antonioalmeida / get-shit-done Goto Github PK

The front end part of this is up and running, need the calls (both PHP and Ajax) to actually implement the functionality. Similar to the 'delete item' mechanism.

Front end implementation b3ce3d9

Add session alerts (success/failure) to the following cases

• Login / Logout
• Register
• Changing item priority
• Add List
• Remove List
• Add Item
• Edit List
• Edit Item
• Assign user to Item
• Add user as admin
• (Un)Complete task

Anything else? @diogotorres97 @cyrilico

Implement adding new Item to the current list using ajax for no-redirect insertion. The mechanism is similar to the 'Add list' one.

Start here:
f075fd0

On a ToDo list's page, when the user clicks an item's checkbox, the db should update the 'complete' value for the item. Could use the specific sql calls for this.

Implement a better way to show error messages to user.

@antonioalmeida e @cyrilico suggestions about where it is needed.

Issues:
-On register use event.preventDefault();

Currently have the following variables which are retrieved from GET or POST superglobal variables and need regex filtering to ensure no malicious content is manually being sent by user:

Regular expressions to test:

To test a regex against a variable, simply use regex.test(variable). It shall return true if there is a match, and false otherwise

Updated until commit 61ccf0f

Need to move all php actions (action_add_list.php, etc) to their own directory to keep the project's structure somewhat sane

After studying a bit and hacking our site, I conclude that there are aspects to be improved, of which:

• (a) Path Traversal Attack

• (b) SQL Injection (Done by @cyrilico and @ diogotorres97)

• (c) Account Lockout

• (d) Cross-site Scripting (XSS) (Almost done)

• (e) Cross-site Rquest Forgery (CSRF)

• (f) Man in the Middle Atack

• (g) Credential Storage

• (h) Session Fixation

• (i) Session Hijacking (Depends on (h))

• (j) DDos Attack (Probably FEUP is already secure against this type of attacks)

Brief explanation:
(a) This vulnerability allows anyone to download the database knowing the full path.
e.g. https://paginas.fe.up.pt/~up201506428/feup-ltw/project1/database/db.db

(c) It is necessary to prevent bruteforce attacks. So when a user tries to login incorrectly 3x show a captcha or lock the account for a certain amount of time.

[DONE] (d) It is necessary to activate session_set_cookie_params according to page 34 of the slides.

[DONE on delete and add lists] (e) It is necessary to prevent the most important actions using a random token per session (Pag.40)

(f) I think this is already implemented since the pages of feup are already certified.

[DONE] (g) It is necessary to change the manner that the passwords are stored to one using bcrypt with salt. (Pag.67)
[DONE] We also have to force usernames and emails to be case insensitive.

(h) It allows to login knowing the session_id of another user, making pass by him. Need to implement different id's for each request. (Page 77)

As the html markup of the .item class on https://github.com/antonioalmeida/feup-ltw/blob/master/project1/list.php becomes more complicated, should we create a separate action to retrieve it's html markup? This is only useful if it can be used when adding a new item.

Is it possible for 'action_add_item' to return the complete HTML markup for the item instead of just the newly added item's properties? Or should we make two action calls: one to add the item, one to retrieve the item's markup based on the item's properties. Need thoughts on this @cyrilico @diogotorres97

Where do you want to add this? And what search parameters?

Name or Category or data?

@cyrilico and @antonioalmeida