Untitled

function login($username, $domain, $password) {
    global $vuln_db;
    $starttime = microtime(true);
    $username = mysqli_real_escape_string($vuln_db, trim($username));
    $domain   = mysqli_real_escape_string($vuln_db, trim($domain));
    $password = trim($password);
    if (empty($password) || empty($username) || empty($domain)) {
        return FALSE;
    }
    // We store the password in plaintext to keep the homework's code short.
    // For anything even remotely real, use a proper password storage scheme.
    $query = "SELECT user_id, password FROM users WHERE username = '$username' AND domain LIKE '$domain'";
    $result = mysqli_query($vuln_db, $query) or die(mysqli_error($vuln_db));
    if($result) {
        $row = mysqli_fetch_row($result);
        if($row) {
            $the_password = trim($row[1]);
            for($i = 0; $i < strlen($the_password); $i++) {
                /* Bruteforce is not the way! */
                usleep(100000);
                if($password[$i] != $the_password[$i]) {
                    $endtime = microtime(true);
                    return FALSE;
                }
            }
            return TRUE;
        } else {
            return FALSE;
        }
    }
}