Create an insecure bank application

This commit is contained in:
2024-06-01 15:13:50 +02:00
commit 2133574cae
40 changed files with 1370 additions and 0 deletions

View File

@ -0,0 +1,43 @@
<?php
declare(strict_types=1);
namespace Controller;
use Model\Session;
use Model\User;
use View\LoginRedirection;
use View\LoginPage;
use View\Sendable;
class LoginController extends RestrictedPageController
{
public function __construct()
{
parent::__construct('/login.php');
}
protected function runLogic(): Sendable
{
$loginPage = new LoginPage($this->context);
if ($loginPage->formWasSent) {
$loginPage->fieldUsername = trim($loginPage->fieldUsername);
// find user
$user = User::byName($loginPage->fieldUsername);
// check password
// (use a dummy hash if no user was found, to make timing attacks harder)
$pwHash = $user?->pwHash ?? '$argon2id$v=19$m=65536,t=4,p=1$WmxPVmd5aGdkandaNWZTcA$6hcqXkBJIGgWkcGLdqZeHhkV83JKtn5Ke7jXRS31X2s';
$pwValid = password_verify($loginPage->fieldPassword, $pwHash);
if ($pwValid && !empty($user)) {
$this->context->session = Session::create($user);
return new LoginRedirection($this->context);
} else {
$loginPage->errorLoginDataInvalid = true;
}
}
return $loginPage;
}
}