Commit c255d0fc authored by Antony Garand's avatar Antony Garand
Browse files

Initial commit - Missing MySql db

parents
FROM php:7.1-apache-jessie
COPY index.php /var/www/html/index.php
COPY functions.php /var/www/html/functions.php
RUN chown -R www-data:www-data /var/www/
EXPOSE 80
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
# she_said_size_didnt_matter
\ No newline at end of file
<?php
$db = new PDO('mysql:host=localhost;dbname=pwnfixrepeat', 'root', '');
<?php
require_once('db.php');
function getCurrentUser()
{
if (!isset($_SESSION['username'])) {
return null;
}
return selectUser($_SESSION['username']);
}
function selectUser($username)
{
global $db;
$query = $db->prepare('SELECT * FROM users WHERE username = :username');
$query->bindParam(':username', $username);
$query->execute();
$result = $query->fetch();
return $result;
}
function login()
{
global $db;
if (!isset($_POST['user']) ||
!isset($_POST['pass']) ||
!is_string($_POST['user']) ||
!is_string($_POST['pass'])) {
return false;
}
$query = $db->prepare('SELECT * FROM users WHERE username = :username and password = :password');
$query->bindParam(':username', $_POST['user']);
$query->bindParam(':password', $_POST['pass']);
$query->execute();
$result = $query->fetch();
if ($result) {
$_SESSION['username'] = $result['username'];
echo 'Logged in succesfully!';
} else {
echo 'Invalid credentials!';
}
}
function register()
{
global $db;
if (!isset($_POST['user']) ||
!isset($_POST['pass']) ||
!is_string($_POST['user']) ||
!is_string($_POST['pass'])) {
return false;
}
if (selectUser($_POST['user'])) {
echo 'Username already taken!';
return false;
}
$query = $db->prepare('INSERT INTO users (username, password, description) values (:username, :password, "Regular user")');
$query->bindParam(':username', $_POST['user']);
$query->bindParam(':password', $_POST['pass']);
$query->execute();
echo 'Registered succesfully! Please login';
}
<?php
require_once('functions.php');
session_start();
if (isset($_POST['register'])) {
register();
} else if (isset($_POST['user'])) {
login();
} else if (isset($_POST['logout'])) {
unset($_SESSION['username']);
}
$currentUser = getCurrentuser();
if (!$currentUser) { ?>
<div>
Register:
<form method="post">
<input type="hidden" name="register" value="1"/>
Username: <input name="user" placeholder="Username"><br/>
Password: <input name="pass" placeholder="Password"><br/>
<input type="submit" value="Register">
</form>
</div>
<div>
Login:
<form method="post">
Username: <input name="user" placeholder="Username"><br/>
Password: <input name="pass" placeholder="Password"><br/>
<input type="submit" value="Login">
</form>
</div><?php
} else { ?>
<div>
Welcome back, <?= htmlspecialchars($currentUser['username']) ?>!<br/>
<?= $currentUser['description'] ?>
</div>
<form method="post">
<input type="submit" name="logout" value="Logout">
</form>
<?php
}
DROP TABLE `users`;
CREATE TABLE `users` (
`id` int(11) PRIMARY KEY,
`username` varchar(20) NOT NULL,
`password` varchar(255) NOT NULL,
`description` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
INSERT INTO `users` (`id`, `username`, `password`, `description`) VALUES (1, 'admin', '$up3rS3cr3tP4$$w0rd!', 'You are admin!');
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment