<?php require('db_connect.php');if (isset($_POST['user_id']) and isset($_

1. <?php
2. require('db_connect.php');
3.  
4. if (isset($_POST['user_id']) and isset($_POST['user_pass'])){
5.  
6. // Assigning POST values to variables.
7. $username = $_POST['user_id'];
8. $password = $_POST['user_pass'];
9. $debug = $_POST['debug'];
10.  
11. if ($username == 'admin' && $password == 'admin') {
12. echo "<script type='text/javascript'>alert('Did you seriously think it was gonna be this easy?')</script>";
13. }
14.  
15. //checks if both the password and the username don't contain these things
16.  
17. $pattern ="/.*['\"].*OR.*/i";
18. //$user_match becomes true if it matches the pattern of a SQL Injection
19. $user_match = preg_match($pattern, $username);
20. //$password_match becomes true if it matches the pattern of a SQL Injection
21. $password_match = preg_match($pattern, $username);
22. $sqli_detected = False;
23. if ($user_match==True || $password_match==True) {
24. echo "<script type='text/javascript'>alert('SQLi detected')</script>";
25. $sqli_detected = True;
26. }
27.  
28.  
29.  
30. //echo mysqli_query($connection, "SELECT * FROM accounts");
31. $query = "SELECT 1 FROM accounts WHERE user = '$username' AND password = '$password'";
32.  
33.  
34.  
35. $result = mysqli_query($connection, $query);
36.  
37.  
38.  
39.  
40. $count = mysqli_num_rows($result);
41.  
42. if (is_null($count)) {
43. //echo "Count: 0 \n";
44. }
45. else {
46. //echo "Count: " . $count;
47. }
48.  
49.  
50. if ($count == 1 && $sqli_detected == False ){
51.  
52. //echo "Login Credentials verified";
53. echo "<script type='text/javascript'>alert('You solved it congrats')</script>";
54. echo "You solved it congrats";
55.  
56. }else{
57. echo "<script type='text/javascript'>alert('Invalid Login Credentials')</script>";
58.  
59. echo "Invalid Login Credentials";
60. }
61. echo "<!--Proudly owned and maintained by james433-->";
62. echo "<!--PHP code source: -->";
63. }
64. ?>