<?phpsession_start();include('c.php');include('head.php');if(@$_SESSIO

1. <?php
2. session_start();
3.  
4. include('c.php');
5. include('head.php');
6. if(@$_SESSION['logged']!=true)
7. {
8. $_SESSION['logged']='';
9.  
10. }
11.  
12. if($_SESSION['logged']==true && $_SESSION['admin']!='')
13. {
14.  
15. echo "you are logged in :)";
16. header('Location: panel.php', true, 302);
17. }
18. else
19. {
20. echo '<div align=center style="margin:30px 0px 0px 0px;">
21. <font size=8 face="comic sans ms">--==[[ billu b0x ]]==--</font>
22. <br><br>
23. Show me your SQLI skills <br>
24. <form method=post>
25. Username :- <Input type=text name=un> &nbsp Password:- <input type=password name=ps> <br><br>
26. <input type=submit name=login value="let\'s login">';
27. }
28. if(isset($_POST['login']))
29. {
30. $uname=str_replace('\'','',urldecode($_POST['un']));
31. $pass=str_replace('\'','',urldecode($_POST['ps']));
32. $run='select * from auth where pass=\''.$pass.'\' and uname=\''.$uname.'\'';
33. $result = mysqli_query($conn, $run);
34. if (mysqli_num_rows($result) > 0) {
35.  
36. $row = mysqli_fetch_assoc($result);
37. echo "You are allowed<br>";
38. $_SESSION['logged']=true;
39. $_SESSION['admin']=$row['username'];
40.  
41. header('Location: panel.php', true, 302);
42.  
43. }
44. else
45. {
46. echo "<script>alert('Try again');</script>";
47. }
48.  
49. }
50. echo "<font size=5 face=\"comic sans ms\" style=\"left: 0;bottom: 0; position: absolute;margin: 0px 0px 5px;\">B0X Powered By <font color=#ff9933>Pirates</font> ";
51.  
52. ?>