· 8 years ago · May 08, 2017, 04:50 PM
1cioc.php
2<?php
3include_once 'config.php';
4include_once 'filters.php';
5?>
6
7<!doctype html>
8<html lang="en">
9<head>
10 <title>Cioc</title>
11 <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet"
12 integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">
13 <meta charset="utf8">
14 <meta name="viewport" content="width=device-width, initial-scale=1">
15</head>
16<body>
17<div class="container" style="max-width: 600px; margin-top: 2em;">
18
19<!--
20default credentials:
21 user: "user"
22 password: "questaeunapassword!!"
23-->
24
25<?php
26$user = $_REQUEST['user'];
27$pwd = $_REQUEST['pwd'];
28$token = $_COOKIE["token_web2"];
29
30$user_cookie = lvl2_filter($_COOKIE["user"]);
31$pwd_cookie = lvl2_filter($_COOKIE["pwd"]);
32
33if (empty($token) || !check_token($token)){
34 echo "<div class='alert alert-warning'><b>Warning </b>You need to be logged in to the dashboard! If the error persists, try to reactivate the challenge.</div>";
35}
36
37if (!empty($user_cookie) && !empty($pwd_cookie)){
38 $user_cookie = encrypt(hex2bin($user_cookie), $secret_key);
39 $pwd_cookie = encrypt(hex2bin($pwd_cookie), $secret_key);
40
41 $query = "SELECT user_id FROM users WHERE username='$user_cookie' and password='$pwd_cookie'";
42 $result = mysqli_query($vuln_db,$query);
43 if ($user_cookie === 'user' || $result && (mysqli_num_rows($result)>0) && verify_user($token, $user_cookie)) {
44 echo "Hi $user_cookie, you are logged in.";
45 }
46 else echo "sorry, invalid cookie";
47}
48
49else if (!empty($user) && !empty($pwd)) {
50ini_set('display_errors', 1);
51ini_set('display_startup_errors', 1);
52error_reporting(E_ALL);
53 $stmt = $vuln_db->prepare("SELECT user_id FROM users WHERE username=? and password=?");
54 $stmt->bind_param("ss", $user, $pwd);
55
56 $stmt->execute();
57 $stmt->bind_result($user_id);
58
59 $stmt->fetch();
60
61 if ($user_id) {
62 setcookie('user', bin2hex(encrypt($user, $secret_key)));
63 setcookie('pwd', bin2hex(encrypt($pwd, $secret_key)));
64 echo "Hi $user, you are logged in.";
65 }
66 else echo "sorry, invalid username or password";
67}
68else { ?>
69
70<center>
71<h1 >John's Club</h1>
72<div class="ui-widget ui-widget-content ui-corner-all" style="width:300px"><br/>
73<form method=POST action="cioc.php">
74<table>
75<tr> <td>Name:</td> <td><input type=text name=user></td> </tr>
76<tr> <td>Password:</td> <td><input type=password name=pwd></td> </tr>
77</table>
78<input class="ui-button ui-button-text-only ui-widget ui-state-default ui-corner-all" type=submit value=login />
79</form>
80</div>
81</center>
82<?php }
83//include_once 'footer.php';
84 ?>