Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $admin_username = 'admin_42cebf16513c1898783d939b0afed141';
- $admin_password = '$6$rounds=10240$b2cdda324a52328c$30ZTp7tdJnmWC13wcF1OMCBKeA5Jk0ZILr9jIYdDUSudCGg20ktl3na72.9YSw19zoy56QcXlCmnJFJUDNzS1.';
- if(isset($_POST['user'],$_POST['pass'])){
- if (check_user_login(trim($_POST['user']),trim($_POST['pass']))){
- include_once("flag.php");
- echo "<div class='alert alert-success' role='alert'><b>BAM:</b>" . $flag . "</div>";
- }
- }
- function generate_password($password){
- return crypt($password, '$6$rounds=10240$'.md5(mt_rand()));
- }
- function check_user_login($posted_username,$posted_password){
- global $admin_username, $admin_password;
- if ($posted_username === $admin_username){
- if (crypt($posted_password, $admin_password) === $admin_password){
- return true;
- }
- } else {
- $tmp_pass = generate_password(time()); // copied code to prevent against timing attacks on username
- if (crypt($posted_password, $tmp_pass) === $tmp_pass){ // prevent brute forcing admin password from login form
- return true;
- }
- }
- return false;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
