x58ufJ7p

1GeSHi`ed PHP code
2
3<?php
4/* TABLE STRUCTURE
5CREATE TABLE IF NOT EXISTS users (
6userid    INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
7username  VARCHAR(32) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
8password  CHAR(32) CHARACTER SET ascii COLLATE ascii_bin NOT NULL
9) ENGINE=myISAM;
10*/
11 
12# Username and Password sent?
13if ( ('' !== ($username = Common::getPostString('username'))) && (false !== ($password = Common::getPostString('password', false))) ) {
14        auth1_onLogin($chall, $username, $password);
15}
16 
17/**
18 * Get the database for this challenge.
19 * @return GDO_Database
20 */
21function auth1_db()
22{
23        if (false === ($db = gdo_db_instance('localhost', WCC_AUTH_BYPASS1_USER, WCC_AUTH_BYPASS1_PASS, WCC_AUTH_BYPASS1_DB))) {
24                die('Database error 0815_1!');
25        }
26        $db->setLogging(false);
27        $db->setEMailOnError(false);
28        return $db;
29}
30 
31/**
32 * Exploit this!
33 * @param WC_Challenge $chall
34 * @param unknown_type $username
35 * @param unknown_type $password
36 * @return boolean
37 */
38function auth1_onLogin(WC_Challenge $chall, $username, $password)
39{
40        $db = auth1_db();
41        
42        $password = md5($password);
43        
44        $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
45        
46        if (false === ($result = $db->queryFirst($query))) {
47                echo GWF_HTML::error('Auth1', $chall->lang('err_unknown'), false); # Unknown user
48                return false;
49        }
50 
51        # Welcome back!
52        echo GWF_HTML::message('Auth1', $chall->lang('msg_welcome_back', htmlspecialchars($result['username'])), false);
53        
54        # Challenge solved?
55        if (strtolower($result['username']) === 'admin') {
56                $chall->onChallengeSolved(GWF_Session::getUserID());
57        }
58        
59        return true;
60}
61?>
62<form action="index.php" method="post">
63<table>
64<tr>
65        <td><?php echo $chall->lang('username'); ?>:</td>
66        <td><input type="text" name="username" value="" /></td>
67</tr>
68<tr>
69        <td><?php echo $chall->lang('password'); ?>:</td>
70        <td><input type="password" name="password" value="" /></td>
71</tr>
72<tr>
73        <td></td>
74        <td><input type="submit" name="login" value="<?php echo $chall->lang('btn_login'); ?>" /></td>
75</tr>
76</table>
77</form>