sql time2

SUBMITTED BY: leakage

DATE: Nov. 29, 2015, 3:28 a.m.

FORMAT: Text only

SIZE: 4.2 kB

Raw Download

HITS: 467

Report
  1. <?php include("../includes/header.inc"); ?>
  3. <div class="col">
  4. <h2>Login</h2>
  7. <?php
  8. $username = "";
  9. $password = "";
  10. if (isset($_POST["username"]))
  11. $username = $_POST["username"];
  12. if (isset($_POST["password"]))
  13. $password = $_POST["password"];
  15. // Define vars.
  16. $message = "";
  17. $loginSuccess = 0;
  18. $conn = @mysql_connect(DB_SERVER, DB_USER, DB_PWD);
  19. $securePwd = str_replace("'", "''", $password);
  20. $query = "SELECT first_name, last_name FROM members WHERE username='$username' AND password='$securePwd'";
  22. // Visitor is logging in and connection is OK.
  23. if (isset($_POST["submit"]) && $conn)
  24. {
  25. if (isset($_POST["username"]) && isset($_POST["password"]))
  26. {
  27. @mysql_select_db(DB_NAME);
  28. $result = @mysql_query($query);
  30. // Failed login.
  31. if (@mysql_num_rows($result)==0)
  32. {
  33. $message = '<div class="messagebox"><font class="errorTitle">Login failed! Invalid username or password.</font></div>';
  34. }
  35. else
  36. {
  37. // Display welcome message.
  38. $row = @mysql_fetch_array($result);
  39. $message = '<div class="messagebox">Welcome <font style="color:#fff; font-weight:bold;">'.htmlentities($row['first_name']).' '.
  40. htmlentities($row['last_name']).'</font> !<br /><br />You are now logged in and you can buy products '.
  41. 'on our website.</div>';
  42. $loginSuccess = 1;
  43. }
  44. }
  45. }
  46. else
  47. {
  48. $query = "<i>No query was executed because login button was not pressed.</i>";
  49. }
  51. if ($loginSuccess != 1)
  52. {
  53. ?>
  55. <form method="post">
  56. <table>
  57. <tr>
  58. <td class="formLabel">
  59. Username :
  60. </td>
  61. <td class="formField">
  62. <input name="username" type="text" value="<?php echo htmlentities($username); ?>">
  63. </td>
  64. </tr>
  65. <tr>
  66. <td class="formLabel">
  67. Password :
  68. </td>
  69. <td class="formField">
  70. <input name="password" type="password">
  71. </td>
  72. </tr>
  73. <tr>
  74. <td colspan="2" style="text-align:center;">
  75. <br /><input name="submit" type="submit" value="Login" />
  76. </td>
  77. </tr>
  78. </table>
  79. </form>
  80. <br /><br /><br />
  82. <?php
  83. }
  85. echo $message;
  87. // Show debug boxes (MySQL error and Query generated).
  88. include("../includes/debug.inc");
  89. ?>
  90. </div>
  92. <div class="col last">
  93. <h3>Context</h3>
  94. <div class="case">
  95. <p><font class="caseTitle">Page purpose</font><br />
  96. This page allows the customer log in.</p>
  97. </div>
  98. <div class="case">
  99. <p><font class="caseTitle">Goal</font><br />
  100. Try to log into a member's account (anyone). Then you could try to login as the administrator.
  101. Finally, try to achieve some blind SQL injection to find additionnal information
  102. about structure and data.</p>
  103. </div>
  104. <div class="lastcase">
  105. <p><font class="caseTitle">Parameters</font><br />
  106. Both parameters are sent to the PHP script through &quot;POST&quot; method.
  107. </div>
  108. </div>
  109. <div class="divclear"></div>
  114. <?php include("../includes/footer.inc"); ?>
comments powered by Disqus