Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <code><span style="color: #000000">
- <span style="color: #0000BB"><?php<br /><br /></span><span style="color: #FF8000">// $FLAG, $USER and $PASSWORD_SHA256 in secret file<br /></span><span style="color: #007700">require(</span><span style="color: #DD0000">"secret.php"</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// show my source code<br /></span><span style="color: #007700">if(isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'source'</span><span style="color: #007700">])){<br /> </span><span style="color: #0000BB">show_source</span><span style="color: #007700">(</span><span style="color: #0000BB">__FILE__</span><span style="color: #007700">);<br /> die();<br />}<br /><br /></span><span style="color: #0000BB">$return</span><span style="color: #007700">[</span><span style="color: #DD0000">'status'</span><span style="color: #007700">] = </span><span style="color: #DD0000">'Authentication failed!'</span><span style="color: #007700">;<br />if (isset(</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"auth"</span><span style="color: #007700">])) { <br /> </span><span style="color: #FF8000">// retrieve JSON data<br /> </span><span style="color: #0000BB">$auth </span><span style="color: #007700">= @</span><span style="color: #0000BB">json_decode</span><span style="color: #007700">(</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'auth'</span><span style="color: #007700">], </span><span style="color: #0000BB">true</span><span style="color: #007700">);<br /> <br /> </span><span style="color: #FF8000">// check login and password (sha256)<br /> </span><span style="color: #007700">if(</span><span style="color: #0000BB">$auth</span><span style="color: #007700">[</span><span style="color: #DD0000">'data'</span><span style="color: #007700">][</span><span style="color: #DD0000">'login'</span><span style="color: #007700">] == </span><span style="color: #0000BB">$USER </span><span style="color: #007700">&& !</span><span style="color: #0000BB">strcmp</span><span style="color: #007700">(</span><span style="color: #0000BB">$auth</span><span style="color: #007700">[</span><span style="color: #DD0000">'data'</span><span style="color: #007700">][</span><span style="color: #DD0000">'password'</span><span style="color: #007700">], </span><span style="color: #0000BB">$PASSWORD_SHA256</span><span style="color: #007700">)){<br /> </span><span style="color: #0000BB">$return</span><span style="color: #007700">[</span><span style="color: #DD0000">'status'</span><span style="color: #007700">] = </span><span style="color: #DD0000">"Access granted! The validation password is: </span><span style="color: #0000BB">$FLAG</span><span style="color: #DD0000">"</span><span style="color: #007700">;<br /> }<br />}<br />print </span><span style="color: #0000BB">json_encode</span><span style="color: #007700">(</span><span style="color: #0000BB">$return</span><span style="color: #007700">);<br /><br /></span>
- </span>
- </code>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement