Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require('db_connect.php');
- if (isset($_POST['user_id']) and isset($_POST['user_pass'])){
- // Assigning POST values to variables.
- $username = $_POST['user_id'];
- $password = $_POST['user_pass'];
- $debug = $_POST['debug'];
- if ($username == 'admin' && $password == 'admin') {
- echo "<script type='text/javascript'>alert('Did you seriously think it was gonna be this easy?')</script>";
- }
- //checks if both the password and the username don't contain these things
- $pattern ="/.*['\"].*OR.*/i";
- //$user_match becomes true if it matches the pattern of a SQL Injection
- $user_match = preg_match($pattern, $username);
- //$password_match becomes true if it matches the pattern of a SQL Injection
- $password_match = preg_match($pattern, $username);
- $sqli_detected = False;
- if ($user_match==True || $password_match==True) {
- echo "<script type='text/javascript'>alert('SQLi detected')</script>";
- $sqli_detected = True;
- }
- //echo mysqli_query($connection, "SELECT * FROM accounts");
- $query = "SELECT 1 FROM accounts WHERE user = '$username' AND password = '$password'";
- $result = mysqli_query($connection, $query);
- $count = mysqli_num_rows($result);
- if (is_null($count)) {
- //echo "Count: 0 \n";
- }
- else {
- //echo "Count: " . $count;
- }
- if ($count == 1 && $sqli_detected == False ){
- //echo "Login Credentials verified";
- echo "<script type='text/javascript'>alert('You solved it congrats')</script>";
- echo "You solved it congrats";
- }else{
- echo "<script type='text/javascript'>alert('Invalid Login Credentials')</script>";
- echo "Invalid Login Credentials";
- }
- echo "<!--Proudly owned and maintained by james433-->";
- echo "<!--PHP code source: -->";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement