Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
- #include <mysql/mysql.h>
- int searchdb(char *user, char *pass) {
- char *query;
- int num_fields;
- MYSQL mysql;
- MYSQL_RES *result;
- MYSQL_ROW row;
- query = malloc(1024);
- mysql_init(&mysql);
- mysql_real_connect(&mysql,"localhost","cgi","cgi","cgi",0,NULL,0);
- sprintf(query, "select COUNT(*) from user where username='%s' and password='%s'", user, pass);
- mysql_query(&mysql, query);
- result=mysql_store_result(&mysql);
- row = mysql_fetch_row(result);
- free(user);
- free(pass);
- if (row[0][0] == '1')
- return 1;
- else return 0;
- }
- int main() {
- char *data,*var, *amp;
- char *user; char *pass;
- char out[2048], outstr[256];
- data = getenv("QUERY_STRING");
- user = malloc(strlen(data));
- pass = malloc(strlen(data));
- sprintf(out, "Content-type: text/html\n\n");
- strcat(out, "<html><title>Hello</title><body>\n");
- var = strstr(data, "user=");
- amp = strchr(var, '&');
- if (amp)
- *amp=0;
- strcpy(user, var+5);
- *amp='&';
- var = strstr(data, "pass=");
- amp = strchr(var, '&');
- if (amp)
- *amp=0;
- strcpy(pass, var+5);
- strcat(out, "<html><title>Hello</title><body>\n Welcome ");
- strcat(out, user);
- if (searchdb(user,pass)) {
- sprintf(outstr, "<br>Login %s correct", user);
- } else {
- sprintf(outstr, "<br>Login %s incorrect", user);
- }
- strcat(out, outstr);
- strcat(out, "</body></html>");
- printf(out);
- return 1;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement