Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- ini_set('display_errors', 'Off');
- function encrypt_string($string = '', $salt = '0EE25863D694EC22D3BB777D4706EA5EDD161574B138B0F5553942A181B91219') {
- $checksum = 'do_not_corrupt_the_cipher';
- $string = $string . '|' . $checksum;
- $key = pack('H*', $salt);
- $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
- $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
- $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $string, MCRYPT_MODE_CBC, $iv);
- return base64_encode($iv . $ciphertext);
- }
- function decrypt_string($encodedText = '', $salt = '0EE25863D694EC22D3BB777D4706EA5EDD161574B138B0F5553942A181B91219') {
- $checksum = 'do_not_corrupt_the_cipher';
- $key = pack('H*', $salt);
- $ciphertext_dec = base64_decode($encodedText);
- $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
- $iv_dec = substr($ciphertext_dec, 0, $iv_size);
- $ciphertext_dec = substr($ciphertext_dec, $iv_size);
- $decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
- if (explode('|', $decrypted_string)[1] === $checksum) return explode('|', $decrypted_string)[0];
- else return -1;
- }
- $db = new PDO('mysql:host=localhost;dbname=users;charset=utf8mb4', 'root', '0789');
- if (isset($_POST['username']) && $_POST['password']){
- $username = htmlspecialchars($_POST['username']);
- $password = htmlspecialchars($_POST['password']);
- $stmt = $db->prepare("SELECT * FROM users WHERE username=:name AND password=:password");
- $stmt->execute(array(':name' => $username, ':password' => $password));
- $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
- $count = $stmt->rowCount();
- if ($count === 1){
- if (isset($_COOKIE["user"]) || trim($_COOKIE['user']) !== ""){
- setcookie("user", "", time() - 3600);
- }
- $user_cookie = $rows[0]['id'] . '{-}' . $username . '{-}' .$rows[0]['email']. '{-}' . $rows[0]['team_name'];
- $encrypted_user_cookie = encrypt_string($user_cookie);
- setcookie('user', $encrypted_user_cookie);
- if($rows[0]['id'] == 1) {
- setcookie('flag', "CTF{i_didnt_know_CSRF_is_this_dangerous}");
- }
- header('Location: home.php');
- }else{
- $msg = 'Invalid username or password';
- }
- }
- ?>
- <!doctype html>
- <html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
- <meta http-equiv="x-ua-compatible" content="ie=edge">
- <link rel="stylesheet" type="text/css" href="static/flag/stylesheets/flags32.css"/>
- <link rel="stylesheet" href="static/style.css">
- <title>Login</title>
- <link rel="apple-touch-icon" sizes="180x180" href="static/favicons/apple-touch-icon.png">
- <link rel="icon" type="image/png" href="static/favicons/favicon-32x32.png" sizes="32x32">
- <link rel="icon" type="image/png" href="static/favicons/favicon-16x16.png" sizes="16x16">
- <link rel="manifest" href="static/favicons/manifest.json">
- <link rel="mask-icon" href="static/favicons/safari-pinned-tab.svg" color="#5bbad5">
- <link rel="shortcut icon" href="static/favicons/favicon.ico">
- <meta name="theme-color" content="#ffffff">
- </head>
- <body>
- <nav>
- <div class="nav-wrapper">
- <div id="msg" class="msg"><?php echo $msg?></div>
- <ul id="nav-mobile" class="right hide-on-med-and-down">
- <li><a href="register.php">Register</a></li>
- <li><a href="login.php">Login</a></li>
- </ul>
- <ul class="side-nav" id="side-nav">
- <li><a href="register.php">Register</a></li>
- <li><a href="login.php">Login</a></li>
- </ul>
- </div>
- </nav>
- <div class="row">
- <div class="col s6 offset-s3">
- <div class="card-panel">
- <form method="post">
- <div class="input-field col s12">
- <input type="text" name="username" id="username">
- <label for="username">username</label>
- </div>
- <div class="input-field col s12">
- <input type="password" name="password" id="password">
- <label for="password">password</label>
- </div>
- <div class="row">
- <div class="col s6">
- <button class="btn waves-effect waves-light" type="submit">Login</button>
- </div>
- </div>
- </form>
- </div>
- </div>
- </div>
- <script src="static/jquery-3.1.1.min.js"></script>
- <script src="static/materialize/js/materialize.min.js"></script>
- <script>
- $(function () {
- $(".button-collapse").sideNav();
- })
- </script>
- </body>
- </html>
Add Comment
Please, Sign In to add comment