Basic security revisions

Added password hashing.

.gitignore

@@ -0,0 +1,90 @@
+# Created by .ignore support plugin (hsz.mobi)
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+$RECYCLE.BIN/
+*.cab
+*.msi
+*.msm
+*.msp
+*.lnk
+*~
+.fuse_hidden*
+.directory
+.Trash-*
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+.idea/gradle.xml
+.idea/libraries
+.idea/mongoSettings.xml
+*.iws
+/out/
+.idea_modules/
+atlassian-ide-plugin.xml
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+_notes
+_compareTemp
+configs/
+dwsync.xml
+dw_php_codehinting.config
+*.mno
+*.DS_Store
+.AppleDouble
+.LSOverride
+Icon
+._*
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+.project
+.externalToolBuilders/
+*.launch
+*.pydevproject
+.cproject
+.classpath
+.factorypath
+.buildpath
+.target
+.tern-project
+.texlipse
+.springBeans
+.recommenders/
+nbproject/private/
+build/
+nbbuild/
+dist/
+nbdist/
+nbactions.xml
+.nb-gradle/

config.php

@@ -0,0 +1,5 @@
+<?php
+
+/* Define username and password */
+$Username = "Steve";
+$Password = "$2y$10$1GmNO63bbKWpaPxcqLaLW.yVmvoxyOD9krWXxn2XAY.QSdbfcARDK";

login.php

@@ -1,74 +1,74 @@
 <?php
-  session_start();
+require_once ('config.php'); // For storing username and password.
+
+session_start();
 ?>
 
 <!-- HTML code for Bootstrap framework and form design -->
 
 <!DOCTYPE html>
 <html>
-  <head>
+<head>
     <meta charset="utf-8">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1">
 
     <link rel="stylesheet" type="text/css" href="css/bootstrap.min.css">
     <link rel="stylesheet" type="text/css" href="css/signin.css">
     <title>Sign in</title>
-  </head>
-  <body>
-    <div class="container">
-      <form action="" method="post" name="Login_Form" class="form-signin">
+</head>
+<body>
+<div class="container">
+    <form action="" method="post" name="Login_Form" class="form-signin">
         <h2 class="form-signin-heading">Please sign in</h2>
         <label for="inputUsername" class="sr-only">Username</label>
         <input name="Username" type="username" id="inputUsername" class="form-control" placeholder="Username" required autofocus>
         <label for="inputPassword" class="sr-only">Password</label>
         <input name="Password" type="password" id="inputPassword" class="form-control" placeholder="Password" required>
         <div class="checkbox">
-          <label>
-            <input type="checkbox" value="remember-me"> Remember me
-          </label>
+            <label>
+                <input type="checkbox" value="remember-me"> Remember me
+            </label>
         </div>
         <button name="Submit" value="Login" class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
 
-<?php
+        <?php
 
-  /* Check if login form has been submitted */
-	if(isset($_POST['Submit'])){
+        /* Check if login form has been submitted */
+        if(isset($_POST['Submit'])){
 
-    /* Define username and password */
-    $Username = "Steve";
-    $Password = "Choco2016";
+            // Rudimentary hash check
+            $result = password_verify($_POST['password'], $Password);
 
-    /* Check if form's username and password matches */
-    if(($_POST['Username'] == $Username) && ($_POST['Password'] == $Password)) {
+            /* Check if form's username and password matches */
+            if( ($_POST['Username'] == $Username) && ($result === true) ) {
 
-      /* Success: Set session variables and redirect to protected page */
-      $_SESSION['Username'] = $Username;
-      $_SESSION['Password'] = $Password;
+                /* Success: Set session variables and redirect to protected page */
+                $_SESSION['Username'] = $Username;
 
-      $_SESSION['Active'] = true;
-			header("location:index.php");
-			exit;
+                $_SESSION['Active'] = true;
+                header("location:index.php");
+                exit;
 
-    } else {
-			?>
-        <!-- Show an error alert -->
-        &nbsp;
-        <div class="alert alert-danger alert-dismissible" role="alert">
-          <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
-          <strong>Warning!</strong> Incorrect information.
-        </div>
-      <?php
-		}
-	}
-?>
+            } else {
+                ?>
+                <!-- Show an error alert -->
+                &nbsp;
+                <div class="alert alert-danger alert-dismissible" role="alert">
+                    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">&times;</span></button>
+                    <strong>Warning!</strong> Incorrect information.
+                </div>
+                <?php
+            }
+        }
+        ?>
 
-        </form>
-      </div>
+    </form>
+</div>
 
-    <!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
-    <!-- Include all compiled plugins (below), or include individual files as needed -->
-    <script src="js/bootstrap.min.js"></script>
-  </body>
+<!-- jQuery (necessary for Bootstrap's JavaScript plugins) -->
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
+<!-- Include all compiled plugins (below), or include individual files as needed -->
+<script src="js/bootstrap.min.js"></script>
+</body>
 </html>

logout.php

@@ -4,4 +4,3 @@
 
   header("location:login.php");  /* Redirect to login page */
   exit;
-?>