質問編集履歴
2
コードを追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -70,162 +70,506 @@
|
|
70
70
|
|
71
71
|
|
72
72
|
|
73
|
-
|
74
|
-
|
75
|
-
|
73
|
+
|
74
|
+
|
75
|
+
```inputphp
|
76
|
+
|
77
|
+
<?php
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
session_start();
|
82
|
+
|
83
|
+
|
84
|
+
|
85
|
+
require 'validation.php';
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
header('X-FRAME-OPTIONS:DENY');
|
90
|
+
|
91
|
+
|
92
|
+
|
93
|
+
// スーパーグローバル変数 php 9種類
|
94
|
+
|
95
|
+
// 連想配列
|
96
|
+
|
97
|
+
if(!empty($_POST)){
|
98
|
+
|
99
|
+
echo '<pre>';
|
100
|
+
|
101
|
+
var_dump($_POST) ;
|
102
|
+
|
103
|
+
echo '</pre>';
|
104
|
+
|
105
|
+
}
|
106
|
+
|
107
|
+
|
108
|
+
|
109
|
+
function h($str)
|
110
|
+
|
111
|
+
{
|
112
|
+
|
113
|
+
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
|
114
|
+
|
115
|
+
}
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
|
120
|
+
|
121
|
+
// 入力、確認、完了 input.php, confirm.php, thanks.php
|
122
|
+
|
123
|
+
// CSRF 偽物のinput.php->悪意のあるページ
|
124
|
+
|
125
|
+
// input.php
|
126
|
+
|
127
|
+
|
128
|
+
|
129
|
+
$pageFlag = 0;
|
130
|
+
|
131
|
+
$errors = validation($_POST);
|
132
|
+
|
133
|
+
|
134
|
+
|
135
|
+
if(!empty($_POST['btn_confirm']) && empty($errors)){
|
136
|
+
|
137
|
+
$pageFlag = 1;
|
138
|
+
|
139
|
+
}
|
140
|
+
|
141
|
+
if(!empty($_POST['btn_submit'])){
|
142
|
+
|
143
|
+
$pageFlag = 2;
|
144
|
+
|
145
|
+
}
|
146
|
+
|
147
|
+
|
148
|
+
|
149
|
+
|
150
|
+
|
151
|
+
?>
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
<!doctype html>
|
156
|
+
|
157
|
+
<html lang="ja">
|
158
|
+
|
159
|
+
<head>
|
160
|
+
|
161
|
+
<!-- Required meta tags -->
|
162
|
+
|
163
|
+
<meta charset="utf-8">
|
164
|
+
|
165
|
+
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
166
|
+
|
167
|
+
|
168
|
+
|
169
|
+
<!-- Bootstrap CSS -->
|
170
|
+
|
171
|
+
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
|
172
|
+
|
173
|
+
|
174
|
+
|
175
|
+
<title>Hello, world!</title>
|
176
|
+
|
177
|
+
</head>
|
178
|
+
|
179
|
+
<body>
|
180
|
+
|
181
|
+
|
182
|
+
|
183
|
+
|
184
|
+
|
185
|
+
<?php if($pageFlag === 1 ) : ?>
|
186
|
+
|
187
|
+
<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
|
188
|
+
|
189
|
+
<form method="POST" action="input.php">
|
190
|
+
|
191
|
+
氏名
|
192
|
+
|
193
|
+
<?php echo h($_POST['your_name']) ;?>
|
194
|
+
|
195
|
+
<br>
|
196
|
+
|
197
|
+
メールアドレス
|
198
|
+
|
199
|
+
<?php echo h($_POST['email']) ;?>
|
200
|
+
|
201
|
+
<br>
|
202
|
+
|
203
|
+
ホームページ
|
204
|
+
|
205
|
+
<?php echo h($_POST['url']) ;?>
|
206
|
+
|
207
|
+
<br>
|
208
|
+
|
209
|
+
性別
|
210
|
+
|
211
|
+
<?php
|
212
|
+
|
213
|
+
if($_POST['gender'] === '0'){ echo '男性'; }
|
214
|
+
|
215
|
+
if($_POST['gender'] === '1'){ echo '女性'; }
|
216
|
+
|
217
|
+
?>
|
218
|
+
|
219
|
+
<br>
|
220
|
+
|
221
|
+
年齢
|
222
|
+
|
223
|
+
<?php
|
224
|
+
|
225
|
+
if($_POST['age'] === '1'){ echo '〜19歳' ;}
|
226
|
+
|
227
|
+
if($_POST['age'] === '2'){ echo '20歳〜29歳' ;}
|
228
|
+
|
229
|
+
if($_POST['age'] === '3'){ echo '30歳〜39歳' ;}
|
230
|
+
|
231
|
+
if($_POST['age'] === '4'){ echo '40歳〜49歳' ;}
|
232
|
+
|
233
|
+
if($_POST['age'] === '5'){ echo '50歳〜59歳' ;}
|
234
|
+
|
235
|
+
if($_POST['age'] === '6'){ echo '60歳〜' ;}
|
236
|
+
|
237
|
+
?>
|
238
|
+
|
239
|
+
|
240
|
+
|
241
|
+
<br>
|
242
|
+
|
243
|
+
お問い合わせ内容
|
244
|
+
|
245
|
+
<?php echo h($_POST['contact']) ;?>
|
246
|
+
|
247
|
+
<br>
|
248
|
+
|
249
|
+
|
250
|
+
|
251
|
+
<input type="submit" name="back" value="戻る">
|
252
|
+
|
253
|
+
<input type="submit" name="btn_submit" value="送信する">
|
254
|
+
|
255
|
+
<input type="hidden" name="your_name" value="<?php echo h($_POST['your_name']) ;?>">
|
256
|
+
|
257
|
+
<input type="hidden" name="email" value="<?php echo h($_POST['email']) ;?>">
|
258
|
+
|
259
|
+
<input type="hidden" name="url" value="<?php echo h($_POST['url']) ;?>">
|
260
|
+
|
261
|
+
<input type="hidden" name="gender" value="<?php echo h($_POST['gender']) ;?>">
|
262
|
+
|
263
|
+
<input type="hidden" name="age" value="<?php echo h($_POST['age']) ;?>">
|
264
|
+
|
265
|
+
<input type="hidden" name="contact" value="<?php echo h($_POST['contact']) ;?>">
|
266
|
+
|
267
|
+
<input type="hidden" name="csrf" value="<?php echo h($_POST['csrf']) ;?>">
|
268
|
+
|
269
|
+
</form>
|
270
|
+
|
271
|
+
|
272
|
+
|
273
|
+
<?php endif; ?>
|
274
|
+
|
275
|
+
|
276
|
+
|
277
|
+
<?php endif; ?>
|
278
|
+
|
279
|
+
|
280
|
+
|
281
|
+
<?php if($pageFlag === 2 ) : ?>
|
282
|
+
|
283
|
+
<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
|
284
|
+
|
285
|
+
送信が完了しました。
|
286
|
+
|
287
|
+
|
288
|
+
|
289
|
+
<?php unset($_SESSION['csrfToken']); ?>
|
290
|
+
|
291
|
+
<?php endif; ?>
|
292
|
+
|
293
|
+
<?php endif; ?>
|
294
|
+
|
295
|
+
|
296
|
+
|
297
|
+
|
298
|
+
|
299
|
+
<?php if($pageFlag === 0 ) : ?>
|
300
|
+
|
301
|
+
<?php
|
302
|
+
|
303
|
+
if(!isset($_SESSION['csrfToken'])){
|
304
|
+
|
305
|
+
$csrfToken = bin2hex(random_bytes(32));
|
306
|
+
|
307
|
+
$_SESSION['csrfToken'] = $csrfToken;
|
308
|
+
|
309
|
+
}
|
310
|
+
|
311
|
+
$token = $_SESSION['csrfToken'];
|
312
|
+
|
313
|
+
?>
|
314
|
+
|
315
|
+
|
316
|
+
|
317
|
+
<?php if(!empty($errors) && !empty($_POST['btn_confirm']) ) : ?>
|
318
|
+
|
319
|
+
<?php echo '<ul>' ;?>
|
320
|
+
|
321
|
+
<?php
|
322
|
+
|
323
|
+
foreach($errors as $error){
|
324
|
+
|
325
|
+
echo '<li>' . $error . '</li>' ;
|
326
|
+
|
327
|
+
}
|
328
|
+
|
329
|
+
?>
|
330
|
+
|
331
|
+
<?php echo '</ul>' ; ?>
|
332
|
+
|
333
|
+
|
334
|
+
|
335
|
+
<?php endif ;?>
|
336
|
+
|
337
|
+
|
338
|
+
|
339
|
+
<div class="container">
|
340
|
+
|
341
|
+
<div class="row">
|
342
|
+
|
343
|
+
<div class="col-md-6">
|
344
|
+
|
345
|
+
<form method="POST" action="input.php">
|
346
|
+
|
347
|
+
<div class="form-group">
|
348
|
+
|
349
|
+
<label for="your_name">氏名</label>
|
350
|
+
|
351
|
+
<input type="text" class="form-control" id="your_name" name="your_name" value="<?php if(!empty($_POST['your_name'])){echo h($_POST['your_name']) ;} ?>" required>
|
352
|
+
|
353
|
+
</div>
|
354
|
+
|
355
|
+
|
356
|
+
|
357
|
+
<div class="form-group">
|
358
|
+
|
359
|
+
<label for="email">メールアドレス</label>
|
360
|
+
|
361
|
+
<input type="email" class="form-control" id="email" name="email" value="<?php if(!empty($_POST['email'])){echo h($_POST['email']) ;} ?>" required>
|
362
|
+
|
363
|
+
</div>
|
364
|
+
|
365
|
+
|
366
|
+
|
367
|
+
<div class="form-group">
|
368
|
+
|
369
|
+
<label for="url">ホームページ</label>
|
370
|
+
|
371
|
+
<input type="url" class="form-control" id="url" name="url" value="<?php if(!empty($_POST['url'])){echo h($_POST['url']) ;} ?>">
|
372
|
+
|
373
|
+
</div>
|
374
|
+
|
375
|
+
|
376
|
+
|
377
|
+
性別
|
378
|
+
|
379
|
+
<div class="form-check form-check-inline">
|
380
|
+
|
381
|
+
<input class="form-check-input" type="radio" name="gender" id="gender1" value="0"
|
382
|
+
|
383
|
+
<?php if(!empty($_POST['gender']) && $_POST['gender'] === '0' )
|
384
|
+
|
385
|
+
{ echo 'checked'; } ?>>
|
386
|
+
|
387
|
+
<label class="form-check-label">男性</label>
|
388
|
+
|
389
|
+
<input class="form-check-input" type="radio" name="gender" id="gender2" value="1"
|
390
|
+
|
391
|
+
<?php if(!empty($_POST['gender']) && $_POST['gender'] === '1' )
|
392
|
+
|
393
|
+
{ echo 'checked'; } ?>>
|
394
|
+
|
395
|
+
<label class="form-check-label">女性</label>
|
396
|
+
|
397
|
+
</div>
|
398
|
+
|
399
|
+
|
400
|
+
|
401
|
+
<div class="form-group">
|
402
|
+
|
403
|
+
<label for="age">年齢</label>
|
404
|
+
|
405
|
+
<select class="form-control" id="age" name="age">
|
406
|
+
|
407
|
+
<option value="">選択してください</option>
|
408
|
+
|
409
|
+
<option value="1">〜19歳</option>
|
410
|
+
|
411
|
+
<option value="2">20歳〜29歳</option>
|
412
|
+
|
413
|
+
<option value="3">30歳〜39歳</option>
|
414
|
+
|
415
|
+
<option value="4">40歳〜49歳</option>
|
416
|
+
|
417
|
+
<option value="5">50歳〜59歳</option>
|
418
|
+
|
419
|
+
<option value="6">60歳〜</option>
|
420
|
+
|
421
|
+
</select>
|
422
|
+
|
423
|
+
</div>
|
424
|
+
|
425
|
+
|
426
|
+
|
427
|
+
<div class="form-group">
|
428
|
+
|
429
|
+
<label for="contact">お問い合わせ内容</label>
|
430
|
+
|
431
|
+
<textarea class="form-control" id="contact" row="3" name="contact">
|
432
|
+
|
433
|
+
<?php if(!empty($_POST['contact'])){echo h($_POST['contact']) ;} ?>
|
434
|
+
|
435
|
+
</textarea>
|
436
|
+
|
437
|
+
</div>
|
438
|
+
|
439
|
+
|
440
|
+
|
441
|
+
<div class="form-check">
|
442
|
+
|
443
|
+
<input class="form-check-input" type="checkbox" id="caution" name="caution" value="1">
|
444
|
+
|
445
|
+
<label class="form-check-label" for="caution">注意事項にチェックする</label>
|
446
|
+
|
447
|
+
</div>
|
448
|
+
|
449
|
+
|
450
|
+
|
451
|
+
<input class="btn btn-info" type="submit" name="btn_confirm" value="確認する">
|
452
|
+
|
453
|
+
<input type="hidden" name="csrf" value="<?php echo $token; ?>">
|
454
|
+
|
455
|
+
</form>
|
456
|
+
|
457
|
+
|
458
|
+
|
459
|
+
</div><!-- .col-md-6 -->
|
460
|
+
|
461
|
+
</div>
|
462
|
+
|
463
|
+
</div>
|
464
|
+
|
465
|
+
|
466
|
+
|
467
|
+
<?php endif; ?>
|
468
|
+
|
469
|
+
|
470
|
+
|
471
|
+
<!-- Optional JavaScript -->
|
472
|
+
|
473
|
+
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
|
474
|
+
|
475
|
+
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
|
476
|
+
|
477
|
+
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
478
|
+
|
479
|
+
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
|
480
|
+
|
481
|
+
</body>
|
482
|
+
|
483
|
+
</html>
|
484
|
+
|
485
|
+
|
486
|
+
|
487
|
+
|
76
488
|
|
77
489
|
```
|
78
490
|
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
#<VirtualHost *:80>
|
164
|
-
|
165
|
-
#ServerAdmin webmaster@dummy-host2.example.com
|
166
|
-
|
167
|
-
#DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
|
168
|
-
|
169
|
-
#ServerName dummy-host2.example.com
|
170
|
-
|
171
|
-
#ErrorLog "logs/dummy-host2.example.com-error_log"
|
172
|
-
|
173
|
-
#CustomLog "logs/dummy-host2.example.com-access_log" common
|
174
|
-
|
175
|
-
#</VirtualHost>
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
491
|
+
```validationphp
|
492
|
+
|
493
|
+
<?php
|
494
|
+
|
495
|
+
|
496
|
+
|
497
|
+
function validation($request){ //$_POST連想配列
|
498
|
+
|
499
|
+
|
500
|
+
|
501
|
+
$errors = [];
|
502
|
+
|
503
|
+
|
504
|
+
|
505
|
+
if(empty($request['your_name']) || 20 < mb_strlen($request['your_name']) ){
|
506
|
+
|
507
|
+
$errors[] = '「氏名」は必須です。20文字以内で入力してください。';
|
508
|
+
|
509
|
+
}
|
510
|
+
|
511
|
+
|
512
|
+
|
513
|
+
if(empty($request['email']) || !filter_var($request['email'], FILTER_VALIDATE_EMAIL)){
|
514
|
+
|
515
|
+
$errors[] = '「メールアドレス]は必須です。正しい形式で入力してください。';
|
516
|
+
|
517
|
+
}
|
518
|
+
|
519
|
+
|
520
|
+
|
521
|
+
if(!empty($request['url'])){
|
522
|
+
|
523
|
+
if(!filter_var($request['url'], FILTER_VALIDATE_URL)){
|
524
|
+
|
525
|
+
$errors[] = '「ホームページ」は正しい形式で入力してください。';
|
526
|
+
|
527
|
+
}
|
528
|
+
|
529
|
+
}
|
530
|
+
|
531
|
+
|
532
|
+
|
533
|
+
if(!isset($request['gender'])){
|
534
|
+
|
535
|
+
$errors[] = '「性別」は必須です。';
|
536
|
+
|
537
|
+
}
|
538
|
+
|
539
|
+
|
540
|
+
|
541
|
+
if(empty($request['age']) || 6 < $request['age']){
|
542
|
+
|
543
|
+
$errors[] = '「年齢」は必須です。' ;
|
544
|
+
|
545
|
+
}
|
546
|
+
|
547
|
+
|
548
|
+
|
549
|
+
|
550
|
+
|
551
|
+
if(empty($request['contact']) || 200 < mb_strlen($request['contact']) ){
|
552
|
+
|
553
|
+
$errors[] = '「お問い合わせ内容」は必須です。200文字以内で入力してください。';
|
554
|
+
|
555
|
+
}
|
556
|
+
|
557
|
+
|
558
|
+
|
559
|
+
if(empty($request['caution'])){
|
560
|
+
|
561
|
+
$errors[] = '「注意事項」をご確認ください。';
|
562
|
+
|
563
|
+
}
|
564
|
+
|
565
|
+
|
566
|
+
|
567
|
+
return $errors;
|
568
|
+
|
569
|
+
}
|
570
|
+
|
571
|
+
|
572
|
+
|
573
|
+
?>
|
180
574
|
|
181
575
|
```
|
182
|
-
|
183
|
-
MAMP/conf/apache/httpd.conf
|
184
|
-
|
185
|
-
```
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
#
|
190
|
-
|
191
|
-
# Each directory to which Apache has access can be configured with respect
|
192
|
-
|
193
|
-
# to which services and features are allowed and/or disabled in that
|
194
|
-
|
195
|
-
# directory (and its subdirectories).
|
196
|
-
|
197
|
-
#
|
198
|
-
|
199
|
-
# First, we configure the "default" to be a very restrictive set of
|
200
|
-
|
201
|
-
# features.
|
202
|
-
|
203
|
-
#
|
204
|
-
|
205
|
-
<Directory />
|
206
|
-
|
207
|
-
Options Indexes FollowSymLinks
|
208
|
-
|
209
|
-
AllowOverride None
|
210
|
-
|
211
|
-
Require all granted
|
212
|
-
|
213
|
-
</Directory>
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
#
|
218
|
-
|
219
|
-
# Note that from this point forward you must specifically allow
|
220
|
-
|
221
|
-
# particular features to be enabled - so if something's not working as
|
222
|
-
|
223
|
-
# you might expect, make sure that you have specifically enabled it
|
224
|
-
|
225
|
-
# below.
|
226
|
-
|
227
|
-
#
|
228
|
-
|
229
|
-
文字数オーバーのためRequire all grantedの周辺だけのせました
|
230
|
-
|
231
|
-
```
|
1
試したこと、追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -38,7 +38,29 @@
|
|
38
38
|
|
39
39
|
httpd.confの中にRequire all grantedを書きました。
|
40
40
|
|
41
|
+
|
42
|
+
|
43
|
+
**追記**
|
44
|
+
|
45
|
+
MAMP再インストール後、エラーで止まってるところまでのコードをudemyからダウンロードし、
|
46
|
+
|
47
|
+
mysqlにテーブルとユーザーを作り、エラーで止まる前までの動作確認は異常なし。
|
48
|
+
|
49
|
+
ローカルホストに繋いだ瞬間にclient denied by server configurationとエラーは出ましたが、
|
50
|
+
|
51
|
+
一応ブラウザのinput.phpからフォームに値を入れ、送信するも反映されません。
|
52
|
+
|
41
|
-
|
53
|
+
後は、MAMP起動時に前回のエラーも出でいたので、解決するためこちらのコードをターミナルで実行しました。
|
54
|
+
|
55
|
+
cd /Applications/MAMP/Library/pg/lib
|
56
|
+
|
57
|
+
rm libpq.5.dylib
|
58
|
+
|
59
|
+
rm libpq.dylib
|
60
|
+
|
61
|
+
ln -s libpq.5.7.dylib libpq.5.dylib
|
62
|
+
|
63
|
+
ln -s libpq.5.7.dylib libpq.dylib
|
42
64
|
|
43
65
|
### 補足情報(FW/ツールのバージョンなど)
|
44
66
|
|