Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <!-- This stuff in the header has nothing to do with the level -->
- <link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
- <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
- <link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
- <script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
- <script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
- <script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
- <script>var wechallinfo = { "level": "natas27", "pass": "<censored>" };</script></head>
- <body>
- <h1>natas27</h1>
- <div id="content">
- <?
- // morla / 10111
- // database gets cleared every 5 min
- /*
- CREATE TABLE `users` (
- `username` varchar(64) DEFAULT NULL,
- `password` varchar(64) DEFAULT NULL
- );
- */
- function checkCredentials($link,$usr,$pass){
- $user=mysql_real_escape_string($usr);
- $password=mysql_real_escape_string($pass);
- $query = "SELECT username from users where username='$user' and password='$password' ";
- $res = mysql_query($query, $link);
- if(mysql_num_rows($res) > 0){
- return True;
- }
- return False;
- }
- function validUser($link,$usr){
- $user=mysql_real_escape_string($usr);
- $query = "SELECT * from users where username='$user'";
- $res = mysql_query($query, $link);
- if($res) {
- if(mysql_num_rows($res) > 0) {
- return True;
- }
- }
- return False;
- }
- function dumpData($link,$usr){
- $user=mysql_real_escape_string($usr);
- $query = "SELECT * from users where username='$user'";
- $res = mysql_query($query, $link);
- if($res) {
- if(mysql_num_rows($res) > 0) {
- while ($row = mysql_fetch_assoc($res)) {
- // thanks to Gobo for reporting this bug!
- //return print_r($row);
- return print_r($row,true);
- }
- }
- }
- return False;
- }
- function createUser($link, $usr, $pass){
- $user=mysql_real_escape_string($usr);
- $password=mysql_real_escape_string($pass);
- $query = "INSERT INTO users (username,password) values ('$user','$password')";
- $res = mysql_query($query, $link);
- if(mysql_affected_rows() > 0){
- return True;
- }
- return False;
- }
- if(array_key_exists("username", $_REQUEST) and array_key_exists("password", $_REQUEST)) {
- $link = mysql_connect('localhost', 'natas27', '<censored>');
- mysql_select_db('natas27', $link);
- if(validUser($link,$_REQUEST["username"])) {
- //user exists, check creds
- if(checkCredentials($link,$_REQUEST["username"],$_REQUEST["password"])){
- echo "Welcome " . htmlentities($_REQUEST["username"]) . "!<br>";
- echo "Here is your data:<br>";
- $data=dumpData($link,$_REQUEST["username"]);
- print htmlentities($data);
- }
- else{
- echo "Wrong password for user: " . htmlentities($_REQUEST["username"]) . "<br>";
- }
- }
- else {
- //user doesn't exist
- if(createUser($link,$_REQUEST["username"],$_REQUEST["password"])){
- echo "User " . htmlentities($_REQUEST["username"]) . " was created!";
- }
- }
- mysql_close($link);
- } else {
- ?>
- <form action="index.php" method="POST">
- Username: <input name="username"><br>
- Password: <input name="password" type="password"><br>
- <input type="submit" value="login" />
- </form>
- <? } ?>
- <div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
- </div>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement