API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2017
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. define( 'DVWA_WEB_PAGE_TO_ROOT', '' );
  4.  
  5. require_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/dvwaPage.inc.php';
  6.  
  7. dvwaPageStartup( array( 'phpids' ) );
  8.  
  9. dvwaDatabaseConnect();
  10.  
  11. if( isset( $_POST[ 'Login' ] ) ) {
  12.  
  13.  
  14. $user = $_POST[ 'username' ];
  15. $user = stripslashes( $user );
  16. $user = mysql_real_escape_string( $user );
  17.  
  18. $pass = $_POST[ 'password' ];
  19. $pass = stripslashes( $pass );
  20. $pass = mysql_real_escape_string( $pass );
  21. $pass = md5( $pass );
  22.  
  23. $qry = "SELECT * FROM `users` WHERE user='$user' AND password='$pass';";
  24.  
  25. $result = @mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>' );
  26.  
  27. if( $result && mysql_num_rows( $result ) == 1 ) { // Login Successful...
  28.  
  29. dvwaMessagePush( "You have logged in as '".$user."'" );
  30. dvwaLogin( $user );
  31. dvwaRedirect( 'index.php' );
  32.  
  33. }
  34.  
  35. // Login failed
  36. dvwaMessagePush( "Login failed" );
  37. dvwaRedirect( 'login.php' );
  38. }
  39.  
  40. $messagesHtml = messagesPopAllToHtml();
  41.  
  42. Header( 'Cache-Control: no-cache, must-revalidate'); // HTTP/1.1
  43. Header( 'Content-Type: text/html;charset=utf-8' ); // TODO- proper XHTML headers...
  44. Header( "Expires: Tue, 23 Jun 2009 12:00:00 GMT"); // Date in the past
  45.  
  46. echo "
  47.  
  48. <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">
  49.  
  50. <html xmlns=\"http://www.w3.org/1999/xhtml\">
  51.  
  52. <head>
  53.  
  54. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />
  55.  
  56. <title>Damn Vulnerable Web App (DVWA) - Login</title>
  57.  
  58. <link rel=\"stylesheet\" type=\"text/css\" href=\"".DVWA_WEB_PAGE_TO_ROOT."dvwa/css/login.css\" />
  59.  
  60. </head>
  61.  
  62. <body>
  63. <div id=\"wrapper\">
  64.  
  65.  
  66.  
  67.  
  68. <div id=\"header\">
  69.  
  70.  
  71.  
  72. <br />
  73.  
  74.  
  75.  
  76. <p> pphase 2 </p>
  77.  
  78. <br />
  79.  
  80.  
  81.  
  82. </div> <!--<div id=\"header\">-->
  83.  
  84.  
  85. <div align=\"content\">
  86.  
  87. <br />
  88.  
  89.  
  90. <br />
  91.  
  92. <form action=\"login.php\" method=\"post\">
  93.  
  94. <fieldset>
  95.  
  96. <label for=\"user\">Username</label> <input type=\"text\" class=\"loginInput\" size=\"20\" name=\"username\"><br />
  97.  
  98.  
  99. <label for=\"pass\">Password</label> <input type=\"password\" class=\"loginInput\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"><br />
  100.  
  101.  
  102. <p class=\"submit\"><input type=\"submit\" value=\"Login\" name=\"Login\"></p>
  103.  
  104. </fieldset>
  105.  
  106. </form>
  107.  
  108.  
  109. <br />
  110.  
  111. {$messagesHtml}
  112.  
  113. <br />
  114. <br />
  115. <br />
  116. <br />
  117. <br />
  118. <br />
  119. <br />
  120. <br />
  121.  
  122.  
  123. </div> <!-- end align div -->
  124.  
  125.  
  126. <div id=\"footer\">
  127.  
  128.  
  129.  
  130. <p>phase 3 </p>
  131.  
  132.  
  133. </div> <!--<div id=\"footer\"> -->
  134.  
  135. </div> <!--<div id=\"wrapper\"> -->
  136. </body>
  137.  
  138. </html>";
  139.  
  140. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!