From 2740f6cdff929e06bf86aaf440973730b1258cc9 Mon Sep 17 00:00:00 2001
From: Aymeric Sorek <delt0x@protonmail.com>
Date: Sat, 3 Nov 2018 01:37:37 +0100
Subject: [PATCH] Fixes and clean-up

---
 table.sql                                 |  4 ++--
 webroot/css/global.css                    |  0
 webroot/css/term.css                      |  4 ----
 webroot/index.html                        | 16 ++++++++--------
 webroot/js/login.js                       |  2 +-
 webroot/{login.php => zetatech-admin.php} | 16 +++-------------
 6 files changed, 14 insertions(+), 28 deletions(-)
 delete mode 100644 webroot/css/global.css
 rename webroot/{login.php => zetatech-admin.php} (81%)

diff --git a/table.sql b/table.sql
index 2a51abe..a609eae 100644
--- a/table.sql
+++ b/table.sql
@@ -1,6 +1,6 @@
 
 
-CREATE DATABASE `ctf-zetatech-inc`
+CREATE DATABASE `ctf-zetatech-inc`;
 
 CREATE USER 'cyber-zetatech-inc'@'localhost' IDENTIFIED BY 'wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr';
 
@@ -8,7 +8,7 @@ GRANT SELECT ON `ctf-zetatech-inc`.* TO `cyber-zetatech-inc`@`localhost`;
 
 FLUSH PRIVILEGES;
 
-use ctf
+use `ctf-zetatech-inc`;
 
 CREATE TABLE `access` (
   `id` int NOT NULL AUTO_INCREMENT,
diff --git a/webroot/css/global.css b/webroot/css/global.css
deleted file mode 100644
index e69de29..0000000
diff --git a/webroot/css/term.css b/webroot/css/term.css
index 07f043b..1cb197f 100644
--- a/webroot/css/term.css
+++ b/webroot/css/term.css
@@ -153,7 +153,6 @@ body {
   display: inline-block
 }
 
-#email,
 #username,
 #password {
   border: 2px solid #d7001e;
@@ -169,13 +168,11 @@ body {
   line-height: normal
 }
 
-#email::-moz-selection,
 #username::-moz-selection,
 #password::-moz-selection {
   background: #000
 }
 
-#email::selection,
 #username::selection,
 #password::selection {
   background: #000
@@ -264,7 +261,6 @@ body {
   .box--inner {
     width: calc(100% - 44px)
   }
-  #email,
   #username,
   #password {
     max-width: 70%
diff --git a/webroot/index.html b/webroot/index.html
index 304fbe4..92e286f 100644
--- a/webroot/index.html
+++ b/webroot/index.html
@@ -1,16 +1,17 @@
-<html lang="en">
 
+<!DOCTYPE html>
+<html lang="en">
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta http-equiv="X-UA-Compatible" content="ie=edge">
-  <title>Zetatech — Connection</title>
+  <title>Zetatech — Cybernetic Prosthetics Management Interface</title>
   <link rel="stylesheet" type="text/css" href="css/term.css">
   <script src="js/jquery.js"></script>
-  <script src="js/login.js" type="text/javascript"></script>
+  <script src="js/login.js"></script>
 </head>
 
-<body class="">
+<body>
   <div class="container on">
     <div class="screen">
       <h3 class="title">
@@ -30,18 +31,17 @@
                     Login
                   </div>
                   <div class="col col__center">
-                    <input type="text" id="username" maxlength="32" value="">
+                    <input type="text" id="username" maxlength="32" value="" autofocus>
                   </div>
                 </div>
 
-                <form method="post" action=".">
+                <form method="post" action="." autocomplete="off">
                   <div class="row">
                     <div class="col col__left label">
                       Password
                     </div>
                     <div class="col col__center">
-                      <input type="password" id="password" name="password" required="required" placeholder="" data-error="" maxlength="32" autocomplete="new-password"
-                        autofocus="true" />
+                      <input type="password" id="password" name="password" placeholder="" maxlength="32"/>
                     </div>
                   </div>
                   <b class="flash" id="error">ACCESS DENIED</b>
diff --git a/webroot/js/login.js b/webroot/js/login.js
index 182dc5c..2e14436 100644
--- a/webroot/js/login.js
+++ b/webroot/js/login.js
@@ -8,7 +8,7 @@ $(document).ready(function(){
     password=$("#password").val();
     $.ajax({
       type: "POST",
-      url: "login.php",
+      url: "zetatech-admin.php",
       data: "username="+username+"&password="+password+"&login=Login",
       success: function(response) {
 
diff --git a/webroot/login.php b/webroot/zetatech-admin.php
similarity index 81%
rename from webroot/login.php
rename to webroot/zetatech-admin.php
index ed026b2..e3aa51f 100644
--- a/webroot/login.php
+++ b/webroot/zetatech-admin.php
@@ -1,13 +1,14 @@
 <?php
 
 if (isset($_POST['login']) && $_POST['login'] == 'Login') {
+
+  $state = new \stdClass();
+
   if ( isset($_POST['username']) && !empty($_POST['username']) ) {
     if ( isset($_POST['password']) && !empty($_POST['password']) ) {
 
       $bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");
       if ($bdd->connect_errno) {
-          //echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error;
-
           $state->return = 'error';
           $state->string = 'Connection error';
           $state_json = json_encode($state);
@@ -19,19 +20,13 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
       $user = $_POST['username'];
       $pass = hash("sha256", $_POST['password']);
       $sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
-      //$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";;
 
       // curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"
 
-      //echo "\n";
-      //echo $sql;
-      //echo "\n\n";
-
       $res = mysqli_query($bdd, $sql);
 
       $num_row = mysqli_num_rows($res);
       $row=mysqli_fetch_assoc($res);
-      //print_r($row);
 
       if ($_POST['username'] === "admin") {
         $state->return = 'false';
@@ -64,9 +59,4 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
   $state_json = json_encode($state);
   echo $state_json;
 
-} else { // DEBUG
-  $state->return = 'form';
-  $state->string = 'Submit form';
-  $state_json = json_encode($state);
-  echo $state_json;
 }