API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 16th, 2016
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. session_start();
  4.  
  5. if (!empty($_SESSION['logged_in']))
  6. header('Location: /index.php');
  7.  
  8. require_once('header.php');
  9.  
  10. $text = "That account doesn't seem to exist";
  11.  
  12. if($_SERVER['REQUEST_METHOD'] == 'POST')
  13. {
  14. if(!empty($_POST['username']) && !empty($_POST['password'])) {
  15. $username = $_POST['username'];
  16. $password = $_POST['password'];
  17.  
  18. if(strpos($password, '"') !== false)
  19. $text = "SQL injection detected";
  20. else {
  21. $servername = "localhost";
  22. $db_username = "irish_user";
  23. $db_password = "3d2f27921e2c13e7b66e7b486b0feae3dde1ef25";
  24. $dbname = "irish_home";
  25.  
  26. $conn = new mysqli($servername, $db_username, $db_password, $dbname);
  27. if ($conn->connect_error) {
  28. die("Connection failed: " . $conn->connect_error);
  29. }
  30.  
  31. $sql = "SELECT * FROM users where username=\"$username\" and BINARY password=\"$password\"";
  32.  
  33. $result = $conn->query($sql);
  34.  
  35. if (!$result)
  36. trigger_error('Invalid query: ' . $conn->error);
  37.  
  38. if ($result->num_rows > 0) {
  39. if(strpos($username, '"') !== false)
  40. $text = "SQL injection detected";
  41. else {
  42. $_SESSION['logged_in'] = $username;
  43. header('Location: /admin.php');
  44. }
  45. }
  46. $conn->close();
  47. }
  48. }
  49. echo "<ul class=\"messages\"><li class=\"error\">$text</li></ul>";
  50. }
  51. ?>
  52.  
  53. <form action="/login.php" method="POST">
  54. <div class="mdl-textfield mdl-js-textfield">
  55. <input class="mdl-textfield__input" type="text" id="username" name="username">
  56. <label class="mdl-textfield__label" for="username">Username</label>
  57. </div><br/>
  58. <div class="mdl-textfield mdl-js-textfield">
  59. <input class="mdl-textfield__input" type="password" id="password" name="password">
  60. <label class="mdl-textfield__label" for="password">Password</label>
  61. </div><br/>
  62. <div style="text-align: center;" class="mdl-textfield mdl-js-textfield">
  63. <button class="btn waves-effect waves-light" type="submit">Submit</button>
  64. </div>
  65. </form>
  66.  
  67. <?php
  68. require_once('footer.php');
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!