<!-- SEED Lab: SQL Injection Education Web plateformAuthor: Kailiang YingE

1. <!--
2. SEED Lab: SQL Injection Education Web plateform
3. Author: Kailiang Ying
4. Email: kying@syr.edu
5. -->
6.  
7. <!DOCTYPE html>
8. <html>
9. <body>
10.  
11. <!-- link to ccs-->
12. <link href="style_home.css" type="text/css" rel="stylesheet">
13.  
14. <div class=wrapperR>
15. <p>
16. <button onclick="location.href = 'logoff.php';" id="logoffBtn" >LOG OFF</button>
17. </p>
18. </div>
19.  
20.  
21. <?php
22. $input_eid = $_GET['EID'];
23. $input_pwd = $_GET['Password'];
24. $input_pwd = sha1($input_pwd);
25.  
26. // check if it has exist login session
27. session_start();
28. if($input_eid=="" and $input_pwd==sha1("") and $_SESSION['name']!="" and $_SESSION['pwd']!=""){
29. $input_eid = $_SESSION['eid'];
30. $input_pwd = $_SESSION['pwd'];
31. }
32.  
33. $conn = getDB();
34.  
35. /* start make change for prepared statement */
36. $stmt = $conn->prepare("SELECT name, local, gender
37. FROM USER_TABLE
38. WHERE id = ? and password = ? ");
39. // Bind parameters to the query
40. $stmt->bind_param("is", $id, $pwd);
41. $stmt->execute();
42. $stmt->bind_result($bind_name, $bind_local, $bind_gender);
43. $stmt->fetch();
44.  
45. /* convert the select return result into array type */
46. $return_arr = array();
47. while($row = $result->fetch_assoc()){
48. array_push($return_arr,$row);
49. }
50.  
51. /* convert the array type to json format and read out*/
52. $json_str = json_encode($return_arr);
53. $json_a = json_decode($json_str,true);
54. $id = $json_a[0]['id'];
55. $name = $json_a[0]['name'];
56. $eid = $json_a[0]['eid'];
57. $salary = $json_a[0]['salary'];
58. $birth = $json_a[0]['birth'];
59. $ssn = $json_a[0]['ssn'];
60. $phoneNumber = $json_a[0]['phoneNumber'];
61. $address = $json_a[0]['address'];
62. $email = $json_a[0]['email'];
63. $pwd = $json_a[0]['Password'];
64. $nickname = $json_a[0]['nickname'];
65. if($id!=""){
66. drawLayout($id,$name,$eid,$salary,$birth,$ssn,$pwd,$nickname,$email,$address,$phoneNumber);
67. }else{
68. echo "The account information your provide does not exist\n";
69. return;
70. }
71. /* end change for prepared statement */
72.  
73. $conn->close();
74.  
75. function getDB() {
76. $dbhost="localhost";
77. $dbuser="root";
78. $dbpass="seedubuntu";
79. $dbname="Users";
80.  
81.  
82. // Create a DB connection
83. $conn = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
84. if ($conn->connect_error) {
85. die("Connection failed: " . $conn->connect_error . "\n");
86. }
87. return $conn;
88. }
89.  
90. function drawLayout($id,$name,$eid,$salary,$birth,$ssn,$pwd,$nickname,$email,$address,$phoneNumber){
91. if($id!=""){
92. session_start();
93. $_SESSION['id'] = $id;
94. $_SESSION['eid'] = $eid;
95. $_SESSION['name'] = $name;
96. $_SESSION['pwd'] = $pwd;
97. }else{
98. echo "can not assign session";
99. }
100. if ($name !="Admin") {
101. echo "<br><h3> $name Profile</h3>";
102. echo "<table>"; echo "<tr>"; echo "<td>Employee ID</td>";
103. echo "<td>$eid</td>";
104. echo "</tr>";
105. echo "<tr>";
106. echo "<td>Salary</td>";
107. echo "<td>$salary</td>";
108. echo "</tr>";
109. echo "<tr>";
110. echo "<td>Birth</td>";
111. echo "<td>$birth</td>";
112. echo "</tr>";
113. echo "<tr>";
114. echo "<td>SSN</td>";
115. echo "<td>$ssn</td>";
116. echo "</tr>";
117. echo "<tr>";
118. echo "<td>NickName</td>";
119. echo "<td>$nickname</td>";
120. echo "</tr>";
121. echo "<tr>";
122. echo "<td>Email</td>";
123. echo "<td>$email</td>";
124. echo "</tr>";
125. echo "<tr>";
126. echo "<td>Address</td>";
127. echo "<td>$address</td>";
128. echo "</tr>";
129. echo "<tr>";
130. echo "<td>Phone Number</td>";
131. echo "<td>$phoneNumber</td>";
132. echo "</tr>";
133. echo "</table>";
134. }
135. else {
136. $conn = getDB();
137. $sql = "SELECT id, name, eid, salary, birth, ssn, password, nickname, email, address, phoneNumber
138. FROM credential";
139. if (!$result = $conn->query($sql)) {
140. die('There was an error running the query [' . $conn->error . ']\n');
141. }
142. $return_arr = array();
143. while($row = $result->fetch_assoc()){
144. array_push($return_arr,$row);
145. }
146. $json_str = json_encode($return_arr);
147. $json_aa = json_decode($json_str,true);
148. $conn->close();
149. $max = sizeof($json_aa);
150. for($i=0; $i< $max;$i++){
151. //TODO: printout all the data for that users.
152. $i_id = $json_aa[$i]['id'];
153. $i_name= $json_aa[$i]['name'];
154. $i_eid= $json_aa[$i]['eid'];
155. $i_salary= $json_aa[$i]['salary'];
156. $i_birth= $json_aa[$i]['birth'];
157. $i_ssn= $json_aa[$i]['ssn'];
158. $i_pwd = $json_aa[$i]['Password'];
159. $i_nickname= $json_aa[$i]['nickname'];
160. $i_email= $json_aa[$i]['email'];
161. $i_address= $json_aa[$i]['address'];
162. $i_phoneNumber= $json_aa[$i]['phoneNumber'];
163. echo "<br><h4> $i_name Profile</h4>";
164. echo "Employee ID: $i_eid ";
165. echo "salary: $i_salary ";
166. echo "birth: $i_birth ";
167. echo "ssn: $i_ssn ";
168. echo "nickname: $i_nickname";
169. echo "email: $i_email";
170. echo "address: $i_address";
171. echo "phone number: $i_phoneNumber";
172. }
173. }
174. }
175. ?>
176.  
177. <div class=wrapperL>
178. <p>
179. <button onclick="location.href = 'edit.php';" id="editBtn" >Edit Profile</button>
180. </p>
181. </div>
182.  
183.  
184. <div id="page_footer" class="green">
185. <p>
186. Copyright &copy; SEED LABs
187. </p>
188. </div>
189. </body>
190. </html>