Hackvent_2019/Day 17/source.html

5 lines
9.4 KiB
HTML
Raw Permalink Normal View History

2019-12-29 15:24:39 +01:00
<html><head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br><br></span><span style="color: #007700">if&nbsp;(isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'show'</span><span style="color: #007700">]))&nbsp;</span><span style="color: #0000BB">highlight_file</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Verifies&nbsp;user&nbsp;credentials.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">verifyCreds</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$username</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$password</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$usr&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">real_escape_string</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">);<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$res&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">query</span><span style="color: #007700">(</span><span style="color: #DD0000">"SELECT&nbsp;password&nbsp;FROM&nbsp;users&nbsp;WHERE&nbsp;username='"</span><span style="color: #007700">.</span><span style="color: #0000BB">$usr</span><span style="color: #007700">.</span><span style="color: #DD0000">"'"</span><span style="color: #007700">);<br>&nbsp;&nbsp;</span><span style="color: #0000BB">$row&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$res</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">fetch_assoc</span><span style="color: #007700">();<br>&nbsp;&nbsp;if&nbsp;(</span><span style="color: #0000BB">$row</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;(</span><span style="color: #0000BB">password_verify</span><span style="color: #007700">(</span><span style="color: #0000BB">$password</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$row</span><span style="color: #007700">[</span><span style="color: #DD0000">'password'</span><span style="color: #007700">]))&nbsp;return&nbsp;</span><span style="color: #0000BB">true</span><span style="color: #007700">;<br>&nbsp;&nbsp;&nbsp;&nbsp;else&nbsp;</span><span style="color: #0000BB">addFailedLoginAttempt</span><span style="color: #007700">(</span><span style="color: #0000BB">$conn</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$_SERVER</span><span style="color: #007700">[</span><span style="color: #DD0000">'REMOTE_ADDR'</span><span style="color: #007700">]);<br>&nbsp;&nbsp;}<br>&nbsp;&nbsp;return&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">;<br>}<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Determines&nbsp;if&nbsp;the&nbsp;given&nbsp;user&nbsp;is&nbsp;admin.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">isAdmin</span><span style="color: #007700">(</span><span style="color: #0000BB">$username</span><span style="color: #007700">)&nbsp;{<br>&nbsp;&nbsp;return&nbsp;(</span><span style="color: #0000BB">$username&nbsp;</span><span style="color: #007700">===&nbsp;</span><span style="color: #DD0000">'santa'</span><span style="color: #007700">);<br>}<br><br></span><span style="color: #FF8000">/**<br>&nbsp;*&nbsp;Determines&nbsp;if&nbsp;the&nbsp;given&nbsp;username&nbsp;is&nbsp;already&nbsp;taken.<br>&nbsp;*/<br></span><span style="color: #007700">function&nbsp;</span><span style="color: #0000BB">isUsernameAvailable</span><span style=
</span>
</code></body></html>