API tools faq
paste
Advertisement
Guest User

fthis

a guest
May 10th, 2018
113
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.91 KB | None | 0 0
raw download clone embed print report
  1. <?
  2.  
  3. function debug($msg) { /* {{{ */
  4. if(array_key_exists("debug", $_GET)) {
  5. print "DEBUG: $msg<br>";
  6. }
  7. }
  8.  
  9. function print_credentials() {
  10. if($_SESSION and array_key_exists("admin", $_SESSION) and $_SESSION["admin"] == 1) {
  11. print "You are an admin. The credentials for the next level are:<br>";
  12. print "<pre>Username: natas21\n";
  13. print "Password: <censored></pre>";
  14. } else {
  15. print "You are logged in as a regular user. Login as an admin to retrieve credentials for natas21.";
  16. }
  17. }
  18.  
  19. function myread($sid) {
  20. debug("MYREAD $sid");
  21. if(strspn($sid, "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM-") != strlen($sid)) {
  22. debug("Invalid SID");
  23. return;
  24. }
  25. $filename = session_save_path() . "/" . "mysess_" . $sid;
  26. if(!file_exists($filename)) {
  27. debug("Session file doesn't exist");
  28. return "";
  29. }
  30. debug("Reading from ". $filename);
  31. $data = file_get_contents($filename);
  32. $_SESSION = array();
  33. foreach(explode("\n", $data) as $line) {
  34. debug("Read [$line]");
  35. //first key is admin, then second key is name -> limit 2 to store names with spaces eg (SIN JIA)
  36. $parts = explode(" ", $line, 2);
  37. //kk, this just assigns the $value to SESSION[$key] (eg value '0' to SESSION["admin"])
  38. if($parts[0] != "") $_SESSION[$parts[0]] = $parts[1]; //this is wtf? read the mywrite function
  39. } //SERIOUSLY WTF WHY SESSION HAS PARTS AND ANOTHER PARTS FUCK FUCK FUCK
  40. return session_encode();
  41. }
  42.  
  43. function mywrite($sid, $data) {
  44. // $data contains the serialized version of $_SESSION
  45. // but our encoding is better
  46. debug("MYWRITE $sid $data");
  47. // make sure the sid is alnum only!!
  48. if(strspn($sid, "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM-") != strlen($sid)) {
  49. debug("Invalid SID");
  50. return;
  51. }
  52. $filename = session_save_path() . "/" . "mysess_" . $sid;
  53. $data = "";
  54. debug("Saving in ". $filename);
  55. ksort($_SESSION); //Only Sorts the keys, meaning (admin key then name key)
  56. foreach($_SESSION as $key => $value) {
  57. debug("$key => $value");
  58. $data .= "$key $value\n";
  59. }
  60. file_put_contents($filename, $data);
  61. chmod($filename, 0600);
  62. }
  63.  
  64. session_set_save_handler(
  65. "myread",
  66. "mywrite");
  67. session_start();
  68.  
  69. if(array_key_exists("name", $_REQUEST)) {
  70. $_SESSION["name"] = $_REQUEST["name"];
  71. debug("Name set to " . $_REQUEST["name"]);
  72. }
  73.  
  74. print_credentials();
  75.  
  76. $name = "";
  77. if(array_key_exists("name", $_SESSION)) {
  78. $name = $_SESSION["name"];
  79. }
  80.  
  81. ?>
  82.  
  83. <form action="index.php" method="POST">
  84. Your name: <input name="name" value="<?=$name?>"><br>
  85. <input type="submit" value="Change name" />
  86. </form>
  87. <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
  88. </div>
  89. </body>
  90. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!