Login

Login failed! Invalid username or password.
'; } else { // Display welcome message. $row = @mysql_fetch_array($result); $message = '
Welcome '.htmlentities($row['first_name']).' '. htmlentities($row['last_name']).' !

You are now logged in and you can buy products '. 'on our website.
'; $loginSuccess = 1; } } } else { $query = "No query was executed because login button was not pressed."; } if ($loginSuccess != 1) { ?>
Username :
Password :




Context

Page purpose
This page allows the customer log in.

Goal
Try to log into a member's account (anyone). Then you could try to login as the administrator. Finally, try to achieve some blind SQL injection to find additionnal information about structure and data.

Parameters
Both parameters are sent to the PHP script through "POST" method.