Functionnal chall

2018-11-08 19:09:21 +01:00 · 2018-11-08 19:09:21 +01:00 · f495725c81
commit f495725c81
9 changed files with 230 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
 *.log
--- a/README.md
+++ b/README.md
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,22 @@
 version: '3'
 services:
    web:
        image: nginx:latest
        ports:
            - "8080:80"
        volumes:
            - ./webroot:/webroot
            - ./resources/nginx/default.conf:/etc/nginx/conf.d/default.conf
            - ./resources/nginx/nginx.conf:/etc/nginx/nginx.conf
            - ./log/nginx:/var/log/nginx
        links:
            - php
        restart: always
    php:
        build: ./php/
        volumes:
            - ./webroot:/webroot
            - ./resources/php/custom.ini:/usr/local/etc/php/conf.d/custom.ini
        restart: always
--- a/php/Dockerfile
+++ b/php/Dockerfile
@ -0,0 +1,8 @@
 FROM php:7.2-fpm
 MAINTAINER Aymeric Sorek "aymericsorek@protonmail.com"
 RUN mkdir -p /var/log/php
 # Install mysqli
 RUN docker-php-ext-install mysqli
--- a/resources/nginx/default.conf
+++ b/resources/nginx/default.conf
@ -0,0 +1,18 @@
 server {
    listen 80;
    index index.php;
    server_name localhost;
    error_log  /var/log/nginx/error.log;
    access_log /var/log/nginx/access.log;
    root /webroot;
    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param REDIRECT_STATUS 200;
        fastcgi_pass php:9000;
    }
 }
--- a/resources/nginx/nginx.conf
+++ b/resources/nginx/nginx.conf
@ -0,0 +1,55 @@
 user www-data;
 pid /run/nginx.pid;
 include /etc/nginx/modules-enabled/*.conf;
 events {
 	worker_connections 768;
 	# multi_accept on;
 }
 http {
 	##
 	# Basic Settings
 	##
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
 	server_tokens off;
 	include /etc/nginx/mime.types;
 	default_type application/octet-stream;
 	##
 	# Headers
 	##
 	add_header X-Frame-Options DENY;
 	add_header X-Content-Type-Options nosniff;
 	add_header X-XSS-Protection "1; mode=block";
 	##
 	# Logging Settings
 	##
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
 	##
 	# Gzip Settings
 	##
 	gzip off; # To avoid BREACH Attack
 	gzip_disable "msie6";
 	##
 	# Virtual Host Configs
 	##
 	include /etc/nginx/conf.d/*.conf;
 }
--- a/resources/php/custom.ini
+++ b/resources/php/custom.ini
@ -0,0 +1,14 @@
 expose_php              = Off
 error_reporting         = E_ALL
 display_errors          = Off
 display_startup_errors  = Off
 log_errors              = On
 error_log               = /var/log/php/php_error.log
 ignore_repeated_errors  = Off
 allow_url_fopen         = Off
 allow_url_include       = Off
 file_uploads            = Off
 disable_functions       = system, exec, shell_exec, passthru, phpinfo, show_source, popen, proc_open
 disable_functions       = fopen_with_path, dbmopen, dbase_open, putenv, move_uploaded_file
 disable_functions       = chdir, mkdir, rmdir, chmod, rename
 disable_functions       = filepro, filepro_rowcount, filepro_retrieve, posix_mkfifo
--- a/webroot/index.php
+++ b/webroot/index.php
@ -0,0 +1,56 @@
 <!DOCTYPE html>
 <html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <title>Authentication 2.0</title>
    <link rel="stylesheet" type="text/css" href="style.css">
    <link href="https://fonts.googleapis.com/css?family=Bitter" rel="stylesheet">
  </head>
  <body>
    <div class="box">
      <?php if ($_SERVER['REQUEST_METHOD'] != 'POST') { ?>
        <div class="code red">
          <h1><?php echo $_SERVER['REQUEST_METHOD']; ?></h1>
        </div>
        <div class="sub grey">
        <h2>Send your username for authentication.</h2>
        </div>
      <?php } else { ?>
        <div class="code green">
          <h1>POST</h1>
        </div>
      <?php if (!isset($_POST['username'])) { ?>
        <div class="sub red">
          <h2>What is your username?</h2>
        </div>
      <?php
        } else {
          $username = htmlspecialchars($_POST['username']);
          if ($username === 'admin') {
      ?>
        <div class="sub">
          <h2 class="blue">Hello admin</h2>
          <h3 class="grey">IMTLD{Y0u_H4v3_t0_st4rT_s0m3Wh3r3}</h3>
        </div>
      <?php } else { ?>
        <div class="sub">
          <h2 class="blue">Hello <?php echo $username; ?></h2>
          <h3 class="red">You don't have the permission to see anything.</h3>
        </div>
      <?php }}} ?>
  </div>
  </body>
 </html>
--- a/webroot/style.css
+++ b/webroot/style.css
@ -0,0 +1,56 @@
 html,
 body {
  margin: 0;
  padding: 0;
  display: grid;
  place-items: center;
  height: 100vh;
  font-family: 'Bitter', serif;
 }
 .box {
  display: flex;
  justify-content: center;
  align-items: center;
  flex-direction: column;
 }
 .code {
  font-size: 40px;
 }
 .sub {
  text-align: center;
 }
 .sub h2 {
  font-size: 26px;
 }
 .sub h3 {
  font-size: 20px;
 }
 .red {
  color: #f44336;
 }
 .orange {
  color: #FF5722;
 }
 .green {
  color: #4CAF50;
 }
 .blue {
  color: #2196F3;
 }
 .violet {
  color: #9C27B0;
 }
 .grey {
  color: #546E7A;
 }