1
0
Fork 0

Functionnal chall

This commit is contained in:
Aymeric 2018-11-08 19:09:21 +01:00
commit f495725c81
9 changed files with 230 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.log

0
README.md Normal file
View File

22
docker-compose.yml Normal file
View File

@ -0,0 +1,22 @@
version: '3'
services:
web:
image: nginx:latest
ports:
- "8080:80"
volumes:
- ./webroot:/webroot
- ./resources/nginx/default.conf:/etc/nginx/conf.d/default.conf
- ./resources/nginx/nginx.conf:/etc/nginx/nginx.conf
- ./log/nginx:/var/log/nginx
links:
- php
restart: always
php:
build: ./php/
volumes:
- ./webroot:/webroot
- ./resources/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini
restart: always

8
php/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM php:7.2-fpm
MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"
RUN mkdir -p /var/log/php
# Install mysqli
RUN docker-php-ext-install mysqli

View File

@ -0,0 +1,18 @@
server {
listen 80;
index index.php;
server_name localhost;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /webroot;
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_pass php:9000;
}
}

View File

@ -0,0 +1,55 @@
user www-data;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Headers
##
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip off; # To avoid BREACH Attack
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
}

14
resources/php/custom.ini Normal file
View File

@ -0,0 +1,14 @@
expose_php = Off
error_reporting = E_ALL
display_errors = Off
display_startup_errors = Off
log_errors = On
error_log = /var/log/php/php_error.log
ignore_repeated_errors = Off
allow_url_fopen = Off
allow_url_include = Off
file_uploads = Off
disable_functions = system, exec, shell_exec, passthru, phpinfo, show_source, popen, proc_open
disable_functions = fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file
disable_functions = chdir, mkdir, rmdir, chmod, rename
disable_functions = filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo

56
webroot/index.php Normal file
View File

@ -0,0 +1,56 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<title>Authentication 2.0</title>
<link rel="stylesheet" type="text/css" href="style.css">
<link href="https://fonts.googleapis.com/css?family=Bitter" rel="stylesheet">
</head>
<body>
<div class="box">
<?php if ($_SERVER['REQUEST_METHOD'] != 'POST') { ?>
<div class="code red">
<h1><?php echo $_SERVER['REQUEST_METHOD']; ?></h1>
</div>
<div class="sub grey">
<h2>Send your username for authentication.</h2>
</div>
<?php } else { ?>
<div class="code green">
<h1>POST</h1>
</div>
<?php if (!isset($_POST['username'])) { ?>
<div class="sub red">
<h2>What is your username?</h2>
</div>
<?php
} else {
$username = htmlspecialchars($_POST['username']);
if ($username === 'admin') {
?>
<div class="sub">
<h2 class="blue">Hello admin</h2>
<h3 class="grey">IMTLD{Y0u_H4v3_t0_st4rT_s0m3Wh3r3}</h3>
</div>
<?php } else { ?>
<div class="sub">
<h2 class="blue">Hello <?php echo $username; ?></h2>
<h3 class="red">You don't have the permission to see anything.</h3>
</div>
<?php }}} ?>
</div>
</body>
</html>

56
webroot/style.css Normal file
View File

@ -0,0 +1,56 @@
html,
body {
margin: 0;
padding: 0;
display: grid;
place-items: center;
height: 100vh;
font-family: 'Bitter', serif;
}
.box {
display: flex;
justify-content: center;
align-items: center;
flex-direction: column;
}
.code {
font-size: 40px;
}
.sub {
text-align: center;
}
.sub h2 {
font-size: 26px;
}
.sub h3 {
font-size: 20px;
}
.red {
color: #f44336;
}
.orange {
color: #FF5722;
}
.green {
color: #4CAF50;
}
.blue {
color: #2196F3;
}
.violet {
color: #9C27B0;
}
.grey {
color: #546E7A;
}