Merge pull request #24 from SST-CTF/otakar

Added basic PHP
SST-CTF · Jan 26, 2017 · 086ed2b · 086ed2b
2 parents 04466a2 + 21a450c
commit 086ed2b
Show file tree

Hide file tree

Showing 10 changed files with 540 additions and 65 deletions.
diff --git a/file.txt → content.txt b/file.txt → content.txt
diff --git a/css/stylesheet.css b/css/stylesheet.css
diff --git a/fonts/fontawesome-webfont.woff b/fonts/fontawesome-webfont.woff
diff --git a/fonts/fontawesome-webfont.woff2 b/fonts/fontawesome-webfont.woff2
diff --git a/index.html b/index.html
@@ -1,7 +1,7 @@
 <script src="./js/main.js"></script>
+<script src="./js/jquery-3.1.1.min.js"></script>
 
 <!DOCTYPE html>
-
 <html>
 <title>SST Typing Competition</title>
 <meta name="viewport" content="width=device-width, initial-scale=1">
@@ -20,6 +20,31 @@
     }
 </style>
 
+        <?php
+// define variables and set to empty values
+$nameErr = $emailErr = $genderErr = $websiteErr = "";
+$name = $email = $gender = $comment = $website = "";
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+  if (empty($_POST["name"])) {
+    $nameErr = "Name is required";
+  } else {
+    $name = test_input($_POST["name"]);
+    // check if name only contains letters and whitespace
+    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
+      $nameErr = "Only letters and white space allowed"; 
+    }
+  }
+}
+
+function test_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
+}
+?>
+
 <body class="sst-light-grey">
 
     <!-- Top container -->
@@ -130,11 +155,12 @@ <h4>
         <!-- End Old Code -->
 
         <!-- Submit Results to Database -->
-        <div align="center">
-            <form align: center;>
-                <input onclick="myFunction()" class="sst-btn" More Countries type="submit" value="Submit to Database">
-            </form>
-        </div>
+        <form align: center; method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
+            Name: 
+            <input type="text" name="name" value="<?php echo $name;?>">
+            <input type="submit" name="submit" value="Submit">
+        </form>
+
 
         <!-- Footer -->
         <footer class="sst-container sst-padding-16 sst-light-grey">
@@ -174,4 +200,38 @@ <h4>FOOTER</h4>
         }
     </script>
 </body>
+
+    <?php
+        //$message = "PHP LOADED";
+        //echo "<script type='text/javascript'>alert('$message');</script>";
+
+        echo "<h2>Your Input:</h2>";
+        echo $name;
+
+$servername = "localhost";
+$username = "www";
+$password = "[HIDDEN]";   // TODO: Remove password from index.php by calling password from another file
+$dbname = "typing_test";
+
+// Create connection
+$conn = new mysqli($servername, $username, $password, $dbname);
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+} 
+
+$sql = "INSERT INTO results (name, net_wpm, gross_wpm, error, accuracy)
+VALUES ('$name', '0', '0', '0', '0')";
+
+if ($conn->query($sql) === TRUE) {
+    echo "New record created successfully";
+} else {
+    echo "Error: " . $sql . "<br>" . $conn->error;
+}
+
+$conn->close();
+
+
+        ?>
+
 </html>
diff --git a/js/data-submit.js b/js/data-submit.js
diff --git a/js/jquery-3.1.1.min.js b/js/jquery-3.1.1.min.js
diff --git a/js/main.js b/js/main.js
@@ -39,7 +39,8 @@ function readTextFile(file, arrayData)
     return arrayData;
 }
 
-readTextFile("file.txt");
+// File to read the testing string from
+readTextFile("content.txt");
 
 var strToTestType = "";
 
@@ -372,15 +373,23 @@ function myFunction()
         person.search("Cena") === - 1
        ) 
     {
-        alert("Invalid option");
+        alert(person);
+        $.ajax(
+        {
+            //alert(person);
+            data: 'name=' + person,
+            url: 'http://sstctf.org/typing-test/backend.php',
+            method: 'POST', // or GET
+            success: function(msg) 
+            {
+                alert(msg);
+            }
+        });
     }
 
     else
     {
-        // SQL
-        // MAGIC
-        // GOES
-        // HERE
+        alert("Invalid option");
     }
 }
 

diff --git a/js/submit.js b/js/submit.js
@@ -0,0 +1,47 @@
+(function saveData($) {
+	var person = prompt('Please enter your name', '');
+	$.ajax({
+		type: 'POST',
+		url: './backend.php2',
+		data: { name: $("select[name='players']").val() },
+		success: function (msg) {
+			alert('Data Saved: ' + msg);
+		}
+	});
+}(jQuery));
+
+(function sendWPM($) {
+	var person = prompt('Please enter your name', '');
+	$.ajax({
+		type: 'POST',
+		url: './backend.php2',
+		data: { wpm: $("select[wpm='players']").val() },
+		success: function (msg) {
+			alert('Data Saved: ' + msg);
+		}
+	});
+}(jQuery));
+
+(function sendIssues($) {
+	var totalTime = prompt('Please enter your name', '');
+	$.ajax({
+		type: 'POST',
+		url: './backend.php2',
+		data: { issues: $("select[issues='players']").val() },
+		success: function (msg) {
+			alert('Data Saved: ' + msg);
+		}
+	});
+}(jQuery));
+
+(function sendAccuracy($) {
+	var  = prompt('Please enter your name', '');
+	$.ajax({
+		type: 'POST',
+		url: './backend.php2',
+		data: { accuracy: $("select[accuracy='players']").val() },
+		success: function (msg) {
+			alert('Data Saved: ' + msg);
+		}
+	});
+}(jQuery));
diff --git a/testscript.php b/testscript.php
@@ -0,0 +1,71 @@
+
+<html>
+
+    <?php
+// define variables and set to empty values
+$nameErr = $emailErr = $genderErr = $websiteErr = "";
+$name = $email = $gender = $comment = $website = "";
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+  if (empty($_POST["name"])) {
+    $nameErr = "Name is required";
+  } else {
+    $name = test_input($_POST["name"]);
+    // check if name only contains letters and whitespace
+    if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
+      $nameErr = "Only letters and white space allowed"; 
+    }
+  }
+}
+
+function test_input($data) {
+  $data = trim($data);
+  $data = stripslashes($data);
+  $data = htmlspecialchars($data);
+  return $data;
+}
+?>
+
+    <body>
+        <h2>PHP Form Validation Example</h2>
+        <p><span class="error">* required field.</span></p>
+        <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  
+  Name: <input type="text" name="name" value="<?php echo $name;?>">
+  <span class="error">* <?php echo $nameErr;?></span>
+  <br><br>
+  <input type="submit" name="submit" value="Submit">  
+</form>
+
+        <?php
+        //$message = "PHP LOADED";
+        //echo "<script type='text/javascript'>alert('$message');</script>";
+
+        echo "<h2>Your Input:</h2>";
+        echo $name;
+
+$servername = "localhost";
+$username = "www";
+$password = "gfFIw{NHpwCF67";   // TODO: Remove password from index.php by calling password from another file
+$dbname = "typing_test";
+
+// Create connection
+$conn = new mysqli($servername, $username, $password, $dbname);
+// Check connection
+if ($conn->connect_error) {
+    die("Connection failed: " . $conn->connect_error);
+} 
+
+$sql = "INSERT INTO test (name)
+VALUES ('$name')";
+
+if ($conn->query($sql) === TRUE) {
+    echo "New record created successfully";
+} else {
+    echo "Error: " . $sql . "<br>" . $conn->error;
+}
+
+$conn->close();
+
+
+        ?>
+</html>