teratail header banner
teratail header banner
質問するログイン新規登録

質問編集履歴

2

コードを追加

2020/12/11 04:01

投稿

shotail
shotail

スコア2

title CHANGED
File without changes
body CHANGED
@@ -34,83 +34,255 @@
34
34
  Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1
35
35
 
36
36
 
37
- ### 該当のソースコード
38
- MAMP/conf/apache/extra/httpd-vhosts.conf
39
- ```
40
- # Virtual Hosts
41
- #
42
- # Required modules: mod_log_config
43
37
 
44
- # If you want to maintain multiple domains/hostnames on your
45
- # machine you can setup VirtualHost containers for them. Most configurations
46
- # use only name-based virtual hosts so the server doesn't need to worry about
47
- # IP addresses. This is indicated by the asterisks in the directives below.
48
- #
49
- # Please see the documentation at
50
- # <URL:http://httpd.apache.org/docs/2.4/vhosts/>
51
- # for further details before you try to setup virtual hosts.
52
- #
53
- # You may use the command line option '-S' to verify your virtual host
54
- # configuration.
38
+ ```inputphp
39
+ <?php
55
40
 
56
- #
57
- # Use name-based virtual hosting.
58
- #
59
- NameVirtualHost *:80
41
+ session_start();
60
42
 
61
- #
62
- # VirtualHost example:
63
- # Almost any Apache directive may go into a VirtualHost container.
64
- # The first VirtualHost section is used for all requests that do not
65
- # match a ServerName or ServerAlias in any <VirtualHost> block.
66
- #
67
- #<VirtualHost *:80>
68
- #ServerAdmin webmaster@dummy-host.example.com
69
- #DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
70
- #ServerName dummy-host.example.com
71
- #ServerAlias www.dummy-host.example.com
72
- #ErrorLog "logs/dummy-host.example.com-error_log"
73
- #CustomLog "logs/dummy-host.example.com-access_log" common
74
- #</VirtualHost>
43
+ require 'validation.php';
75
44
 
76
- <Directory /Applications/MAMP/htdocs/>
45
+ header('X-FRAME-OPTIONS:DENY');
77
- Options FollowSymlinks Includes
78
- AllowOverride All
79
- AddType text/html .html
80
- Require all granted
81
- </Directory>
82
- #<VirtualHost *:80>
83
- #ServerAdmin webmaster@dummy-host2.example.com
84
- #DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
85
- #ServerName dummy-host2.example.com
86
- #ErrorLog "logs/dummy-host2.example.com-error_log"
87
- #CustomLog "logs/dummy-host2.example.com-access_log" common
88
- #</VirtualHost>
89
46
 
47
+ // スーパーグローバル変数 php 9種類
48
+ // 連想配列
49
+ if(!empty($_POST)){
50
+ echo '<pre>';
51
+ var_dump($_POST) ;
52
+ echo '</pre>';
53
+ }
90
54
 
55
+ function h($str)
56
+ {
57
+ return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
58
+ }
59
+
60
+
61
+ // 入力、確認、完了 input.php, confirm.php, thanks.php
62
+ // CSRF 偽物のinput.php->悪意のあるページ
63
+ // input.php
64
+
65
+ $pageFlag = 0;
66
+ $errors = validation($_POST);
67
+
68
+ if(!empty($_POST['btn_confirm']) && empty($errors)){
69
+ $pageFlag = 1;
70
+ }
71
+ if(!empty($_POST['btn_submit'])){
72
+ $pageFlag = 2;
73
+ }
74
+
75
+
76
+ ?>
77
+
78
+ <!doctype html>
79
+ <html lang="ja">
80
+ <head>
81
+ <!-- Required meta tags -->
82
+ <meta charset="utf-8">
83
+ <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
84
+
85
+ <!-- Bootstrap CSS -->
86
+ <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
87
+
88
+ <title>Hello, world!</title>
89
+ </head>
90
+ <body>
91
+
92
+
93
+ <?php if($pageFlag === 1 ) : ?>
94
+ <?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
95
+ <form method="POST" action="input.php">
96
+ 氏名
97
+ <?php echo h($_POST['your_name']) ;?>
98
+ <br>
99
+ メールアドレス
100
+ <?php echo h($_POST['email']) ;?>
101
+ <br>
102
+ ホームページ
103
+ <?php echo h($_POST['url']) ;?>
104
+ <br>
105
+ 性別
106
+ <?php
107
+ if($_POST['gender'] === '0'){ echo '男性'; }
108
+ if($_POST['gender'] === '1'){ echo '女性'; }
109
+ ?>
110
+ <br>
111
+ 年齢
112
+ <?php
113
+ if($_POST['age'] === '1'){ echo '〜19歳' ;}
114
+ if($_POST['age'] === '2'){ echo '20歳〜29歳' ;}
115
+ if($_POST['age'] === '3'){ echo '30歳〜39歳' ;}
116
+ if($_POST['age'] === '4'){ echo '40歳〜49歳' ;}
117
+ if($_POST['age'] === '5'){ echo '50歳〜59歳' ;}
118
+ if($_POST['age'] === '6'){ echo '60歳〜' ;}
119
+ ?>
120
+
121
+ <br>
122
+ お問い合わせ内容
123
+ <?php echo h($_POST['contact']) ;?>
124
+ <br>
125
+
126
+ <input type="submit" name="back" value="戻る">
127
+ <input type="submit" name="btn_submit" value="送信する">
128
+ <input type="hidden" name="your_name" value="<?php echo h($_POST['your_name']) ;?>">
129
+ <input type="hidden" name="email" value="<?php echo h($_POST['email']) ;?>">
130
+ <input type="hidden" name="url" value="<?php echo h($_POST['url']) ;?>">
131
+ <input type="hidden" name="gender" value="<?php echo h($_POST['gender']) ;?>">
132
+ <input type="hidden" name="age" value="<?php echo h($_POST['age']) ;?>">
133
+ <input type="hidden" name="contact" value="<?php echo h($_POST['contact']) ;?>">
134
+ <input type="hidden" name="csrf" value="<?php echo h($_POST['csrf']) ;?>">
135
+ </form>
136
+
137
+ <?php endif; ?>
138
+
139
+ <?php endif; ?>
140
+
141
+ <?php if($pageFlag === 2 ) : ?>
142
+ <?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
143
+ 送信が完了しました。
144
+
145
+ <?php unset($_SESSION['csrfToken']); ?>
146
+ <?php endif; ?>
147
+ <?php endif; ?>
148
+
149
+
150
+ <?php if($pageFlag === 0 ) : ?>
151
+ <?php
152
+ if(!isset($_SESSION['csrfToken'])){
153
+ $csrfToken = bin2hex(random_bytes(32));
154
+ $_SESSION['csrfToken'] = $csrfToken;
155
+ }
156
+ $token = $_SESSION['csrfToken'];
157
+ ?>
158
+
159
+ <?php if(!empty($errors) && !empty($_POST['btn_confirm']) ) : ?>
160
+ <?php echo '<ul>' ;?>
161
+ <?php
162
+ foreach($errors as $error){
163
+ echo '<li>' . $error . '</li>' ;
164
+ }
165
+ ?>
166
+ <?php echo '</ul>' ; ?>
167
+
168
+ <?php endif ;?>
169
+
170
+ <div class="container">
171
+ <div class="row">
172
+ <div class="col-md-6">
173
+ <form method="POST" action="input.php">
174
+ <div class="form-group">
175
+ <label for="your_name">氏名</label>
176
+ <input type="text" class="form-control" id="your_name" name="your_name" value="<?php if(!empty($_POST['your_name'])){echo h($_POST['your_name']) ;} ?>" required>
177
+ </div>
178
+
179
+ <div class="form-group">
180
+ <label for="email">メールアドレス</label>
181
+ <input type="email" class="form-control" id="email" name="email" value="<?php if(!empty($_POST['email'])){echo h($_POST['email']) ;} ?>" required>
182
+ </div>
183
+
184
+ <div class="form-group">
185
+ <label for="url">ホームページ</label>
186
+ <input type="url" class="form-control" id="url" name="url" value="<?php if(!empty($_POST['url'])){echo h($_POST['url']) ;} ?>">
187
+ </div>
188
+
189
+ 性別
190
+ <div class="form-check form-check-inline">
191
+ <input class="form-check-input" type="radio" name="gender" id="gender1" value="0"
192
+ <?php if(!empty($_POST['gender']) && $_POST['gender'] === '0' )
193
+ { echo 'checked'; } ?>>
194
+ <label class="form-check-label">男性</label>
195
+ <input class="form-check-input" type="radio" name="gender" id="gender2" value="1"
196
+ <?php if(!empty($_POST['gender']) && $_POST['gender'] === '1' )
197
+ { echo 'checked'; } ?>>
198
+ <label class="form-check-label">女性</label>
199
+ </div>
200
+
201
+ <div class="form-group">
202
+ <label for="age">年齢</label>
203
+ <select class="form-control" id="age" name="age">
204
+ <option value="">選択してください</option>
205
+ <option value="1">〜19歳</option>
206
+ <option value="2">20歳〜29歳</option>
207
+ <option value="3">30歳〜39歳</option>
208
+ <option value="4">40歳〜49歳</option>
209
+ <option value="5">50歳〜59歳</option>
210
+ <option value="6">60歳〜</option>
211
+ </select>
212
+ </div>
213
+
214
+ <div class="form-group">
215
+ <label for="contact">お問い合わせ内容</label>
216
+ <textarea class="form-control" id="contact" row="3" name="contact">
217
+ <?php if(!empty($_POST['contact'])){echo h($_POST['contact']) ;} ?>
218
+ </textarea>
219
+ </div>
220
+
221
+ <div class="form-check">
222
+ <input class="form-check-input" type="checkbox" id="caution" name="caution" value="1">
223
+ <label class="form-check-label" for="caution">注意事項にチェックする</label>
224
+ </div>
225
+
226
+ <input class="btn btn-info" type="submit" name="btn_confirm" value="確認する">
227
+ <input type="hidden" name="csrf" value="<?php echo $token; ?>">
228
+ </form>
229
+
230
+ </div><!-- .col-md-6 -->
231
+ </div>
232
+ </div>
233
+
234
+ <?php endif; ?>
235
+
236
+ <!-- Optional JavaScript -->
237
+ <!-- jQuery first, then Popper.js, then Bootstrap JS -->
238
+ <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
239
+ <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
240
+ <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
241
+ </body>
242
+ </html>
243
+
244
+
91
245
  ```
92
- MAMP/conf/apache/httpd.conf
246
+ ```validationphp
93
- ```
247
+ <?php
94
248
 
95
- #
96
- # Each directory to which Apache has access can be configured with respect
97
- # to which services and features are allowed and/or disabled in that
249
+ function validation($request){ //$_POST連想配列
98
- # directory (and its subdirectories).
99
- #
100
- # First, we configure the "default" to be a very restrictive set of
101
- # features.
102
- #
103
- <Directory />
104
- Options Indexes FollowSymLinks
105
- AllowOverride None
106
- Require all granted
107
- </Directory>
108
250
 
251
+ $errors = [];
252
+
253
+ if(empty($request['your_name']) || 20 < mb_strlen($request['your_name']) ){
254
+ $errors[] = '「氏名」は必須です。20文字以内で入力してください。';
109
- #
255
+ }
256
+
257
+ if(empty($request['email']) || !filter_var($request['email'], FILTER_VALIDATE_EMAIL)){
258
+ $errors[] = '「メールアドレス]は必須です。正しい形式で入力してください。';
259
+ }
260
+
261
+ if(!empty($request['url'])){
110
- # Note that from this point forward you must specifically allow
262
+ if(!filter_var($request['url'], FILTER_VALIDATE_URL)){
263
+ $errors[] = '「ホームページ」は正しい形式で入力してください。';
264
+ }
265
+ }
266
+
267
+ if(!isset($request['gender'])){
268
+ $errors[] = '「性別」は必須です。';
269
+ }
270
+
111
- # particular features to be enabled - so if something's not working as
271
+ if(empty($request['age']) || 6 < $request['age']){
112
- # you might expect, make sure that you have specifically enabled it
272
+ $errors[] = '「年齢」は必須です。' ;
113
- # below.
114
- #
273
+ }
274
+
275
+
276
+ if(empty($request['contact']) || 200 < mb_strlen($request['contact']) ){
277
+ $errors[] = '「お問い合わせ内容」は必須です。200文字以内で入力してください。';
278
+ }
279
+
115
- 文字数オーバーのためRequire all grantedの周辺だけのせました
280
+ if(empty($request['caution'])){
281
+ $errors[] = '「注意事項」をご確認ください。';
282
+ }
283
+
284
+ return $errors;
285
+ }
286
+
287
+ ?>
116
288
  ```

1

試したこと、追加

2020/12/11 04:01

投稿

shotail
shotail

スコア2

title CHANGED
File without changes
body CHANGED
@@ -18,7 +18,18 @@
18
18
  <VirtualHost *:80>
19
19
 
20
20
  httpd.confの中にRequire all grantedを書きました。
21
+
22
+ **追記**
23
+ MAMP再インストール後、エラーで止まってるところまでのコードをudemyからダウンロードし、
24
+ mysqlにテーブルとユーザーを作り、エラーで止まる前までの動作確認は異常なし。
25
+ ローカルホストに繋いだ瞬間にclient denied by server configurationとエラーは出ましたが、
26
+ 一応ブラウザのinput.phpからフォームに値を入れ、送信するも反映されません。
21
- 初心者なであまり知識いのですこの辺の設定が怪いと思って
27
+ 後は、MAMP起動時に前回エラー出でので、解決るためちらコードをターミナルで実行しました
28
+ cd /Applications/MAMP/Library/pg/lib
29
+ rm libpq.5.dylib
30
+ rm libpq.dylib
31
+ ln -s libpq.5.7.dylib libpq.5.dylib
32
+ ln -s libpq.5.7.dylib libpq.dylib
22
33
  ### 補足情報(FW/ツールのバージョンなど)
23
34
  Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1
24
35