Fix

2019-11-18 11:30:22 +01:00 · 2019-11-18 11:30:22 +01:00 · d42a6dd034
commit d42a6dd034
parent 7573cb1d4b
6 changed files with 39 additions and 7 deletions
--- a/includes/common.php
+++ b/includes/common.php
@ -1,4 +1,7 @@
 <?php
+    ini_set('display_errors', true);
+    error_reporting(E_ALL);
+
    require 'config.php';

    function connect()
@ -6,4 +9,11 @@
        return mysqli_connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD, MYSQL_DATABASE);
    }

+    function text($text = '')
+    {
+        header('Content-Type: text/plain');
+        echo $text;
+        exit;
+    }
+
    session_start();
--- a/includes/config.php
+++ b/includes/config.php
@ -2,4 +2,4 @@
    define('MYSQL_HOST', 'localhost');
    define('MYSQL_USERNAME', 'secure');
    define('MYSQL_PASSWORD', 'password');
-    define('MYSQL_DATABASE', 'securedb');
+    define('MYSQL_DATABASE', 'verysecure');
--- a/includes/head.php
+++ b/includes/head.php
@ -1,3 +1,8 @@
 <meta charset="UTF-8">
 <link href="https://stackpath.bootstrapcdn.com/bootswatch/4.3.1/lux/bootstrap.min.css" rel="stylesheet" integrity="sha384-hVpXlpdRmJ+uXGwD5W6HZMnR9ENcKVRn855pPbuI/mwPIEKAuKgTKgGksVGmlAvt" crossorigin="anonymous">
-<title>Insecure PHP Application for SQL Injection Testing</title>
+<title>Insecure PHP Application for SQL Injection Testing</title>
+<style type="text/css">
+    body {
+        margin-top: 70px;
+    }
+</style>
--- a/login.php
+++ b/login.php
@ -6,19 +6,27 @@
        exit;
    }

-    if (!isset($_POST['username'], $_POST['password'])) {
+    if (!isset($_REQUEST['username'], $_REQUEST['password'])) {
        header('Location: ./');
        exit;
    }
    
-    $username = $_POST['username'];
-    $password = $_POST['password'];
+    $username = $_REQUEST['username'];
+    $password = $_REQUEST['password'];

    $con = connect();
-    $getUser = mysqli_query($con, "SELECT * FROM users WHERE username='$username' AND password='$password';");
+    $sql = "SELECT * FROM users WHERE username='$username' AND password='$password';";
+
+    $getUser = mysqli_query($con, $sql);
+
+    if (!$getUser) {
+        header('Location: ./');
+        exit;
+    }
+
    $user = mysqli_fetch_assoc($getUser);

    $_SESSION['id'] = $user['id'];
-    header('Location: ./user.php');
+    header('Location: ./');
    exit;
 ?>
--- a/logout.php
+++ b/logout.php
@ -0,0 +1,7 @@
+<?php
+    require 'includes/common.php';
+
+    session_destroy();
+
+    header('Location: ./');
+    exit;
--- a/user.php
+++ b/user.php
@ -42,6 +42,8 @@
                <?php
            }
        ?>
+
+        <a href="./logout.php" class="btn btn-danger">Logout</a>
    </div>
 </body>
 </html>