PHP Session

$_COOKIE

codes/cookie-counter/index.php:

<?php
	$times = $_COOKIE['count'] ?? 0;

	$times++;

	if(isset($_GET['zerar'])){
		$times = 0;
		setcookie('count', false);
	}else{
		setcookie('count', $times, time()+60*60*24);
	}

?>
<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>Document</title>
</head>
<body>
	<p>A quantidade de vezes que vc acessou esta página é <?php echo $times ?></p>
	<a href="index.php?zerar=true">zerar</a>
	<a href="index.php">+1</a>
</body>
</html>

http://localhost:8080/php/web/session/codes/cookie-counter/index.php

References:

Session

$_SESSION

codes/session-counter/index.php:

<?php
	session_start();

	$times = $_SESSION['count'] ?? 0;

	$times++;

	if(isset($_GET['zerar'])){
		$times = 0;
		$_SESSION['count'] = 0;
	}else{
		$_SESSION['count'] = $times;
	}

?>
<!doctype html>
<html lang="en">
<head>
	<meta charset="UTF-8">
	<title>Document</title>
</head>
<body>
	<p>A quantidade de vezes que vc acessou esta página é <?php echo $times ?></p>
	<a href="index.php?zerar=true">zerar</a>
	<a href="index.php">+1</a>
</body>
</html>

http://localhost:8080/php/web/session/codes/session-counter/index.php

References:

Auth

auth
├── auth.php
├── home.php
├── login.html
└── logout.php

codes/auth/login.html:

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Document</title>
</head>
<body>
  <form action="auth.php" method="post">
    <input type="text" name="login" placeholder="login">
    <input type="password" name="password" placeholder="password">
    <input type="submit" value="Login">
  </form>
</body>
</html>

codes/auth/auth.php:

<?php

session_start();
$login = $_POST['login'] ?? null;
$password = $_POST['password'] ?? null;

if(authenticateFake($login, $password)){
  $_SESSION['auth'] = true;
  header('Location: home.php');
} else {
  header('Location: login.html');
}

function authenticateFake($user, $pass){
  return $login == 'luiz' && $password == '123';
}

// Access control list (ACL)
// $ getfacl /etc/passwd
// # chmod g+x /etc/shadow
// # addgroup www-data shadow

// Edit the Sudoers File
// http://www.ethanjoachimeldridge.info/tech-blog/shell_exec-sudo-php-apache
// https://www.sudo.ws/man/sudoers.man.html
// https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos
// $ sudo chmod g+x /etc/shadow
// $ echo "www-data ALL=(ALL) NOPASSWD: /etc/passwd" | sudo tee --append /etc/sudoers
function authenticateShadow($user, $pass){
  $shadow = `cat /etc/shadow | grep "^$user\:"`;
  $shadow = explode(":",$shadow);
  return password_verify($pass, $shadow[1]);
}

function authenticateShadow2($user, $pass){
  $shad = preg_split("/[$:]/",`cat /etc/shadow | grep "^$user\:"`);
  $mkps = preg_split("/[$:]/",trim(`mkpasswd -m sha-512 $pass $shad[3]`));
  return ($shad[4] == $mkps[3]);
}

codes/auth/home.php:

<?php
  session_start();
  if(!isset($_SESSION['auth']) || $_SESSION['auth'] === false)
    header('Location: login.html');
?>
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <title>Document</title>
</head>
<body>
  <h1>Home</h1>
  <a href="logout.php">logout</a>
</body>
</html>

codes/auth/logout.php:

<?php

session_start();
session_destroy();
header('Location: login.html');

http://localhost:8080/php/web/session/codes/auth/login.html