Fixes and clean-up
This commit is contained in:
parent
2b76bd949e
commit
2740f6cdff
@ -1,6 +1,6 @@
|
||||
|
||||
|
||||
CREATE DATABASE `ctf-zetatech-inc`
|
||||
CREATE DATABASE `ctf-zetatech-inc`;
|
||||
|
||||
CREATE USER 'cyber-zetatech-inc'@'localhost' IDENTIFIED BY 'wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr';
|
||||
|
||||
@ -8,7 +8,7 @@ GRANT SELECT ON `ctf-zetatech-inc`.* TO `cyber-zetatech-inc`@`localhost`;
|
||||
|
||||
FLUSH PRIVILEGES;
|
||||
|
||||
use ctf
|
||||
use `ctf-zetatech-inc`;
|
||||
|
||||
CREATE TABLE `access` (
|
||||
`id` int NOT NULL AUTO_INCREMENT,
|
||||
|
||||
@ -153,7 +153,6 @@ body {
|
||||
display: inline-block
|
||||
}
|
||||
|
||||
#email,
|
||||
#username,
|
||||
#password {
|
||||
border: 2px solid #d7001e;
|
||||
@ -169,13 +168,11 @@ body {
|
||||
line-height: normal
|
||||
}
|
||||
|
||||
#email::-moz-selection,
|
||||
#username::-moz-selection,
|
||||
#password::-moz-selection {
|
||||
background: #000
|
||||
}
|
||||
|
||||
#email::selection,
|
||||
#username::selection,
|
||||
#password::selection {
|
||||
background: #000
|
||||
@ -264,7 +261,6 @@ body {
|
||||
.box--inner {
|
||||
width: calc(100% - 44px)
|
||||
}
|
||||
#email,
|
||||
#username,
|
||||
#password {
|
||||
max-width: 70%
|
||||
|
||||
@ -1,16 +1,17 @@
|
||||
<html lang="en">
|
||||
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||
<title>Zetatech — Connection</title>
|
||||
<title>Zetatech — Cybernetic Prosthetics Management Interface</title>
|
||||
<link rel="stylesheet" type="text/css" href="css/term.css">
|
||||
<script src="js/jquery.js"></script>
|
||||
<script src="js/login.js" type="text/javascript"></script>
|
||||
<script src="js/login.js"></script>
|
||||
</head>
|
||||
|
||||
<body class="">
|
||||
<body>
|
||||
<div class="container on">
|
||||
<div class="screen">
|
||||
<h3 class="title">
|
||||
@ -30,18 +31,17 @@
|
||||
Login
|
||||
</div>
|
||||
<div class="col col__center">
|
||||
<input type="text" id="username" maxlength="32" value="">
|
||||
<input type="text" id="username" maxlength="32" value="" autofocus>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<form method="post" action=".">
|
||||
<form method="post" action="." autocomplete="off">
|
||||
<div class="row">
|
||||
<div class="col col__left label">
|
||||
Password
|
||||
</div>
|
||||
<div class="col col__center">
|
||||
<input type="password" id="password" name="password" required="required" placeholder="" data-error="" maxlength="32" autocomplete="new-password"
|
||||
autofocus="true" />
|
||||
<input type="password" id="password" name="password" placeholder="" maxlength="32"/>
|
||||
</div>
|
||||
</div>
|
||||
<b class="flash" id="error">ACCESS DENIED</b>
|
||||
|
||||
@ -8,7 +8,7 @@ $(document).ready(function(){
|
||||
password=$("#password").val();
|
||||
$.ajax({
|
||||
type: "POST",
|
||||
url: "login.php",
|
||||
url: "zetatech-admin.php",
|
||||
data: "username="+username+"&password="+password+"&login=Login",
|
||||
success: function(response) {
|
||||
|
||||
|
||||
@ -1,13 +1,14 @@
|
||||
<?php
|
||||
|
||||
if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
||||
|
||||
$state = new \stdClass();
|
||||
|
||||
if ( isset($_POST['username']) && !empty($_POST['username']) ) {
|
||||
if ( isset($_POST['password']) && !empty($_POST['password']) ) {
|
||||
|
||||
$bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");
|
||||
if ($bdd->connect_errno) {
|
||||
//echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error;
|
||||
|
||||
$state->return = 'error';
|
||||
$state->string = 'Connection error';
|
||||
$state_json = json_encode($state);
|
||||
@ -19,19 +20,13 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
||||
$user = $_POST['username'];
|
||||
$pass = hash("sha256", $_POST['password']);
|
||||
$sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
|
||||
//$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";;
|
||||
|
||||
// curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"
|
||||
|
||||
//echo "\n";
|
||||
//echo $sql;
|
||||
//echo "\n\n";
|
||||
|
||||
$res = mysqli_query($bdd, $sql);
|
||||
|
||||
$num_row = mysqli_num_rows($res);
|
||||
$row=mysqli_fetch_assoc($res);
|
||||
//print_r($row);
|
||||
|
||||
if ($_POST['username'] === "admin") {
|
||||
$state->return = 'false';
|
||||
@ -64,9 +59,4 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
||||
$state_json = json_encode($state);
|
||||
echo $state_json;
|
||||
|
||||
} else { // DEBUG
|
||||
$state->return = 'form';
|
||||
$state->string = 'Submit form';
|
||||
$state_json = json_encode($state);
|
||||
echo $state_json;
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user