API tools faq
paste
tarunkant

Untitled

tarunkant
Mar 18th, 2018
186
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 4.84 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. ini_set('display_errors', 'Off');
  3. function encrypt_string($string = '', $salt = '0EE25863D694EC22D3BB777D4706EA5EDD161574B138B0F5553942A181B91219') {
  4.     $checksum = 'do_not_corrupt_the_cipher';
  5.     $string = $string . '|' . $checksum;
  6.     $key = pack('H*', $salt);
  7.     $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
  8.     $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
  9.     $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $iv);
  10.     return base64_encode($iv . $ciphertext);
  11. }
  12.  
  13. function decrypt_string($encodedText = '', $salt = '0EE25863D694EC22D3BB777D4706EA5EDD161574B138B0F5553942A181B91219') {
  14.     $checksum = 'do_not_corrupt_the_cipher';
  15.     $key = pack('H*', $salt);
  16.     $ciphertext_dec = base64_decode($encodedText);
  17.     $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
  18.     $iv_dec = substr($ciphertext_dec, 0, $iv_size);
  19.     $ciphertext_dec = substr($ciphertext_dec, $iv_size);
  20.     $decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
  21.     if (explode('|', $decrypted_string)[1] === $checksum) return explode('|', $decrypted_string)[0];
  22.     else return -1;
  23. }
  24.  
  25. $db = new PDO('mysql:host=localhost;dbname=users;charset=utf8mb4', 'root', '0789');
  26.  
  27. if (isset($_POST['username']) && $_POST['password']){
  28.     $username = htmlspecialchars($_POST['username']);
  29.     $password = htmlspecialchars($_POST['password']);
  30.  
  31.     $stmt = $db->prepare("SELECT * FROM users WHERE username=:name AND password=:password");
  32.     $stmt->execute(array(':name' => $username, ':password' => $password));
  33.     $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
  34.     $count = $stmt->rowCount();
  35.     if ($count === 1){
  36.         if (isset($_COOKIE["user"]) || trim($_COOKIE['user']) !== ""){
  37.           setcookie("user", "", time() - 3600);
  38.         }
  39.         $user_cookie = $rows[0]['id'] . '{-}' . $username . '{-}' .$rows[0]['email']. '{-}' . $rows[0]['team_name'];
  40.         $encrypted_user_cookie = encrypt_string($user_cookie);
  41.         setcookie('user', $encrypted_user_cookie);
  42.         if($rows[0]['id'] == 1) {
  43.           setcookie('flag', "CTF{i_didnt_know_CSRF_is_this_dangerous}");
  44.         }
  45.         header('Location: home.php');
  46.     }else{
  47.         $msg = 'Invalid username or password';
  48.     }
  49. }
  50. ?>
  51. <!doctype html>
  52.  
  53. <html>
  54. <head>
  55.     <meta charset="utf-8">
  56.     <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  57.     <meta http-equiv="x-ua-compatible" content="ie=edge">
  58.     <link rel="stylesheet" type="text/css" href="static/flag/stylesheets/flags32.css"/>
  59.     <link rel="stylesheet" href="static/style.css">
  60.  
  61.     <title>Login</title>
  62.  
  63.  
  64. <link rel="apple-touch-icon" sizes="180x180" href="static/favicons/apple-touch-icon.png">
  65. <link rel="icon" type="image/png" href="static/favicons/favicon-32x32.png" sizes="32x32">
  66. <link rel="icon" type="image/png" href="static/favicons/favicon-16x16.png" sizes="16x16">
  67. <link rel="manifest" href="static/favicons/manifest.json">
  68. <link rel="mask-icon" href="static/favicons/safari-pinned-tab.svg" color="#5bbad5">
  69. <link rel="shortcut icon" href="static/favicons/favicon.ico">
  70. <meta name="theme-color" content="#ffffff">
  71. </head>
  72. <body>
  73.  
  74.  
  75.  
  76. <nav>
  77.     <div class="nav-wrapper">
  78.         <div id="msg" class="msg"><?php echo $msg?></div>
  79.         <ul id="nav-mobile" class="right hide-on-med-and-down">
  80.                     <li><a href="register.php">Register</a></li>
  81.  
  82.                 <li><a href="login.php">Login</a></li>
  83.  
  84.         </ul>
  85.         <ul class="side-nav" id="side-nav">
  86.             <li><a href="register.php">Register</a></li>
  87.                 <li><a href="login.php">Login</a></li>
  88.         </ul>
  89.     </div>
  90. </nav>
  91.     <div class="row">
  92.         <div class="col s6 offset-s3">
  93.             <div class="card-panel">
  94.  
  95.  
  96.                 <form method="post">
  97.                     <div class="input-field col s12">
  98.                         <input type="text" name="username" id="username">
  99.                         <label for="username">username</label>
  100.                     </div>
  101.                     <div class="input-field col s12">
  102.                         <input type="password" name="password" id="password">
  103.                         <label for="password">password</label>
  104.                     </div>
  105.                     <div class="row">
  106.                         <div class="col s6">
  107.                             <button class="btn waves-effect waves-light" type="submit">Login</button>
  108.                         </div>
  109.                     </div>
  110.  
  111.                 </form>
  112.  
  113.  
  114.             </div>
  115.         </div>
  116.     </div>
  117. <script src="static/jquery-3.1.1.min.js"></script>
  118. <script src="static/materialize/js/materialize.min.js"></script>
  119. <script>
  120.  
  121.     $(function () {
  122.         $(".button-collapse").sideNav();
  123.     })
  124. </script>
  125.  
  126.  
  127.  
  128. </body>
  129. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!