質問編集履歴

コードを追加

2020/12/11 04:01

投稿

shotail

スコア2

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -34,83 +34,255 @@
 Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1
-### 該当のソースコード
-MAMP/conf/apache/extra/httpd-vhosts.conf
-```
-# Virtual Hosts
-#
-# Required modules: mod_log_config
-# If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at
-# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
+```inputphp
+<?php
-#
-# Use name-based virtual hosting.
-#
-NameVirtualHost *:80
+session_start();
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for all requests that do not
-# match a ServerName or ServerAlias in any <VirtualHost> block.
-#
-#<VirtualHost *:80>
-    #ServerAdmin webmaster@dummy-host.example.com
-    #DocumentRoot "/Applications/MAMP/Library/docs/dummy-host.example.com"
-    #ServerName dummy-host.example.com
-    #ServerAlias www.dummy-host.example.com
-    #ErrorLog "logs/dummy-host.example.com-error_log"
-    #CustomLog "logs/dummy-host.example.com-access_log" common
-#</VirtualHost>
+require 'validation.php';
-<Directory /Applications/MAMP/htdocs/>
+header('X-FRAME-OPTIONS:DENY');
-    Options FollowSymlinks Includes
-    AllowOverride All
-    AddType text/html .html
-    Require all granted
-</Directory>
-#<VirtualHost *:80>
-    #ServerAdmin webmaster@dummy-host2.example.com
-    #DocumentRoot "/Applications/MAMP/Library/docs/dummy-host2.example.com"
-    #ServerName dummy-host2.example.com
-    #ErrorLog "logs/dummy-host2.example.com-error_log"
-    #CustomLog "logs/dummy-host2.example.com-access_log" common
-#</VirtualHost>
+// スーパーグローバル変数 php 9種類
+// 連想配列
+if(!empty($_POST)){
+  echo '<pre>';
+  var_dump($_POST) ;
+  echo '</pre>';
+}
+function h($str)
+{
+	return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
+}
+// 入力、確認、完了 input.php, confirm.php, thanks.php
+// CSRF 偽物のinput.php->悪意のあるページ
+// input.php
+$pageFlag = 0;
+$errors = validation($_POST);
+if(!empty($_POST['btn_confirm']) && empty($errors)){
+  $pageFlag = 1;
+}
+if(!empty($_POST['btn_submit'])){
+  $pageFlag = 2;
+}
+?>
+<!doctype html>
+<html lang="ja">
+  <head>
+    <!-- Required meta tags -->
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+    <!-- Bootstrap CSS -->
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css" integrity="sha384-9aIt2nRpC12Uk9gS9baDl411NQApFmC26EwAOH8WgZl5MYYxFfc+NcPb1dKGj7Sk" crossorigin="anonymous">
+    <title>Hello, world!</title>
+  </head>
+<body>
+<?php if($pageFlag === 1 ) : ?>
+<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
+<form method="POST" action="input.php">
+氏名
+<?php echo h($_POST['your_name']) ;?>
+<br>
+メールアドレス
+<?php echo h($_POST['email']) ;?>
+<br>
+ホームページ
+<?php echo h($_POST['url']) ;?>
+<br>
+性別
+<?php
+  if($_POST['gender'] === '0'){ echo '男性'; }
+  if($_POST['gender'] === '1'){ echo '女性'; }
+?>
+<br>
+年齢
+<?php
+  if($_POST['age'] === '1'){ echo '〜19歳' ;}
+  if($_POST['age'] === '2'){ echo '20歳〜29歳' ;}
+  if($_POST['age'] === '3'){ echo '30歳〜39歳' ;}
+  if($_POST['age'] === '4'){ echo '40歳〜49歳' ;}
+  if($_POST['age'] === '5'){ echo '50歳〜59歳' ;}
+  if($_POST['age'] === '6'){ echo '60歳〜' ;}
+?>
+<br>
+お問い合わせ内容
+<?php echo h($_POST['contact']) ;?>
+<br>
+<input type="submit" name="back" value="戻る">
+<input type="submit" name="btn_submit" value="送信する">
+<input type="hidden" name="your_name" value="<?php echo h($_POST['your_name']) ;?>">
+<input type="hidden" name="email" value="<?php echo h($_POST['email']) ;?>">
+<input type="hidden" name="url" value="<?php echo h($_POST['url']) ;?>">
+<input type="hidden" name="gender" value="<?php echo h($_POST['gender']) ;?>">
+<input type="hidden" name="age" value="<?php echo h($_POST['age']) ;?>">
+<input type="hidden" name="contact" value="<?php echo h($_POST['contact']) ;?>">
+<input type="hidden" name="csrf" value="<?php echo h($_POST['csrf']) ;?>">
+</form>
+<?php endif; ?>
+<?php endif; ?>
+<?php if($pageFlag === 2 ) : ?>
+<?php if($_POST['csrf'] === $_SESSION['csrfToken']) :?>
+送信が完了しました。
+<?php unset($_SESSION['csrfToken']); ?>
+<?php endif; ?>
+<?php endif; ?>
+<?php if($pageFlag === 0 ) : ?>
+<?php
+if(!isset($_SESSION['csrfToken'])){
+  $csrfToken = bin2hex(random_bytes(32));
+  $_SESSION['csrfToken'] = $csrfToken;
+}
+$token = $_SESSION['csrfToken'];
+?>
+<?php if(!empty($errors) && !empty($_POST['btn_confirm']) ) : ?>
+<?php echo '<ul>' ;?>
+<?php
+  foreach($errors as $error){
+    echo '<li>' . $error . '</li>' ;
+  }
+?>
+<?php echo '</ul>' ; ?>
+<?php endif ;?>
+<div class="container">
+  <div class="row">
+    <div class="col-md-6">
+    <form method="POST" action="input.php">
+    <div class="form-group">
+      <label for="your_name">氏名</label>
+      <input type="text" class="form-control" id="your_name" name="your_name" value="<?php if(!empty($_POST['your_name'])){echo h($_POST['your_name']) ;} ?>" required>
+    </div>
+    <div class="form-group">
+      <label for="email">メールアドレス</label>
+      <input type="email" class="form-control" id="email" name="email" value="<?php if(!empty($_POST['email'])){echo h($_POST['email']) ;} ?>" required>
+    </div>
+    <div class="form-group">
+      <label for="url">ホームページ</label>
+      <input type="url" class="form-control" id="url" name="url" value="<?php if(!empty($_POST['url'])){echo h($_POST['url']) ;} ?>">
+    </div>
+性別
+    <div class="form-check form-check-inline">
+      <input class="form-check-input" type="radio" name="gender" id="gender1" value="0"
+      <?php if(!empty($_POST['gender']) && $_POST['gender'] === '0' )
+      { echo 'checked'; } ?>>
+      <label class="form-check-label">男性</label>
+      <input class="form-check-input" type="radio" name="gender" id="gender2" value="1"
+      <?php if(!empty($_POST['gender']) && $_POST['gender'] === '1' )
+      { echo 'checked'; } ?>>
+      <label class="form-check-label">女性</label>
+    </div>
+    <div class="form-group">
+    <label for="age">年齢</label>
+    <select class="form-control" id="age" name="age">
+      <option value="">選択してください</option>
+      <option value="1">〜19歳</option>
+      <option value="2">20歳〜29歳</option>
+      <option value="3">30歳〜39歳</option>
+      <option value="4">40歳〜49歳</option>
+      <option value="5">50歳〜59歳</option>
+      <option value="6">60歳〜</option>
+    </select>
+    </div>
+    <div class="form-group">
+      <label for="contact">お問い合わせ内容</label>
+      <textarea class="form-control" id="contact" row="3" name="contact">
+      <?php if(!empty($_POST['contact'])){echo h($_POST['contact']) ;} ?>
+      </textarea>
+    </div>
+    <div class="form-check">
+      <input class="form-check-input" type="checkbox" id="caution" name="caution" value="1">
+      <label class="form-check-label" for="caution">注意事項にチェックする</label>
+    </div>
+    <input class="btn btn-info" type="submit" name="btn_confirm" value="確認する">
+    <input type="hidden" name="csrf" value="<?php echo $token; ?>">
+    </form>
+    </div><!-- .col-md-6 -->
+  </div>
+</div>
+<?php endif; ?>
+ <!-- Optional JavaScript -->
+    <!-- jQuery first, then Popper.js, then Bootstrap JS -->
+    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
+    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js" integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3UksdQRVvoxMfooAo" crossorigin="anonymous"></script>
+    <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js" integrity="sha384-OgVRvuATP1z7JjHLkuOU7Xw704+h835Lr+6QL9UvYjZE3Ipu6Tp75j7Bh/kR0JKI" crossorigin="anonymous"></script>
+  </body>
+</html>
 ```
-MAMP/conf/apache/httpd.conf
+```validationphp
-```
+<?php
-#
-# Each directory to which Apache has access can be configured with respect
-# to which services and features are allowed and/or disabled in that
+function validation($request){ //$_POST連想配列
-# directory (and its subdirectories).
-#
-# First, we configure the "default" to be a very restrictive set of
-# features.
-#
-<Directory />
-    Options Indexes FollowSymLinks
-    AllowOverride None
-    Require all granted
-</Directory>
+  $errors = [];
+  if(empty($request['your_name']) || 20 < mb_strlen($request['your_name']) ){
+    $errors[] = '「氏名」は必須です。20文字以内で入力してください。';
-#
+  }
+  if(empty($request['email']) || !filter_var($request['email'], FILTER_VALIDATE_EMAIL)){
+    $errors[] = '「メールアドレス]は必須です。正しい形式で入力してください。';
+  }
+  if(!empty($request['url'])){
-# Note that from this point forward you must specifically allow
+    if(!filter_var($request['url'], FILTER_VALIDATE_URL)){
+      $errors[] = '「ホームページ」は正しい形式で入力してください。';
+    }
+  }
+  if(!isset($request['gender'])){
+    $errors[] = '「性別」は必須です。';
+  }
-# particular features to be enabled - so if something's not working as
+  if(empty($request['age']) || 6 < $request['age']){
-# you might expect, make sure that you have specifically enabled it
+    $errors[] = '「年齢」は必須です。' ;
-# below.
-#
+  }
+  if(empty($request['contact']) || 200 < mb_strlen($request['contact']) ){
+    $errors[] = '「お問い合わせ内容」は必須です。200文字以内で入力してください。';
+  }
-文字数オーバーのためRequire　all grantedの周辺だけのせました
+  if(empty($request['caution'])){
+    $errors[] = '「注意事項」をご確認ください。';
+  }
+  return $errors;
+}
+?>
 ```

試したこと、追加

2020/12/11 04:01

投稿

shotail

スコア2

title CHANGED Viewed

File without changes

body CHANGED Viewed

@@ -18,7 +18,18 @@
 <VirtualHost *:80>
 httpd.confの中にRequire all grantedを書きました。
+**追記**
+MAMP再インストール後、エラーで止まってるところまでのコードをudemyからダウンロードし、
+mysqlにテーブルとユーザーを作り、エラーで止まる前までの動作確認は異常なし。
+ローカルホストに繋いだ瞬間にclient denied by server configurationとエラーは出ましたが、
+一応ブラウザのinput.phpからフォームに値を入れ、送信するも反映されません。
-初心者なのであまり知識もないのですがこの辺の設定が怪しいと思ってます。
+後は、MAMP起動時に前回のエラーも出でいたので、解決するためこちらのコードをターミナルで実行しました。
+cd /Applications/MAMP/Library/pg/lib
+rm libpq.5.dylib
+rm libpq.dylib
+ln -s libpq.5.7.dylib libpq.5.dylib
+ln -s libpq.5.7.dylib libpq.dylib
 ### 補足情報（FW/ツールのバージョンなど）
 Apache/2.4.46 (Unix) OpenSSL/1.0.2u PHP/7.4.9 mod_wsgi/3.5 Python/2.7.13 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.11 Perl/v5.30.1