This was a Project for an university course called "System Security". The aim was to create a small Web-Application like a blog or marketplace to demonstrate the need of input validation in order to protect Web-Applications, or in general Software from all kinds of vulnerabilities like SQL-Injection, Cross-Site-Scripting (XSS), ... Therefore we made two versions of our Project, one with Security measures and one without.
Collaborators: @Laurammf @cmichelutti99 @tschwaab1
Note: You can see some preview images below!
We are using a modular system. This means Pages like about.php or index.php are separated into multiple parts. For example: The menu at the top is inside extra file (src/assets/layout/navbar.php) and the Login-Popup HTML code is separated in src/assets/layout/login_popup.php. These files are included on every Page where they are needed, this makes changes to the menu, ... easier and you dont have to edit 20 files for 1 change.
Location of config.php's are src/includes/config.php & src_unsafe/includes/config.php
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', '');
define('DB_NAME', 'marketplace');
Upload both folders (src and src_unsafe) to your e.g. htdocs directory (Also known as DocumentRoot).
Note: In case you are using XAMPP your DocumentRoot is normally located in "C:\xampp\htdocs" (Windows) or "/Applications/xampp/xamppfiles/htdocs" (Mac)
Go to your Domain "http://example.com/src" for the safe Version and "http://example.com/src_unsafe" for the unsafe version or in case you are using Xampp to "http://localhost/src" for the safe version or "http://localhost/src_unsafe" for the unsafe version.
Note: Of course the path where you find the script depends on where you copied or uploaded it.
There are two default Accounts and a few default Offers inside the marketplace.sql
Account#1
User: admin Pass: admin
Account#2
User: user Pass: user
Of course you're free to create your own Account and Offers! :)
If there are any doubts or questions please contact us at: info@tschwaab.net