1,4 +0,0 @@ - diff --git a/system/controllers.php b/system/controllers.php index ed2ee4e..4cf3013 100644 --- a/system/controllers.php +++ b/system/controllers.php @@ -4,5 +4,5 @@ $config['error_controller'] = 'error'; // Permitted controllers - $config['valid_controllers'] = array('error', 'main', 'test', 'sess'); + $config['valid_controllers'] = array('error', 'main', 'test', 'sess', 'sessecho'); ?> From 60287b638f2d635813b3ae63c8f8f0affb421415 Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:42:23 +0000 Subject: [PATCH 14/15] session testing --- application/controllers/sessecho.php | 10 ++++++++++ index.php | 16 ++++++++-------- 2 files changed, 18 insertions(+), 8 deletions(-) create mode 100644 application/controllers/sessecho.php diff --git a/application/controllers/sessecho.php b/application/controllers/sessecho.php new file mode 100644 index 0000000..2d8f708 --- /dev/null +++ b/application/controllers/sessecho.php @@ -0,0 +1,10 @@ + diff --git a/index.php b/index.php index c2efb91..f81a78e 100644 --- a/index.php +++ b/index.php @@ -8,14 +8,14 @@ global $config; define('BASE_URL', $config['base_url']); - // Secure session - // if(session_id() == '' || !isset($_SESSION)) { - // session_name($config['session_name']); - // session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); - // session_start(); - // } else { - // session_start(); - // } + /* Secure session + if(session_id() == '' || !isset($_SESSION)) { + session_name($config['session_name']); + session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); + session_start(); + } else { + session_start(); + } */ // Start a session session_start(); From adef5d6318e800e346fce4b2ec339e3584003ca5 Mon Sep 17 00:00:00 2001 From: Dushan Date: Tue, 16 Jun 2015 10:46:36 +0000 Subject: [PATCH 15/15] cleanup and finished session testing --- application/controllers/sess.php | 10 ---------- application/controllers/sessecho.php | 10 ---------- application/controllers/test.php | 9 --------- index.php | 2 +- system/controllers.php | 2 +- 5 files changed, 2 insertions(+), 31 deletions(-) delete mode 100644 application/controllers/sess.php delete mode 100644 application/controllers/sessecho.php delete mode 100644 application/controllers/test.php diff --git a/application/controllers/sess.php b/application/controllers/sess.php deleted file mode 100644 index 142e115..0000000 --- a/application/controllers/sess.php +++ /dev/null @@ -1,10 +0,0 @@ -'; - echo $_SESSION['regen']; - } - } -?> diff --git a/application/controllers/sessecho.php b/application/controllers/sessecho.php deleted file mode 100644 index 2d8f708..0000000 --- a/application/controllers/sessecho.php +++ /dev/null @@ -1,10 +0,0 @@ - diff --git a/application/controllers/test.php b/application/controllers/test.php deleted file mode 100644 index cd42167..0000000 --- a/application/controllers/test.php +++ /dev/null @@ -1,9 +0,0 @@ - diff --git a/index.php b/index.php index f81a78e..339dbe8 100644 --- a/index.php +++ b/index.php @@ -8,7 +8,7 @@ global $config; define('BASE_URL', $config['base_url']); - /* Secure session + /* Secure session (disabled as it does not function as intended, will be fixed in time) if(session_id() == '' || !isset($_SESSION)) { session_name($config['session_name']); session_set_cookie_params($lifetime = $config['cookie_lifetime'], $secure = $config['https_cookie'], $http_only = $config['http_only']); diff --git a/system/controllers.php b/system/controllers.php index 4cf3013..91e9dc9 100644 --- a/system/controllers.php +++ b/system/controllers.php @@ -4,5 +4,5 @@ $config['error_controller'] = 'error'; // Permitted controllers - $config['valid_controllers'] = array('error', 'main', 'test', 'sess', 'sessecho'); + $config['valid_controllers'] = array('error', 'main'); ?>