質問編集履歴
2
コードを追加
title
CHANGED
File without changes
|
body
CHANGED
@@ -34,83 +34,255 @@
|
|
34
34
|
Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1
|
35
35
|
|
36
36
|
|
37
|
-
### 該当のソースコード
|
38
|
-
MAMP/conf/apache/extra/httpd-vhosts.conf
|
39
|
-
```
|
40
|
-
# Virtual Hosts
|
41
|
-
#
|
42
|
-
# Required modules: mod_log_config
|
43
37
|
|
44
|
-
# If you want to maintain multiple domains/hostnames on your
|
45
|
-
# machine you can setup VirtualHost containers for them. Most configurations
|
46
|
-
# use only name-based virtual hosts so the server doesn't need to worry about
|
47
|
-
# IP addresses. This is indicated by the asterisks in the directives below.
|
48
|
-
#
|
49
|
-
# Please see the documentation at
|
50
|
-
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
|
51
|
-
# for further details before you try to setup virtual hosts.
|
52
|
-
#
|
53
|
-
# You may use the command line option '-S' to verify your virtual host
|
54
|
-
|
38
|
+
```inputphp
|
39
|
+
<?php
|
55
40
|
|
56
|
-
#
|
57
|
-
# Use name-based virtual hosting.
|
58
|
-
#
|
59
|
-
|
41
|
+
session_start();
|
60
42
|
|
61
|
-
#
|
62
|
-
# VirtualHost example:
|
63
|
-
# Almost any Apache directive may go into a VirtualHost container.
|
64
|
-
# The first VirtualHost section is used for all requests that do not
|
65
|
-
# match a ServerName or ServerAlias in any <VirtualHost> block.
|
66
|
-
#
|
67
|
-
#<VirtualHost *:80>
|
68
|
-
#ServerAdmin webmaster@dummy-host.example.com
|
69
|
-
#DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
|
70
|
-
#ServerName dummy-host.example.com
|
71
|
-
#ServerAlias www.dummy-host.example.com
|
72
|
-
#ErrorLog "logs/dummy-host.example.com-error_log"
|
73
|
-
#CustomLog "logs/dummy-host.example.com-access_log" common
|
74
|
-
|
43
|
+
require 'validation.php';
|
75
44
|
|
76
|
-
|
45
|
+
header('X-FRAME-OPTIONS:DENY');
|
77
|
-
Options FollowSymlinks Includes
|
78
|
-
AllowOverride All
|
79
|
-
AddType text/html .html
|
80
|
-
Require all granted
|
81
|
-
</Directory>
|
82
|
-
#<VirtualHost *:80>
|
83
|
-
#ServerAdmin webmaster@dummy-host2.example.com
|
84
|
-
#DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
|
85
|
-
#ServerName dummy-host2.example.com
|
86
|
-
#ErrorLog "logs/dummy-host2.example.com-error_log"
|
87
|
-
#CustomLog "logs/dummy-host2.example.com-access_log" common
|
88
|
-
#</VirtualHost>
|
89
46
|
|
47
|
+
// スーパーグローバル変数 php 9種類
|
48
|
+
// 連想配列
|
49
|
+
if(!empty($_POST)){
|
50
|
+
echo '<pre>';
|
51
|
+
var_dump($_POST) ;
|
52
|
+
echo '</pre>';
|
53
|
+
}
|
90
54
|
|
55
|
+
function h($str)
|
56
|
+
{
|
57
|
+
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
|
58
|
+
}
|
59
|
+
|
60
|
+
|
61
|
+
// 入力、確認、完了 input.php, confirm.php, thanks.php
|
62
|
+
// CSRF 偽物のinput.php->悪意のあるページ
|
63
|
+
// input.php
|
64
|
+
|
65
|
+
$pageFlag = 0;
|
66
|
+
$errors = validation($_POST);
|
67
|
+
|
68
|
+
if(!empty($_POST['btn_confirm']) && empty($errors)){
|
69
|
+
$pageFlag = 1;
|
70
|
+
}
|
71
|
+
if(!empty($_POST['btn_submit'])){
|
72
|
+
$pageFlag = 2;
|
73
|
+
}
|
74
|
+
|
75
|
+
|
76
|
+
?>
|
77
|
+
|
78
|
+
<!doctype html>
|
79
|
+
<html lang="ja">
|
80
|
+
<head>
|
81
|
+
<!-- Required meta tags -->
|
82
|
+
<meta charset="utf-8">
|
83
|
+
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
84
|
+
|
85
|
+
<!-- Bootstrap CSS -->
|
86
|
+
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
|
87
|
+
|
88
|
+
<title>Hello, world!</title>
|
89
|
+
</head>
|
90
|
+
<body>
|
91
|
+
|
92
|
+
|
93
|
+
<?php if($pageFlag === 1 ) : ?>
|
94
|
+
<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
|
95
|
+
<form method="POST" action="input.php">
|
96
|
+
氏名
|
97
|
+
<?php echo h($_POST['your_name']) ;?>
|
98
|
+
<br>
|
99
|
+
メールアドレス
|
100
|
+
<?php echo h($_POST['email']) ;?>
|
101
|
+
<br>
|
102
|
+
ホームページ
|
103
|
+
<?php echo h($_POST['url']) ;?>
|
104
|
+
<br>
|
105
|
+
性別
|
106
|
+
<?php
|
107
|
+
if($_POST['gender'] === '0'){ echo '男性'; }
|
108
|
+
if($_POST['gender'] === '1'){ echo '女性'; }
|
109
|
+
?>
|
110
|
+
<br>
|
111
|
+
年齢
|
112
|
+
<?php
|
113
|
+
if($_POST['age'] === '1'){ echo '〜19歳' ;}
|
114
|
+
if($_POST['age'] === '2'){ echo '20歳〜29歳' ;}
|
115
|
+
if($_POST['age'] === '3'){ echo '30歳〜39歳' ;}
|
116
|
+
if($_POST['age'] === '4'){ echo '40歳〜49歳' ;}
|
117
|
+
if($_POST['age'] === '5'){ echo '50歳〜59歳' ;}
|
118
|
+
if($_POST['age'] === '6'){ echo '60歳〜' ;}
|
119
|
+
?>
|
120
|
+
|
121
|
+
<br>
|
122
|
+
お問い合わせ内容
|
123
|
+
<?php echo h($_POST['contact']) ;?>
|
124
|
+
<br>
|
125
|
+
|
126
|
+
<input type="submit" name="back" value="戻る">
|
127
|
+
<input type="submit" name="btn_submit" value="送信する">
|
128
|
+
<input type="hidden" name="your_name" value="<?php echo h($_POST['your_name']) ;?>">
|
129
|
+
<input type="hidden" name="email" value="<?php echo h($_POST['email']) ;?>">
|
130
|
+
<input type="hidden" name="url" value="<?php echo h($_POST['url']) ;?>">
|
131
|
+
<input type="hidden" name="gender" value="<?php echo h($_POST['gender']) ;?>">
|
132
|
+
<input type="hidden" name="age" value="<?php echo h($_POST['age']) ;?>">
|
133
|
+
<input type="hidden" name="contact" value="<?php echo h($_POST['contact']) ;?>">
|
134
|
+
<input type="hidden" name="csrf" value="<?php echo h($_POST['csrf']) ;?>">
|
135
|
+
</form>
|
136
|
+
|
137
|
+
<?php endif; ?>
|
138
|
+
|
139
|
+
<?php endif; ?>
|
140
|
+
|
141
|
+
<?php if($pageFlag === 2 ) : ?>
|
142
|
+
<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
|
143
|
+
送信が完了しました。
|
144
|
+
|
145
|
+
<?php unset($_SESSION['csrfToken']); ?>
|
146
|
+
<?php endif; ?>
|
147
|
+
<?php endif; ?>
|
148
|
+
|
149
|
+
|
150
|
+
<?php if($pageFlag === 0 ) : ?>
|
151
|
+
<?php
|
152
|
+
if(!isset($_SESSION['csrfToken'])){
|
153
|
+
$csrfToken = bin2hex(random_bytes(32));
|
154
|
+
$_SESSION['csrfToken'] = $csrfToken;
|
155
|
+
}
|
156
|
+
$token = $_SESSION['csrfToken'];
|
157
|
+
?>
|
158
|
+
|
159
|
+
<?php if(!empty($errors) && !empty($_POST['btn_confirm']) ) : ?>
|
160
|
+
<?php echo '<ul>' ;?>
|
161
|
+
<?php
|
162
|
+
foreach($errors as $error){
|
163
|
+
echo '<li>' . $error . '</li>' ;
|
164
|
+
}
|
165
|
+
?>
|
166
|
+
<?php echo '</ul>' ; ?>
|
167
|
+
|
168
|
+
<?php endif ;?>
|
169
|
+
|
170
|
+
<div class="container">
|
171
|
+
<div class="row">
|
172
|
+
<div class="col-md-6">
|
173
|
+
<form method="POST" action="input.php">
|
174
|
+
<div class="form-group">
|
175
|
+
<label for="your_name">氏名</label>
|
176
|
+
<input type="text" class="form-control" id="your_name" name="your_name" value="<?php if(!empty($_POST['your_name'])){echo h($_POST['your_name']) ;} ?>" required>
|
177
|
+
</div>
|
178
|
+
|
179
|
+
<div class="form-group">
|
180
|
+
<label for="email">メールアドレス</label>
|
181
|
+
<input type="email" class="form-control" id="email" name="email" value="<?php if(!empty($_POST['email'])){echo h($_POST['email']) ;} ?>" required>
|
182
|
+
</div>
|
183
|
+
|
184
|
+
<div class="form-group">
|
185
|
+
<label for="url">ホームページ</label>
|
186
|
+
<input type="url" class="form-control" id="url" name="url" value="<?php if(!empty($_POST['url'])){echo h($_POST['url']) ;} ?>">
|
187
|
+
</div>
|
188
|
+
|
189
|
+
性別
|
190
|
+
<div class="form-check form-check-inline">
|
191
|
+
<input class="form-check-input" type="radio" name="gender" id="gender1" value="0"
|
192
|
+
<?php if(!empty($_POST['gender']) && $_POST['gender'] === '0' )
|
193
|
+
{ echo 'checked'; } ?>>
|
194
|
+
<label class="form-check-label">男性</label>
|
195
|
+
<input class="form-check-input" type="radio" name="gender" id="gender2" value="1"
|
196
|
+
<?php if(!empty($_POST['gender']) && $_POST['gender'] === '1' )
|
197
|
+
{ echo 'checked'; } ?>>
|
198
|
+
<label class="form-check-label">女性</label>
|
199
|
+
</div>
|
200
|
+
|
201
|
+
<div class="form-group">
|
202
|
+
<label for="age">年齢</label>
|
203
|
+
<select class="form-control" id="age" name="age">
|
204
|
+
<option value="">選択してください</option>
|
205
|
+
<option value="1">〜19歳</option>
|
206
|
+
<option value="2">20歳〜29歳</option>
|
207
|
+
<option value="3">30歳〜39歳</option>
|
208
|
+
<option value="4">40歳〜49歳</option>
|
209
|
+
<option value="5">50歳〜59歳</option>
|
210
|
+
<option value="6">60歳〜</option>
|
211
|
+
</select>
|
212
|
+
</div>
|
213
|
+
|
214
|
+
<div class="form-group">
|
215
|
+
<label for="contact">お問い合わせ内容</label>
|
216
|
+
<textarea class="form-control" id="contact" row="3" name="contact">
|
217
|
+
<?php if(!empty($_POST['contact'])){echo h($_POST['contact']) ;} ?>
|
218
|
+
</textarea>
|
219
|
+
</div>
|
220
|
+
|
221
|
+
<div class="form-check">
|
222
|
+
<input class="form-check-input" type="checkbox" id="caution" name="caution" value="1">
|
223
|
+
<label class="form-check-label" for="caution">注意事項にチェックする</label>
|
224
|
+
</div>
|
225
|
+
|
226
|
+
<input class="btn btn-info" type="submit" name="btn_confirm" value="確認する">
|
227
|
+
<input type="hidden" name="csrf" value="<?php echo $token; ?>">
|
228
|
+
</form>
|
229
|
+
|
230
|
+
</div><!-- .col-md-6 -->
|
231
|
+
</div>
|
232
|
+
</div>
|
233
|
+
|
234
|
+
<?php endif; ?>
|
235
|
+
|
236
|
+
<!-- Optional JavaScript -->
|
237
|
+
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
|
238
|
+
<script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
|
239
|
+
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
|
240
|
+
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
|
241
|
+
</body>
|
242
|
+
</html>
|
243
|
+
|
244
|
+
|
91
245
|
```
|
92
|
-
|
246
|
+
```validationphp
|
93
|
-
|
247
|
+
<?php
|
94
248
|
|
95
|
-
#
|
96
|
-
# Each directory to which Apache has access can be configured with respect
|
97
|
-
|
249
|
+
function validation($request){ //$_POST連想配列
|
98
|
-
# directory (and its subdirectories).
|
99
|
-
#
|
100
|
-
# First, we configure the "default" to be a very restrictive set of
|
101
|
-
# features.
|
102
|
-
#
|
103
|
-
<Directory />
|
104
|
-
Options Indexes FollowSymLinks
|
105
|
-
AllowOverride None
|
106
|
-
Require all granted
|
107
|
-
</Directory>
|
108
250
|
|
251
|
+
$errors = [];
|
252
|
+
|
253
|
+
if(empty($request['your_name']) || 20 < mb_strlen($request['your_name']) ){
|
254
|
+
$errors[] = '「氏名」は必須です。20文字以内で入力してください。';
|
109
|
-
|
255
|
+
}
|
256
|
+
|
257
|
+
if(empty($request['email']) || !filter_var($request['email'], FILTER_VALIDATE_EMAIL)){
|
258
|
+
$errors[] = '「メールアドレス]は必須です。正しい形式で入力してください。';
|
259
|
+
}
|
260
|
+
|
261
|
+
if(!empty($request['url'])){
|
110
|
-
|
262
|
+
if(!filter_var($request['url'], FILTER_VALIDATE_URL)){
|
263
|
+
$errors[] = '「ホームページ」は正しい形式で入力してください。';
|
264
|
+
}
|
265
|
+
}
|
266
|
+
|
267
|
+
if(!isset($request['gender'])){
|
268
|
+
$errors[] = '「性別」は必須です。';
|
269
|
+
}
|
270
|
+
|
111
|
-
|
271
|
+
if(empty($request['age']) || 6 < $request['age']){
|
112
|
-
|
272
|
+
$errors[] = '「年齢」は必須です。' ;
|
113
|
-
# below.
|
114
|
-
|
273
|
+
}
|
274
|
+
|
275
|
+
|
276
|
+
if(empty($request['contact']) || 200 < mb_strlen($request['contact']) ){
|
277
|
+
$errors[] = '「お問い合わせ内容」は必須です。200文字以内で入力してください。';
|
278
|
+
}
|
279
|
+
|
115
|
-
|
280
|
+
if(empty($request['caution'])){
|
281
|
+
$errors[] = '「注意事項」をご確認ください。';
|
282
|
+
}
|
283
|
+
|
284
|
+
return $errors;
|
285
|
+
}
|
286
|
+
|
287
|
+
?>
|
116
288
|
```
|
1
試したこと、追加
title
CHANGED
File without changes
|
body
CHANGED
@@ -18,7 +18,18 @@
|
|
18
18
|
<VirtualHost *:80>
|
19
19
|
|
20
20
|
httpd.confの中にRequire all grantedを書きました。
|
21
|
+
|
22
|
+
**追記**
|
23
|
+
MAMP再インストール後、エラーで止まってるところまでのコードをudemyからダウンロードし、
|
24
|
+
mysqlにテーブルとユーザーを作り、エラーで止まる前までの動作確認は異常なし。
|
25
|
+
ローカルホストに繋いだ瞬間にclient denied by server configurationとエラーは出ましたが、
|
26
|
+
一応ブラウザのinput.phpからフォームに値を入れ、送信するも反映されません。
|
21
|
-
|
27
|
+
後は、MAMP起動時に前回のエラーも出でいたので、解決するためこちらのコードをターミナルで実行しました。
|
28
|
+
cd /Applications/MAMP/Library/pg/lib
|
29
|
+
rm libpq.5.dylib
|
30
|
+
rm libpq.dylib
|
31
|
+
ln -s libpq.5.7.dylib libpq.5.dylib
|
32
|
+
ln -s libpq.5.7.dylib libpq.dylib
|
22
33
|
### 補足情報(FW/ツールのバージョンなど)
|
23
34
|
Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1
|
24
35
|
|