First commit

includes/common.php

@@ -0,0 +1,9 @@
+<?php
+    require 'config.php';
+
+    function connect()
+    {
+        return mysqli_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE);
+    }
+
+    session_start();

includes/config.php

@@ -0,0 +1,5 @@
+<?php
+    define('MYSQL_HOST', 'localhost');
+    define('MYSQL_USERNAME', 'secure');
+    define('MYSQL_PASSWORD', 'password');
+    define('MYSQL_DATABASE', 'securedb');

includes/head.php

@@ -0,0 +1,3 @@
+<meta charset="UTF-8">
+<link href="https://stackpath.bootstrapcdn.com/bootswatch/4.3.1/lux/bootstrap.min.css" rel="stylesheet" integrity="sha384-hVpXlpdRmJ+uXGwD5W6HZMnR9ENcKVRn855pPbuI/mwPIEKAuKgTKgGksVGmlAvt" crossorigin="anonymous">
+<title>Insecure PHP Application for SQL Injection Testing</title>

index.php

@@ -0,0 +1,31 @@
+<?php
+    require 'includes/common.php';
+
+    if (isset($_SESSION['id'])) {
+        header('Location: ./user.php');
+        exit;
+    }
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <?php require 'includes/head.php'; ?>
+</head>
+<body>
+    <div class="container">
+        <form action="./login.php" method="post">
+            <div class="form-group">
+              <label for="username">Username:</label>
+              <input type="text" class="form-control" name="username" id="username" placeholder="alexthomassen">
+            </div>
+
+            <div class="form-group">
+              <label for="password">Password:</label>
+              <input type="password" class="form-control" name="password" id="password" placeholder="********">
+            </div>
+
+            <button class="btn btn-success">Log in</button>
+        </form>
+    </div>
+</body>
+</html>

sql/users.sql

@@ -0,0 +1,7 @@
+CREATE TABLE users(
+    id INT(11) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
+    username VARCHAR(30) NOT NULL,
+    password VARCHAR(32) NOT NULL,
+    is_admin TINYINT(1) DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);

user.php

@@ -0,0 +1,40 @@
+<?php
+    require 'includes/common.php';
+    
+    if (!isset($_SESSION['id'])) {
+        header('Location: ./');
+        exit;
+    }
+
+    $con = connect();
+    $sessionId = $_SESSION['id'];
+    $getUser = mysqli_query($con, 'SELECT * FROM users WHERE id = ' . $sessionId);
+    $user = mysqli_fetch_assoc($getUser);
+
+    if (empty($user)) {
+        session_destroy();
+
+        header('Location: ./');
+        exit;
+    }
+?>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <?php require 'includes/head.php'; ?>
+</head>
+<body>
+    <div class="container">
+        <h1>Hello, <?php echo $user['username']; ?></h1>
+        <?php
+            if ($user['is_admin'] == 1) {
+                ?>
+                <div class="alert alert-info">
+                    You are an admin!
+                </div>
+                <?php
+            }
+        ?>
+    </div>
+</body>
+</html>