Alex/insecure-php-application-for-sql-injection-testing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix

Browse Source
This commit is contained in:
Alex Thomassen 2019-11-18 11:30:22 +01:00
parent 7573cb1d4b
commit d42a6dd034
Signed by: Alex
GPG Key ID: 10BD786B5F6FF5DE
6 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
includes/common.php
View File

@ -1,4 +1,7 @@
<?php <?php
ini_set('display_errors', true);
error_reporting(E_ALL);
require 'config.php'; require 'config.php';
function connect() function connect()
@ -6,4 +9,11 @@
return mysqli_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE); return mysqli_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE);
} }
function text($text = '')
{
header('Content-Type: text/plain');
echo $text;
exit;
}
session_start(); session_start();

2
includes/config.php
View File

@ -2,4 +2,4 @@
define('MYSQL_HOST', 'localhost'); define('MYSQL_HOST', 'localhost');
define('MYSQL_USERNAME', 'secure'); define('MYSQL_USERNAME', 'secure');
define('MYSQL_PASSWORD', 'password'); define('MYSQL_PASSWORD', 'password');
define('MYSQL_DATABASE', 'securedb'); define('MYSQL_DATABASE', 'verysecure');

7
includes/head.php
View File

@ -1,3 +1,8 @@
<meta charset="UTF-8"> <meta charset="UTF-8">
<link href="https://stackpath.bootstrapcdn.com/bootswatch/4.3.1/lux/bootstrap.min.css" rel="stylesheet" integrity="sha384-hVpXlpdRmJ+uXGwD5W6HZMnR9ENcKVRn855pPbuI/mwPIEKAuKgTKgGksVGmlAvt" crossorigin="anonymous"> <link href="https://stackpath.bootstrapcdn.com/bootswatch/4.3.1/lux/bootstrap.min.css" rel="stylesheet" integrity="sha384-hVpXlpdRmJ+uXGwD5W6HZMnR9ENcKVRn855pPbuI/mwPIEKAuKgTKgGksVGmlAvt" crossorigin="anonymous">
<title>Insecure PHP Application for SQL Injection Testing</title> <title>Insecure PHP Application for SQL Injection Testing</title>
<style type="text/css">
body {
margin-top: 70px;
}
</style>

18
login.php
View File

@ -6,19 +6,27 @@
exit; exit;
} }
if (!isset($_POST['username'], $_POST['password'])) { if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
header('Location: ./'); header('Location: ./');
exit; exit;
} }
$username = $_POST['username']; $username = $_REQUEST['username'];
$password = $_POST['password']; $password = $_REQUEST['password'];
$con = connect(); $con = connect();
$getUser = mysqli_query($con, "SELECT * FROM users WHERE username='$username' AND password='$password';"); $sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";
$getUser = mysqli_query($con, $sql);
if (!$getUser) {
header('Location: ./');
exit;
}
$user = mysqli_fetch_assoc($getUser); $user = mysqli_fetch_assoc($getUser);
$_SESSION['id'] = $user['id']; $_SESSION['id'] = $user['id'];
header('Location: ./user.php'); header('Location: ./');
exit; exit;
?> ?>

7
logout.php Normal file
View File

@ -0,0 +1,7 @@
<?php
require 'includes/common.php';
session_destroy();
header('Location: ./');
exit;

2
user.php
View File

@ -42,6 +42,8 @@
<?php <?php
} }
?> ?>
<a href="./logout.php" class="btn btn-danger">Logout</a>
</div> </div>
</body> </body>
</html> </html>