· 4 years ago · May 24, 2021, 08:18 PM
1<!--
2SEED Lab: SQL Injection Education Web plateform
3Author: Kailiang Ying
4Email: kying@syr.edu
5-->
6
7<!--
8SEED Lab: SQL Injection Education Web plateform
9Enhancement Version 1
10Date: 12th April 2018
11Developer: Kuber Kohli
12
13Update: Implemented the new bootsrap design. Implemented a new Navbar at the top with two menu options for Home and edit profile, with a button to
14logout. The profile details fetched will be displayed using the table class of bootstrap with a dark table head theme.
15
16NOTE: please note that the navbar items should appear only for users and the page with error login message should not have any of these items at
17all. Therefore the navbar tag starts before the php tag but it end within the php script adding items as required.
18-->
19
20<!DOCTYPE html>
21<html lang="en">
22<head>
23 <!-- Required meta tags -->
24 <meta charset="utf-8">
25 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
26
27 <!-- Bootstrap CSS -->
28 <link rel="stylesheet" href="css/bootstrap.min.css">
29 <link href="css/style_home.css" type="text/css" rel="stylesheet">
30
31 <!-- Browser Tab title -->
32 <title>SQLi Lab</title>
33</head>
34<body>
35 <nav class="navbar fixed-top navbar-expand-lg navbar-light" style="background-color: #3EA055;">
36 <div class="collapse navbar-collapse" id="navbarTogglerDemo01">
37 <a class="navbar-brand" href="unsafe_home.php" ><img src="seed_logo.png" style="height: 40px; width: 200px;" alt="SEEDLabs"></a>
38
39 <?php
40 session_start();
41 // if the session is new extract the username password from the GET request
42 $input_uname = $_GET['username'];
43 $input_pwd = $_GET['Password'];
44 $hashed_pwd = sha1($input_pwd);
45
46 // check if it has exist login session
47 if($input_uname=="" and $hashed_pwd==sha1("") and $_SESSION['name']!="" and $_SESSION['pwd']!=""){
48 $input_uname = $_SESSION['name'];
49 $hashed_pwd = $_SESSION['pwd'];
50 }
51
52 // Function to create a sql connection.
53 function getDB() {
54 $dbhost="localhost";
55 $dbuser="root";
56 $dbpass="seedubuntu";
57 $dbname="Users";
58 // Create a DB connection
59 $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
60 if ($conn->connect_error) {
61 echo "</div>";
62 echo "</nav>";
63 echo "<div class='container text-center'>";
64 die("Connection failed: " . $conn->connect_error . "\n");
65 echo "</div>";
66 }
67 return $conn;
68 }
69
70 // create a connection
71 $conn = getDB();
72 // Sql query to authenticate the user
73 $sql = "SELECT id, name, eid, salary, birth, ssn, phoneNumber, address, email,nickname,Password
74 FROM credential
75 WHERE name= '$input_uname' and Password='$hashed_pwd'";
76 if (!$result = $conn->query($sql)) {
77 echo "</div>";
78 echo "</nav>";
79 echo "<div class='container text-center'>";
80 die('There was an error running the query [' . $conn->error . ']\n');
81 echo "</div>";
82 }
83 /* convert the select return result into array type */
84 $return_arr = array();
85 while($row = $result->fetch_assoc()){
86 array_push($return_arr,$row);
87 }
88
89 /* convert the array type to json format and read out*/
90 $json_str = json_encode($return_arr);
91 $json_a = json_decode($json_str,true);
92 $id = $json_a[0]['id'];
93 $name = $json_a[0]['name'];
94 $eid = $json_a[0]['eid'];
95 $salary = $json_a[0]['salary'];
96 $birth = $json_a[0]['birth'];
97 $ssn = $json_a[0]['ssn'];
98 $phoneNumber = $json_a[0]['phoneNumber'];
99 $address = $json_a[0]['address'];
100 $email = $json_a[0]['email'];
101 $pwd = $json_a[0]['Password'];
102 $nickname = $json_a[0]['nickname'];
103 if($id!=""){
104 // If id exists that means user exists and is successfully authenticated
105 drawLayout($id,$name,$eid,$salary,$birth,$ssn,$pwd,$nickname,$email,$address,$phoneNumber);
106 }else{
107 // User authentication failed
108 echo "</div>";
109 echo "</nav>";
110 echo "<div class='container text-center'>";
111 echo "<div class='alert alert-danger'>";
112 echo "The account information your provide does not exist.";
113 echo "<br>";
114 echo "</div>";
115 echo "<a href='index.html'>Go back</a>";
116 echo "</div>";
117 return;
118 }
119 // close the sql connection
120 $conn->close();
121
122 function drawLayout($id,$name,$eid,$salary,$birth,$ssn,$pwd,$nickname,$email,$address,$phoneNumber){
123 if($id!=""){
124 session_start();
125 $_SESSION['id'] = $id;
126 $_SESSION['eid'] = $eid;
127 $_SESSION['name'] = $name;
128 $_SESSION['pwd'] = $pwd;
129 }else{
130 echo "can not assign session";
131 }
132 if ($name !="Admin") {
133 // If the user is a normal user.
134 echo "<ul class='navbar-nav mr-auto mt-2 mt-lg-0' style='padding-left: 30px;'>";
135 echo "<li class='nav-item active'>";
136 echo "<a class='nav-link' href='unsafe_home.php'>Home <span class='sr-only'>(current)</span></a>";
137 echo "</li>";
138 echo "<li class='nav-item'>";
139 echo "<a class='nav-link' href='unsafe_edit_frontend.php'>Edit Profile</a>";
140 echo "</li>";
141 echo "</ul>";
142 echo "<button onclick='logout()' type='button' id='logoffBtn' class='nav-link my-2 my-lg-0'>Logout</button>";
143 echo "</div>";
144 echo "</nav>";
145 echo "<div class='container col-lg-4 col-lg-offset-4 text-center'>";
146 echo "<br><h1><b> $name Profile </b></h1>";
147 echo "<hr><br>";
148 echo "<table class='table table-striped table-bordered'>";
149 echo "<thead class='thead-dark'>";
150 echo "<tr>";
151 echo "<th scope='col'>Key</th>";
152 echo "<th scope='col'>Value</th>";
153 echo "</tr>";
154 echo "</thead>";
155 echo "<tr>";
156 echo "<th scope='row'>Employee ID</th>";
157 echo "<td>$eid</td>";
158 echo "</tr>";
159 echo "<tr>";
160 echo "<th scope='row'>Salary</th>";
161 echo "<td>$salary</td>";
162 echo "</tr>";
163 echo "<tr>";
164 echo "<th scope='row'>Birth</th>";
165 echo "<td>$birth</td>";
166 echo "</tr>";
167 echo "<tr>";
168 echo "<th scope='row'>SSN</th>";
169 echo "<td>$ssn</td>";
170 echo "</tr>";
171 echo "<tr>";
172 echo "<th scope='row'>NickName</th>";
173 echo "<td>$nickname</td>";
174 echo "</tr>";
175 echo "<tr>";
176 echo "<th scope='row'>Email</th>";
177 echo "<td>$email</td>";
178 echo "</tr>";
179 echo "<tr>";
180 echo "<th scope='row'>Address</th>";
181 echo "<td>$address</td>";
182 echo "</tr>";
183 echo "<tr>";
184 echo "<th scope='row'>Phone Number</th>";
185 echo "<td>$phoneNumber</td>";
186 echo "</tr>";
187 echo "</table>";
188 }
189 else {
190 // if user is admin.
191 $conn = getDB();
192 $sql = "SELECT id, name, eid, salary, birth, ssn, password, nickname, email, address, phoneNumber
193 FROM credential";
194 if (!$result = $conn->query($sql)) {
195 die('There was an error running the query [' . $conn->error . ']\n');
196 }
197 $return_arr = array();
198 while($row = $result->fetch_assoc()){
199 array_push($return_arr,$row);
200 }
201 $json_str = json_encode($return_arr);
202 $json_aa = json_decode($json_str,true);
203 $conn->close();
204 $max = sizeof($json_aa);
205 echo "<ul class='navbar-nav mr-auto mt-2 mt-lg-0' style='padding-left: 30px;'>";
206 echo "<li class='nav-item active'>";
207 echo "<a class='nav-link' href='unsafe_home.php'>Home <span class='sr-only'>(current)</span></a>";
208 echo "</li>";
209 echo "<li class='nav-item'>";
210 echo "<a class='nav-link' href='unsafe_edit_frontend.php'>Edit Profile</a>";
211 echo "</li>";
212 echo "</ul>";
213 echo "<button onclick='logout()' type='button' id='logoffBtn' class='nav-link my-2 my-lg-0'>Logout</button>";
214 echo "</div>";
215 echo "</nav>";
216 echo "<div class='container'>";
217 echo "<br><h1 class='text-center'><b> User Details </b></h1>";
218 echo "<hr><br>";
219 echo "<table class='table table-striped table-bordered'>";
220 echo "<thead class='thead-dark'>";
221 echo "<tr>";
222 echo "<th scope='col'>Username</th>";
223 echo "<th scope='col'>EId</th>";
224 echo "<th scope='col'>Salary</th>";
225 echo "<th scope='col'>Birthday</th>";
226 echo "<th scope='col'>SSN</th>";
227 echo "<th scope='col'>Nickname</th>";
228 echo "<th scope='col'>Email</th>";
229 echo "<th scope='col'>Address</th>";
230 echo "<th scope='col'>Ph. Number</th>";
231 echo "</tr>";
232 echo "</thead>";
233 echo "<tbody>";
234 for($i=0; $i< $max;$i++){
235 //TODO: printout all the data for that users.
236 $i_id = $json_aa[$i]['id'];
237 $i_name= $json_aa[$i]['name'];
238 $i_eid= $json_aa[$i]['eid'];
239 $i_salary= $json_aa[$i]['salary'];
240 $i_birth= $json_aa[$i]['birth'];
241 $i_ssn= $json_aa[$i]['ssn'];
242 $i_pwd = $json_aa[$i]['Password'];
243 $i_nickname= $json_aa[$i]['nickname'];
244 $i_email= $json_aa[$i]['email'];
245 $i_address= $json_aa[$i]['address'];
246 $i_phoneNumber= $json_aa[$i]['phoneNumber'];
247 echo "<tr>";
248 echo "<th scope='row'> $i_name</th>";
249 echo "<td>$i_eid</td>";
250 echo "<td>$i_salary</td>";
251 echo "<td>$i_birth</td>";
252 echo "<td>$i_ssn</td>";
253 echo "<td>$i_nickname</td>";
254 echo "<td>$i_email</td>";
255 echo "<td>$i_address</td>";
256 echo "<td>$i_phoneNumber</td>";
257 echo "</tr>";
258 }
259 echo "</tbody>";
260 echo "</table>";
261 }
262 }
263 ?>
264 <br><br>
265 <div class="text-center">
266 <p>
267 Copyright © SEED LABs
268 </p>
269 </div>
270 </div>
271 <script type="text/javascript">
272 function logout(){
273 location.href = "logoff.php";
274 }
275 </script>
276 </body>
277 </html>