KJqZKF6T

1GeSHi`ed PHP code
21
32
43
54
65
76
87
98
109
1110
1211
1312
1413
1514
1615
1716
1817
1918
2019
2120
2221
2322
2423
2524
2625
2726
2827
2928
3029
3130
3231
3332
3433
3534
3635
3736
3837
3938
4039
4140
4241
4342
4443
4544
4645
4746
4847
4948
5049
5150
5251
5352
5453
5554
5655
5756
5857
5958
6059
6160
6261
6362
6463
6564
6665
6766
6867
6968
7069
7170
7271
7372
7473
7574
7675
7776
78<?php
79/* TABLE STRUCTURE
80CREATE TABLE IF NOT EXISTS users (
81userid    INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
82username  VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
83password  CHAR(32) CHARACTER SET ascii COLLATE ascii_bin NOT NULL
84) ENGINE=myISAM;
85*/
86 
87# Username and Password sent?
88if ( ('' !== ($username = Common::getPostString('username'))) && (false !== ($password = Common::getPostString('password', false))) ) {
89        auth1_onLogin($chall, $username, $password);
90}
91 
92/**
93 * Get the database for this challenge.
94 * @return GDO_Database
95 */
96function auth1_db()
97{
98        if (false === ($db = gdo_db_instance('localhost', WCC_AUTH_BYPASS1_USER, WCC_AUTH_BYPASS1_PASS, WCC_AUTH_BYPASS1_DB))) {
99                die('Database error 0815_1!');
100        }
101        $db->setLogging(false);
102        $db->setEMailOnError(false);
103        return $db;
104}
105 
106/**
107 * Exploit this!
108 * @param WC_Challenge $chall
109 * @param unknown_type $username
110 * @param unknown_type $password
111 * @return boolean
112 */
113function auth1_onLogin(WC_Challenge $chall, $username, $password)
114{
115        $db = auth1_db();
116        
117        $password = md5($password);
118        
119        $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
120        
121        if (false === ($result = $db->queryFirst($query))) {
122                echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false); # Unknown user
123                return false;
124        }
125 
126        # Welcome back!
127        echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false);
128        
129        # Challenge solved?
130        if (strtolower($result['username']) === 'admin') {
131                $chall->onChallengeSolved(GWF_Session::getUserID());
132        }
133        
134        return true;
135}
136?>
137<form action="index.php" method="post">
138<table>
139<tr>
140        <td><?php echo $chall->lang('username'); ?>:</td>
141        <td><input type="text" name="username" value="" /></td>
142</tr>
143<tr>
144        <td><?php echo $chall->lang('password'); ?>:</td>
145        <td><input type="password" name="password" value="" /></td>
146</tr>
147<tr>
148        <td></td>
149        <td><input type="submit" name="login" value="<?php echo $chall->lang('btn_login'); ?>" /></td>
150</tr>
151</table>
152</form>