Graph-X · May 31, 2020 15:50 · Graph-X · Oct 24, 2019
diff --git a/index.php b/index.php
 <?php
 session_start(['cookie_secure' => true, 'cookie_path' => '/', 'cookie_httponly' => true]);

 if ($_SERVER['HTTP_REQUEST'] === "POST"){
 	if (isset($_POST['user']) && isset($_POST['pass'])){
 		//for this POC we assume successful login and regenerate the session id 
 		session_regenerate_id();
 		$_SESSION['user'] = $_POST['user'];
 		$_SESSION['authorized'] = true;
 		echo("Session is now authorized");
 		exit;
 	}
 	else{
 		//check if we have an authorized  session
 		if ($_SESSION['authorized']){
 			$query = $_SERVER['QUERY_STRING'];
 			$adminId = $query['adminId'];
 			$userinfo = array(
 			'adminId' => $adminId,
 			'role' => $_POST['role'],
 			'email' => $_POST['email'],
 			'password' => $_POST['password'],
 			'password2' => $_POST['password2'],
 			'name' => $_POST['name']
 			);
 			//simulate setting userid information
 			$handle = fopen('/tmp/testfile.txt','w');
 			$handle.write($adminId . var_dump($userinfo));
 			$handle.close();
 			echo("We have updated the info for adminId ".$adminId.".");
 			exit;
 		}
 	}
 }
 //simulate login
 if ($_SERVER['HTTP_REQUEST'] === "GET"){
 	echo("
 		<html>
 			<head>
 				<title>login page</title>
 			</head>
 			<body>
 				<form name='login' action='' method='POST'>
 					<table>
 						<tr>
 							<td>
 								Username: <input type='text' name='user'>
 							</td>
 						</tr>
 						<tr>
 							<td>
 								Password: <input type='password' name='pass'>
 							</td>
 						</tr>
 						<tr>
 							<td>
 								<input type='submit' name='submit' value='Submit'>
 							</td>
 						</tr>
 					</table>
 				</form>
 			</body>
 		</html>");
 }
	<?php
	session_start(['cookie_secure' => true, 'cookie_path' => '/', 'cookie_httponly' => true]);

	if ($_SERVER['HTTP_REQUEST'] === "POST"){
	if (isset($_POST['user']) && isset($_POST['pass'])){
	//for this POC we assume successful login and regenerate the session id
	session_regenerate_id();
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['authorized'] = true;
	echo("Session is now authorized");
	exit;
	}
	else{
	//check if we have an authorized session
	if ($_SESSION['authorized']){
	$query = $_SERVER['QUERY_STRING'];
	$adminId = $query['adminId'];
	$userinfo = array(
	'adminId' => $adminId,
	'role' => $_POST['role'],
	'email' => $_POST['email'],
	'password' => $_POST['password'],
	'password2' => $_POST['password2'],
	'name' => $_POST['name']
	);
	//simulate setting userid information
	$handle = fopen('/tmp/testfile.txt','w');
	$handle.write($adminId . var_dump($userinfo));
	$handle.close();
	echo("We have updated the info for adminId ".$adminId.".");
	exit;
	}
	}
	}
	//simulate login
	if ($_SERVER['HTTP_REQUEST'] === "GET"){
	echo("
	<html>
	<head>
	<title>login page</title>
	</head>
	<body>
	<form name='login' action='' method='POST'>
	<table>
	<tr>
	<td>
	Username: <input type='text' name='user'>
	</td>
	</tr>
	<tr>
	<td>
	Password: <input type='password' name='pass'>
	</td>
	</tr>
	<tr>
	<td>
	<input type='submit' name='submit' value='Submit'>
	</td>
	</tr>
	</table>
	</form>
	</body>
	</html>");
	}