Bernard Ngandu bernard-ng

🏘️

working from home

Software Engineer | Consultant | Researcher in applied CS

bernard-ng / medium-csrf-symfony.twig

Created December 23, 2020 13:56

	<form action="{{ path('admin_post_delete', { id: post.id }) }}" method="post">

	{# l'argument de csrf_token() est une chaîne arbitraire utilisée pour générer le toke #}
	<input type="hidden" name="token" value="{{ csrf_token('delete-item') }}"/>
	<button type="submit">Delete item</button>
	</form>

bernard-ng / medium-csrf-symfony.php

Created December 23, 2020 13:55

	<?php
	// ...
	use App\Entity\Task;
	use Symfony\Component\OptionsResolver\OptionsResolver;
	class TaskType extends AbstractType
	{
	// ...
	public function configureOptions(OptionsResolver $resolver)
	{
	$resolver->setDefaults([

bernard-ng / medium-csrf-check-referer.php

Created December 23, 2020 13:54

	<?php

	function validRequest(): bool {
	$myDomain = $_SERVER['SCRIPT_URI'];
	$requestsSource = $_SERVER['HTTP_REFERER'];

	return parse_url($myDomain, PHP_URL_HOST) === parse_url($requestsSource, PHP_URL_HOST);
	}

bernard-ng / medium-csrf-psr-15-with-token.html

Created December 23, 2020 13:53

	<!-- mon site -->
	<form action="https://devs-cast.com/blog/1/delete" method="POST">
	<input type="hidden" name="_csrf_blog_1" value="afji9fj3dkdki3niadqer9>"/>
	<button>Supprimer</button>
	</form>

bernard-ng / medium-csrf-psr-15.html

Created December 23, 2020 13:52

	<!-- site de l'attaquant -->
	<form action="https://devs-cast.com/blog/1/delete" method="POST">
	<button>Vous avez gagné un voyage à paris</button>
	</form>

bernard-ng / medium-csrf-psr-15.php

Created December 23, 2020 13:43

	<?php

	$middleware = new CsrfMiddleware($_SESSION, 200);
	$app->pipe($middleware);

	// Generate input
	$input = "<input type='hidden' name='{$middleware->getFormKey()}' value='{$middleware->generateToken()}'/>

bernard-ng / user.sh

Created December 14, 2020 11:27

create user and grant sudo

	cut -d: -f1 /etc/passwd # list users on the server
	sudo useradd --create-home username # create user and home directory
	sudo passwd username # set password for user
	usermod -aG sudo username # add user to sudo group

	echo "username ALL=(ALL) NOPASSWD:ALL" \| sudo tee /etc/sudoers.d/username # create a sudoer file

	userdel -f username # delete user

bernard-ng / disabled_functions.php

Created October 17, 2020 21:36

show php disabled function

	<?php
	error_reporting(E_ALL);
	$disabled_functions = ini_get('disable_functions');
	if ($disabled_functions!='')
	{
	$arr = explode(',', $disabled_functions);
	sort($arr);

	echo 'Disabled Functions: ';
	for ($i=0; $i < count($arr); $i++)

bernard-ng / .htaccess

Last active August 1, 2020 11:15

angular - ionic .htaccess

	<IfModule mod_rewrite.c >
	RewriteEngine on
	RewriteOptions inherit

	# let's encrypt ssl
	RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
	RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
	RewriteRule ^.well-known/acme-challenge - [L]

	# redirect to no-www

bernard-ng / deploy-ionic-angular.sh

Last active August 31, 2020 18:23

a script that deploys a angular or ionic app to a production server using git

	BUILD_DEPLOY_DIRECTORY="$HOME/dev/projects/app-build"
	BUILD_DEPLOY_REMOTE=$(git config --get remote.origin.url)
	BUILD_DIRECTORY="$HOME/dev/projects/app/www" # www or build
	BUILD_COMMIT_MESSAGE=$(date +'%c')

	R=$(tput setaf 1)
	G=$(tput setaf 2)
	Y=$(tput setaf 3)
	NC=$(tput sgr0)