<?php error_reporting(0); $loggedin = ""; if (isset($_POST['name']) &

1. <?php
2. error_reporting(0);
3. $loggedin = "";
4.  
5. if (isset($_POST['name']) && isset($_POST['pw'])) {
6. $username = $_POST['name'];
7. $pass = $_POST['pw'];
8. $hashed = md5(md5(md5(md5($pass))));
9.  
10. $servername = "localhost";
11. $dbusername = "login";
12. $dbpassword = "";
13. $dbname = "login";
14.  
15. $conn = new mysqli($servername, $dbusername, $dbpassword, $dbname);
16.  
17. if ($conn->connect_error) {
18. die("Connection failed: " . $conn->connect_error);
19. }
20.  
21. $sql = "SELECT * from tb_login where (substr(username, 1, 8) = substr((((((((((((((((((((((((((((((\"$username\"))))))))))))))))))))))))))))), 1, 8)) AND password = '$hashed'";
22. $result = $conn->query($sql);
23.  
24. if ($result->num_rows > 0) {
25. while($row = $result->fetch_assoc()) {
26. $loggedin = "ngadimin";
27. }
28. }
29.  
30. }
31. ?>
32.  
33. <!DOCTYPE html>
34. <html >
35. <head>
36. <meta charset="UTF-8">
37. <title>Login</title>
38. <link rel="stylesheet" href="css/style.css">
39. </head>
40.  
41. <body>
42.  
43. <form method="POST">
44. <h4> Login </h4>
45. <?php
46. if ($loggedin != "") {
47. echo "Welcome " . $loggedin . "! Flag is not in here<br><br>";
48. }
49. ?>
50. <input class="name" type="text" name="name" placeholder="Enter Username"/>
51. <input class="pw" type="password" name="pw" placeholder="Enter Password"/>
52. <input class="button" type="submit" value="Log in"/>
53. </form>
54.  
55. </body>
56. </html>