98 lines
1.9 KiB
PHP
98 lines
1.9 KiB
PHP
<?php
|
|
|
|
require('flags.php');
|
|
|
|
function authCred($u, $p) {
|
|
if (isset($_POST['user']) && isset($_POST['passw'])) {
|
|
if ($_POST['user'] === $u && $_POST['passw'] === $p) {
|
|
return True;
|
|
} else {
|
|
return False;
|
|
}
|
|
} else {
|
|
return False;
|
|
}
|
|
}
|
|
|
|
|
|
function checkInj() {
|
|
if (isset($_POST['user']) && isset($_POST['passw'])) {
|
|
if ($_POST['passw'][0] == '"' || $_POST['passw'][0] == "'") {
|
|
return True;
|
|
} else {
|
|
return False;
|
|
}
|
|
} else {
|
|
return False;
|
|
}
|
|
}
|
|
|
|
|
|
function checkInDatabase($query) {
|
|
$handle = new SQLite3('secretDataBase.db');
|
|
$array['dbhandle'] = $handle;
|
|
$array['query'] = $query;
|
|
$result = $handle->query($query);
|
|
$i = 0;
|
|
while ($result->columnName($i)) {
|
|
$columns[ ] = $result->columnName($i);
|
|
$i++;
|
|
}
|
|
$resx = $result->fetchArray(SQLITE3_ASSOC);
|
|
return $resx;
|
|
}
|
|
|
|
switch ($_COOKIE['currentLevel']) {
|
|
case $flag_1:
|
|
if (isset($_POST['thisUser'])) {
|
|
echo $flag_2;
|
|
} else {
|
|
echo '0';
|
|
}
|
|
break;
|
|
case $flag_2:
|
|
$badQuery = 'SELECT * FROM users WHERE username = "' . $_POST['user'] . '" and password = "' . $_POST['passw'] . '";';
|
|
if (strpos(strtoupper($_POST['passw']), 'UPDATE')) {
|
|
$_POST['passw'] = '';
|
|
}
|
|
if (strpos(strtoupper($_POST['passw']), 'DELETE')) {
|
|
$_POST['passw'] = '';
|
|
}
|
|
if (strpos(strtoupper($_POST['passw']), 'DROP')) {
|
|
$_POST['passw'] = '';
|
|
}
|
|
if (strpos(strtoupper($_POST['user']), 'UPDATE')) {
|
|
$_POST['user'] = '';
|
|
}
|
|
if (strpos(strtoupper($_POST['user']), 'DELETE')) {
|
|
$_POST['user'] = '';
|
|
}
|
|
if (strpos(strtoupper($_POST['user']), 'DROP')) {
|
|
$_POST['user'] = '';
|
|
}
|
|
if (checkInDatabase($badQuery)) {
|
|
echo $flag_3;
|
|
} else {
|
|
echo '0';
|
|
}
|
|
break;
|
|
case $flag_3:
|
|
break;
|
|
case $flag_4:
|
|
if (authCred('LarsIX', 'FXrm264!&Rdjka')) {
|
|
echo $flag_5;
|
|
} else {
|
|
echo '0';
|
|
}
|
|
break;
|
|
default:
|
|
if (authCred('admin', 'admin')) {
|
|
echo $flag_1;
|
|
} else {
|
|
echo '0';
|
|
}
|
|
}
|
|
|
|
|
|
?>
|