Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- session_start();
- if(!isset($_SESSION['captcha'])) {
- generateCaptcha();
- }
- if (isset($_SESSION['user']) AND isset($_SESSION['password']) and checkCaptcha()) {
- redirect_to_main_page();
- }
- if (isset($_POST['login'])) {
- $_SESSION['user'] = $_POST['user'];
- $_SESSION['password'] = $_POST['password'];
- if(checkCaptcha())
- redirect_to_main_page();
- }
- function redirect_to_main_page()
- {
- require_once('Database.php');
- // $connection = (new Database)->getConnection();
- // $query = "SELECT * FROM exempledb.user WHERE user=? AND password =?";
- // $stmt = $connection->prepare($query);
- // if ($stmt === false) { trigger_error('Wrong SQL!', E_USER_ERROR); }
- //
- // $stmt->bind_param('ss', $_SESSION['user'], $_SESSION['password']);
- // $stmt->execute();
- // $result = $stmt->get_result();
- //
- // if (mysqli_num_rows($result) > 0) {
- // header('Location: '."index.php");
- //
- // }
- //permite injection
- $connection = (new Database)->getConnection();
- $user = $_SESSION["user"];
- $password = $_SESSION["password"];
- $query = "SELECT * FROM exempledb.user WHERE user='$user' and password='$password'";
- //in campul de password se pune:' OR 'a'='a
- $result = $connection->query($query);
- if ($result) {
- header('Location: ' . "index.php");
- while ($rows = $result->fetch_assoc()) {
- //ceva in caz ca vrem sa luam ceva din rezultat
- }
- } else echo 'err';
- }
- function generateCaptcha()
- {
- include("simple-php-captcha-master/simple-php-captcha.php");
- try {
- $_SESSION['captcha'] = simple_php_captcha();
- } catch (Exception $e) {
- }
- }
- function checkCaptcha()
- {
- if ($_POST['captcha'] == $_SESSION['captcha']['code']) {
- return true;
- }
- generateCaptcha();
- return false;
- }
- ?>
- <html>
- <head>
- <meta charset="UTF-8">
- <title>Login</title>
- <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.1/css/bootstrap.min.css"
- integrity="sha384-WskhaSGFgHYWDcbwN70/dfYBj47jz9qbsMId/iRN3ewGhXQFZCSftd1LZCfmhktB" crossorigin="anonymous">
- </head>
- <body>
- <div class="container">
- <form action="login.php" method="post">
- <label for="">Username<input type="text" name="user"></label><br>
- <label for="">Password<input type="password" name="password"></label><br>
- <?php echo '<img src="' . $_SESSION['captcha']['image_src'] . '"><br>'; ?>
- <input type="text" name="captcha"><br>
- <input type="submit" name="login" value="Login"><br>
- </form>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement