Hackvent_2019/Day 17/source.html

<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br><br></span><span style="color: #007700">if&nbsp;(isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'show'</span><span style="color: #007700">]))&nbsp;</span><span style="color: #0000BB">highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Verifies&nbsp;user&nbsp;credentials.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">verifyCreds</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$username</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$password</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$usr&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">);<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$res&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"SELECT&nbsp;password&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;username='"</span><span style="color: #007700">.</span><span style="color: #0000BB">$usr</span><span style="color: #007700">.</span><span style="color: #DD0000">"'"</span><span style="color: #007700">);<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$row&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$res</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">fetch_assoc</span><span style="color: #007700">();<br>&nbsp;&nbsp;if&nbsp;(</span><span style="color: #0000BB">$row</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(</span><span style="color: #0000BB">password_verify</span><span style="color: #007700">(</span><span style="color: #0000BB">$password</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$row</span><span style="color: #007700">[</span><span style="color: #DD0000">'password'</span><span style="color: #007700">]))&nbsp;return&nbsp;</span><span style="color: #0000BB">true</span><span style="color: #007700">;<br>&nbsp;&nbsp;&nbsp;&nbsp;else&nbsp;</span><span style="color: #0000BB">addFailedLoginAttempt</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$_SERVER</span><span style="color: #007700">[</span><span style="color: #DD0000">'REMOTE_ADDR'</span><span style="color: #007700">]);<br>&nbsp;&nbsp;}<br>&nbsp;&nbsp;return&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">;<br>}<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Determines&nbsp;if&nbsp;the&nbsp;given&nbsp;user&nbsp;is&nbsp;admin.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">isAdmin</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;return&nbsp;(</span><span style="color: #0000BB">$username&nbsp;</span><span style="color: #007700">===&nbsp;</span><span style="color: #DD0000">'santa'</span><span style="color: #007700">);<br>}<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Determines&nbsp;if&nbsp;the&nbsp;given&nbsp;username&nbsp;is&nbsp;already&nbsp;taken.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">isUsernameAvailable</span><span style=
</span>
</code></body></html>
Day17 code 2019-12-29 15:24:39 +01:00			`<html><head>`
			`<meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><code><span style="color: #000000">`
			<span style="color: #0000BB"><?php<br><br></span><span style="color: #007700">if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'show'</span><span style="color: #007700">])) </span><span style="color: #0000BB">highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br><br></span><span style="color: #FF8000">/*<br>  Verifies user credentials.<br> /<br></span><span style="color: #007700">function </span><span style="color: #0000BB">verifyCreds</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">, </span><span style="color: #0000BB">$username</span><span style="color: #007700">, </span><span style="color: #0000BB">$password</span><span style="color: #007700">) {<br>  </span><span style="color: #0000BB">$usr </span><span style="color: #007700">= </span><span style="color: #0000BB">$conn</span><span style="color: #007700">-></span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">);<br>  </span><span style="color: #0000BB">$res </span><span style="color: #007700">= </span><span style="color: #0000BB">$conn</span><span style="color: #007700">-></span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"SELECT password FROM users WHERE username='"</span><span style="color: #007700">.</span><span style="color: #0000BB">$usr</span><span style="color: #007700">.</span><span style="color: #DD0000">"'"</span><span style="color: #007700">);<br>  </span><span style="color: #0000BB">$row </span><span style="color: #007700">= </span><span style="color: #0000BB">$res</span><span style="color: #007700">-></span><span style="color: #0000BB">fetch_assoc</span><span style="color: #007700">();<br>  if (</span><span style="color: #0000BB">$row</span><span style="color: #007700">) {<br>    if (</span><span style="color: #0000BB">password_verify</span><span style="color: #007700">(</span><span style="color: #0000BB">$password</span><span style="color: #007700">, </span><span style="color: #0000BB">$row</span><span style="color: #007700">[</span><span style="color: #DD0000">'password'</span><span style="color: #007700">])) return </span><span style="color: #0000BB">true</span><span style="color: #007700">;<br>    else </span><span style="color: #0000BB">addFailedLoginAttempt</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">, </span><span style="color: #0000BB">$_SERVER</span><span style="color: #007700">[</span><span style="color: #DD0000">'REMOTE_ADDR'</span><span style="color: #007700">]);<br>  }<br>  return </span><span style="color: #0000BB">false</span><span style="color: #007700">;<br>}<br><br></span><span style="color: #FF8000">/<br>  Determines if the given user is admin.<br> /<br></span><span style="color: #007700">function </span><span style="color: #0000BB">isAdmin</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">) {<br>  return (</span><span style="color: #0000BB">$username </span><span style="color: #007700">=== </span><span style="color: #DD0000">'santa'</span><span style="color: #007700">);<br>}<br><br></span><span style="color: #FF8000">/<br>  Determines if the given username is already taken.<br> */<br></span><span style="color: #007700">function </span><span style="color: #0000BB">isUsernameAvailable</span><span style=
			`</span>`
			`</code></body></html>`