Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if (isset($_GET['source'])) {
- highlight_file(__FILE__);
- exit;
- }
- // Settings
- ini_set('display_errors', 1);
- ini_set('display_startup_errors', 1);
- error_reporting(E_ALL);
- date_default_timezone_set('Asia/Taipei');
- session_start();
- // CSRF
- if (!isset($_SESSION['csrf_key']))
- $_SESSION['csrf_key'] = md5(rand() * rand());
- require_once('csrf.php');
- $csrf = new Csrf($_SESSION['csrf_key']);
- if ($action = @$_GET['action']) {
- function redirect($path = '/', $message = null) {
- $alert = $message ? 'alert(' . json_encode($message) . ')' : '';
- $path = json_encode($path);
- die("<script>$alert; document.location.replace($path);</script>");
- }
- if ($action === 'logout') {
- unset($_SESSION['user']);
- redirect('/');
- }
- else if ($action === 'login') {
- // Validate CSRF token
- $token = @$_POST['csrf_token'];
- if (!$token || !$csrf->validate($token)) {
- redirect('/', 'invalid csrf_token');
- }
- // Check if username and password are given
- $username = @$_POST['username'];
- $password = @$_POST['password'];
- if (!$username || !$password) {
- redirect('/', 'username and password should not be empty');
- }
- // Get rid of sqlmap kiddies
- if (stripos($_SERVER['HTTP_USER_AGENT'], 'sqlmap') !== false) {
- redirect('/', "sqlmap is child's play");
- }
- // Get rid of you
- $bad = [' ', '/*', '*/', 'select', 'union', 'or', 'and', 'where', 'from', '--'];
- $username = str_ireplace($bad, '', $username);
- $username = str_ireplace($bad, '', $username);
- // Auth
- $hash = md5($password);
- $row = (new SQLite3('/db.sqlite3'))
- ->querySingle("SELECT * FROM users WHERE username = '$username' AND password = '$hash'", true);
- if (!$row) {
- redirect('/', 'login failed');
- }
- $_SESSION['user'] = $row['username'];
- redirect('/');
- }
- else {
- redirect('/', "unknown action: $action");
- }
- }
- $user = @$_SESSION['user'];
- ?><!DOCTYPE html>
- <head>
- <title>🦉🦉🦉🦉</title>
- <meta charset='utf-8'>
- <link href="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css" rel="stylesheet" id="bootstrap-css">
- <script src="//maxcdn.bootstrapcdn.com/bootstrap/4.1.1/js/bootstrap.min.js"></script>
- <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
- </head>
- <body>
- <?php if (!$user): ?>
- <div id="login">
- <h3 class="text-center text-white pt-5">GUESS THE STUPID USERNAME / PASSWORD</h3>
- <div class="container">
- <div id="login-row" class="row justify-content-center align-items-center">
- <div id="login-column" class="col-md-6">
- <div id="login-box" class="col-md-12">
- <form id="login-form" class="form" action="?action=login" method="post">
- <input type="hidden" name="csrf_token" value="<?= htmlentities($csrf->generate()) ?>">
- <h3 class="text-center text-info">🦉: "Login to see cool things!"</h3>
- <div class="form-group">
- <label for="name" class="text-info">Username:</label><br>
- <input type="text" name="username" id="username" class="form-control"><br>
- <label for="name" class="text-info">Password:</label><br>
- <input type="text" name="password" id="password" class="form-control"><br>
- </div>
- <div class="form-group">
- <input type="submit" name="submit" class="btn btn-info btn-md" value="Login">
- </div>
- </form>
- </div>
- </div>
- </div>
- </div>
- </div>
- <?php else: ?>
- <h3 class="text-center text-white pt-5"><a style="color: white" href="/?source">SHOW HINT</a></h3>
- <div class="container">
- <div class="row justify-content-center align-items-center">
- <div class="col-md-6">
- <div class="col-md-12">
- <h3 class="text-center text-info">Nothing</h3>
- Hello, <b><?= htmlentities($user) ?></b>, nothing here.
- <a href="?action=logout">Logout!</a>
- </div>
- </div>
- </div>
- </div>
- <?php endif ?>
- </body>
Add Comment
Please, Sign In to add comment
