API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 28th, 2018
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.14 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  
  5. bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
  6. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
  7. bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project!
  8. It is for security-testing and educational purposes only.
  9.  
  10. Enjoy!
  11.  
  12. Malik Mesellem
  13. Twitter: @MME_IT
  14.  
  15. bWAPP is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (http://creativecommons.org/licenses/by-nc-nd/4.0/). Copyright © 2014 MME BVBA. All rights reserved.
  16.  
  17. */
  18.  
  19. include("functions_external.php");
  20. include("connect_i.php");
  21. include("admin/settings.php");
  22.  
  23. $message = "";
  24.  
  25. if(isset($_REQUEST["action"]))
  26. {
  27.  
  28. $recaptcha = $_POST["g-recaptcha-response"];
  29.  
  30. $url = 'https://www.google.com/recaptcha/api/siteverify';
  31. $data = array(
  32. 'secret' => '6LcrfXsUAAAAAD6Zl25lQHMIe4J-IPA_OvNNNNoR',
  33. 'response' => $recaptcha
  34. );
  35. $options = array(
  36. 'http' => array (
  37. 'method' => 'POST',
  38. 'content' => http_build_query($data)
  39. )
  40. );
  41. $context = stream_context_create($options);
  42. $verify = file_get_contents($url, false, $context);
  43. $captcha_success = json_decode($verify);
  44.  
  45. if ($captcha_success->success)
  46. {
  47. $login = $_REQUEST["login"];
  48. $password = $_REQUEST["password"];
  49. $password_conf = $_REQUEST["password_conf"];
  50. $email = $_REQUEST["email"];
  51. $secret = $_REQUEST["secret"];
  52. $mail_activation = isset($_POST["mail_activation"]) ? 1 : 0;
  53.  
  54. if($login == "" or $email == "" or $password == "" or $secret == "")
  55. {
  56.  
  57. $message = "<font color=\"red\">Please enter all the fields!</font>";
  58.  
  59. }
  60.  
  61. else
  62. {
  63.  
  64. /*
  65.  
  66. /^[a-z\d_]{2,20}$/i
  67. |||| | ||| |||
  68. |||| | ||| ||i : case insensitive
  69. |||| | ||| |/ : end of regex
  70. |||| | ||| $ : end of text
  71. |||| | ||{2,20} : repeated 2 to 20 times
  72. |||| | |] : end character group
  73. |||| | _ : underscore
  74. |||| \d : any digit
  75. |||a-z: 'a' through 'z'
  76. ||[ : start character group
  77. |^ : beginning of text
  78. / : regex start
  79.  
  80. */
  81.  
  82. if(preg_match("/^[a-z\d_]{2,20}$/i", $login) == false)
  83. {
  84.  
  85. $message = "<font color=\"red\">Please choose a valid login name!</font>";
  86.  
  87. }
  88.  
  89. else
  90. {
  91.  
  92. if(!filter_var($email, FILTER_VALIDATE_EMAIL))
  93. {
  94.  
  95. $message = "<font color=\"red\">Please enter a valid e-mail address!</font>";
  96.  
  97. }
  98.  
  99. else
  100. {
  101.  
  102. if($password != $password_conf)
  103. {
  104.  
  105. $message = "<font color=\"red\">The passwords don't match!</font>";
  106.  
  107. }
  108.  
  109. else
  110. {
  111.  
  112. // Input validations
  113. $login = mysqli_real_escape_string($link, $login);
  114. $login = htmlspecialchars($login, ENT_QUOTES, "UTF-8");
  115.  
  116. $password = mysqli_real_escape_string($link, $password);
  117. $password = hash("sha1", $password, false);
  118.  
  119. $email = mysqli_real_escape_string($link, $email);
  120. $email = htmlspecialchars($email, ENT_QUOTES, "UTF-8");
  121.  
  122. $secret = mysqli_real_escape_string($link, $secret);
  123. $secret = htmlspecialchars($secret, ENT_QUOTES, "UTF-8");
  124.  
  125. $sql = "SELECT * FROM users WHERE login = '" . $login . "' OR email = '" . $email . "'";
  126.  
  127. // Debugging
  128. // echo $sql;
  129.  
  130. $recordset = $link->query($sql);
  131.  
  132. if(!$recordset)
  133. {
  134.  
  135. die("Error: " . $link->error);
  136.  
  137. }
  138.  
  139. // Debugging
  140. // echo "<br />Affected rows: ";
  141. // printf($link->affected_rows);
  142.  
  143. $row = $recordset->fetch_object();
  144.  
  145. // If the user is not present
  146. if(!$row)
  147. {
  148.  
  149. // Debugging
  150. // echo "<br />Row: ";
  151. // print_r($row);
  152.  
  153. if($mail_activation == false)
  154. {
  155.  
  156. $sql = "INSERT INTO users (login, password, email, secret, activated) VALUES ('" . $login . "','" . $password . "','" . $email . "','" . $secret . "',1)";
  157.  
  158. // Debugging
  159. // echo $sql;
  160.  
  161. $recordset = $link->query($sql);
  162.  
  163. if(!$recordset)
  164. {
  165.  
  166. die("Error: " . $link->error);
  167.  
  168. }
  169.  
  170. // Debugging
  171. // echo "<br />Affected rows: ";
  172. // printf($link->affected_rows);
  173.  
  174. $message = "<font color=\"green\">User successfully created!</font>";
  175.  
  176. }
  177.  
  178. else
  179. {
  180.  
  181. // 'Activation code' generation
  182. $activation_code = random_string();
  183. $activation_code = hash("sha1", $activation_code, false);
  184.  
  185. // Debugging
  186. // echo $activation_code;
  187.  
  188. if($smtp_server != "")
  189. {
  190.  
  191. ini_set( "SMTP", $smtp_server);
  192.  
  193. //Debugging
  194. // $debug = "true";
  195.  
  196. }
  197.  
  198. // Sends an activation mail to the user
  199. $subject = "bWAPP - New User";
  200. $server = $_SERVER["HTTP_HOST"];
  201. $sender = $smtp_sender;
  202.  
  203. $content = "Welcome " . ucwords($login) . ",\n\n";
  204. $content.= "Click the link to activate your new user:\n\nhttp://" . $server . "/bWAPP/user_activation.php?user=" . $login . "&activation_code=" . $activation_code . "\n\n";
  205. $content.= "Greets from bWAPP!";
  206.  
  207. $status = @mail($email, $subject, $content, "From: $sender");
  208.  
  209. if($status != true)
  210. {
  211.  
  212. $message = "<font color=\"red\">User not successfully created! An e-mail could not be sent...</font>";
  213.  
  214. // Debugging
  215. // die("Error: mail was NOT send");
  216. // echo "Mail was NOT send";
  217.  
  218. }
  219.  
  220. else
  221. {
  222.  
  223. $sql = "INSERT INTO users (login, password, email, secret, activation_code) VALUES ('" . $login . "','" . $password . "','" . $email . "','" . $secret . "','" . $activation_code . "')";
  224.  
  225. // Debugging
  226. // echo $sql;
  227.  
  228. $recordset = $link->query($sql);
  229.  
  230. if(!$recordset)
  231. {
  232.  
  233. die("Error: " . $link->error);
  234.  
  235. }
  236.  
  237. // Debugging
  238. // echo "<br />Affected rows: ";
  239. // printf($link->affected_rows);
  240.  
  241. // Debugging
  242. // echo "Mail was send";
  243.  
  244. $message = "<font color=\"green\">User successfully created! An e-mail with an activation code has been sent.</font>";
  245.  
  246. }
  247.  
  248. }
  249.  
  250. }
  251.  
  252. else
  253. {
  254.  
  255. $message = "<font color=\"red\">The login or e-mail already exists!</font>";
  256.  
  257. }
  258.  
  259. }
  260.  
  261. }
  262.  
  263. }
  264.  
  265. }
  266.  
  267. } else {
  268.  
  269. // Eres un robot!
  270. $message = "<font color=\"red\">Sorry, but we think you are a robot!</font>";
  271. }
  272.  
  273. }
  274.  
  275. ?>
  276. <!DOCTYPE html>
  277. <html>
  278.  
  279. <head>
  280.  
  281. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  282.  
  283. <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects+Daughter">-->
  284. <link rel="stylesheet" type="text/css" href="stylesheets/stylesheet.css" media="screen" />
  285. <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />
  286.  
  287. <!--<script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>-->
  288. <script src="js/html5.js"></script>
  289.  
  290. <title>bWAPP - New User</title>
  291. <script src='https://www.google.com/recaptcha/api.js'></script>
  292. </head>
  293.  
  294. <body>
  295.  
  296. <header>
  297.  
  298. <h1>bWAPP</h1>
  299.  
  300. <h2>an extremely buggy web app !</h2>
  301.  
  302. </header>
  303.  
  304. <div id="menu">
  305.  
  306. <table>
  307.  
  308. <tr>
  309.  
  310. <td><a href="login.php">Login</font></a></td>
  311. <td><font color="#ffb717">New User</font></td>
  312. <td><a href="info.php">Info</a></td>
  313. <td><a href="training.php">Talks & Training</a></td>
  314. <td><a href="http://itsecgames.blogspot.com" target="_blank">Blog</a></td>
  315.  
  316. </tr>
  317.  
  318. </table>
  319.  
  320. </div>
  321.  
  322. <div id="main">
  323.  
  324. <h1>New User</h1>
  325.  
  326. <p>Create a new user.</p>
  327.  
  328. <form action="<?php echo($_SERVER["SCRIPT_NAME"]);?>" method="POST">
  329.  
  330. <table>
  331.  
  332. <tr><td>
  333.  
  334. <p><label for="login">Login:</label><br />
  335. <input type="text" id="login" name="login"></p>
  336.  
  337. </td>
  338.  
  339. <td width="5"></td>
  340.  
  341. <td>
  342.  
  343. <p><label for="email">E-mail:</label><br />
  344. <input type="text" id="email" name="email" size="30"></p>
  345.  
  346. </td></tr>
  347.  
  348. <tr><td>
  349.  
  350. <p><label for="password">Password:</label><br />
  351. <input type="password" id="password" name="password"></p>
  352.  
  353. </td>
  354.  
  355. <td width="25"></td>
  356.  
  357. <td>
  358.  
  359. <p><label for="password_conf">Re-type password:</label><br />
  360. <input type="password" id="password_conf" name="password_conf"></p>
  361.  
  362. </td></tr>
  363.  
  364. <tr><td colspan="3">
  365.  
  366. <p><label for="secret">Secret:</label><br />
  367. <input type="text" id="secret" name="secret" size="40"></p>
  368.  
  369. </td></tr>
  370.  
  371. <tr><td>
  372.  
  373. <p><label for="mail_activation">E-mail activation:</label>
  374. <input type="checkbox" id="mail_activation" name="mail_activation" value="">
  375.  
  376. </td></tr>
  377.  
  378. </table>
  379. <div class="g-recaptcha" data-sitekey="6LcrfXsUAAAAABLZKbnGeBkubHzZBtcc0gKvLUhC"></div>
  380. <button type="submit" name="action" value="create">Create</button>
  381.  
  382. </form>
  383.  
  384. <br />
  385. <?php
  386.  
  387. echo $message;
  388.  
  389. $link->close();
  390.  
  391. ?>
  392.  
  393. </div>
  394.  
  395. <div id="side">
  396.  
  397. <a href="http://twitter.com/MME_IT" target="blank_" class="button"><img src="./images/twitter.png"></a>
  398. <a href="http://be.linkedin.com/in/malikmesellem" target="blank_" class="button"><img src="./images/linkedin.png"></a>
  399. <a href="http://www.facebook.com/pages/MME-IT-Audits-Security/104153019664877" target="blank_" class="button"><img src="./images/facebook.png"></a>
  400. <a href="http://itsecgames.blogspot.com" target="blank_" class="button"><img src="./images/blogger.png"></a>
  401.  
  402. </div>
  403.  
  404. <div id="disclaimer">
  405.  
  406. <p>bWAPP is licensed under <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/4.0/" target="_blank"><img style="vertical-align:middle" src="./images/cc.png"></a> &copy; 2014 MME BVBA / Follow <a href="http://twitter.com/MME_IT" target="_blank">@MME_IT</a> on Twitter and ask for our cheat sheet, containing all solutions! / Need an exclusive <a href="http://www.mmebvba.com" target="_blank">training</a>?</p>
  407.  
  408. </div>
  409.  
  410. <div id="bee">
  411.  
  412. <img src="./images/bee_1.png">
  413.  
  414. </div>
  415.  
  416. </body>
  417.  
  418. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!