Fixes and clean-up
This commit is contained in:
parent
2b76bd949e
commit
2740f6cdff
@ -1,6 +1,6 @@
|
|||||||
|
|
||||||
|
|
||||||
CREATE DATABASE `ctf-zetatech-inc`
|
CREATE DATABASE `ctf-zetatech-inc`;
|
||||||
|
|
||||||
CREATE USER 'cyber-zetatech-inc'@'localhost' IDENTIFIED BY 'wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr';
|
CREATE USER 'cyber-zetatech-inc'@'localhost' IDENTIFIED BY 'wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr';
|
||||||
|
|
||||||
@ -8,7 +8,7 @@ GRANT SELECT ON `ctf-zetatech-inc`.* TO `cyber-zetatech-inc`@`localhost`;
|
|||||||
|
|
||||||
FLUSH PRIVILEGES;
|
FLUSH PRIVILEGES;
|
||||||
|
|
||||||
use ctf
|
use `ctf-zetatech-inc`;
|
||||||
|
|
||||||
CREATE TABLE `access` (
|
CREATE TABLE `access` (
|
||||||
`id` int NOT NULL AUTO_INCREMENT,
|
`id` int NOT NULL AUTO_INCREMENT,
|
||||||
|
|||||||
@ -153,7 +153,6 @@ body {
|
|||||||
display: inline-block
|
display: inline-block
|
||||||
}
|
}
|
||||||
|
|
||||||
#email,
|
|
||||||
#username,
|
#username,
|
||||||
#password {
|
#password {
|
||||||
border: 2px solid #d7001e;
|
border: 2px solid #d7001e;
|
||||||
@ -169,13 +168,11 @@ body {
|
|||||||
line-height: normal
|
line-height: normal
|
||||||
}
|
}
|
||||||
|
|
||||||
#email::-moz-selection,
|
|
||||||
#username::-moz-selection,
|
#username::-moz-selection,
|
||||||
#password::-moz-selection {
|
#password::-moz-selection {
|
||||||
background: #000
|
background: #000
|
||||||
}
|
}
|
||||||
|
|
||||||
#email::selection,
|
|
||||||
#username::selection,
|
#username::selection,
|
||||||
#password::selection {
|
#password::selection {
|
||||||
background: #000
|
background: #000
|
||||||
@ -264,7 +261,6 @@ body {
|
|||||||
.box--inner {
|
.box--inner {
|
||||||
width: calc(100% - 44px)
|
width: calc(100% - 44px)
|
||||||
}
|
}
|
||||||
#email,
|
|
||||||
#username,
|
#username,
|
||||||
#password {
|
#password {
|
||||||
max-width: 70%
|
max-width: 70%
|
||||||
|
|||||||
@ -1,16 +1,17 @@
|
|||||||
<html lang="en">
|
|
||||||
|
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html lang="en">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="UTF-8">
|
<meta charset="UTF-8">
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
<meta http-equiv="X-UA-Compatible" content="ie=edge">
|
||||||
<title>Zetatech — Connection</title>
|
<title>Zetatech — Cybernetic Prosthetics Management Interface</title>
|
||||||
<link rel="stylesheet" type="text/css" href="css/term.css">
|
<link rel="stylesheet" type="text/css" href="css/term.css">
|
||||||
<script src="js/jquery.js"></script>
|
<script src="js/jquery.js"></script>
|
||||||
<script src="js/login.js" type="text/javascript"></script>
|
<script src="js/login.js"></script>
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body class="">
|
<body>
|
||||||
<div class="container on">
|
<div class="container on">
|
||||||
<div class="screen">
|
<div class="screen">
|
||||||
<h3 class="title">
|
<h3 class="title">
|
||||||
@ -30,18 +31,17 @@
|
|||||||
Login
|
Login
|
||||||
</div>
|
</div>
|
||||||
<div class="col col__center">
|
<div class="col col__center">
|
||||||
<input type="text" id="username" maxlength="32" value="">
|
<input type="text" id="username" maxlength="32" value="" autofocus>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<form method="post" action=".">
|
<form method="post" action="." autocomplete="off">
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col col__left label">
|
<div class="col col__left label">
|
||||||
Password
|
Password
|
||||||
</div>
|
</div>
|
||||||
<div class="col col__center">
|
<div class="col col__center">
|
||||||
<input type="password" id="password" name="password" required="required" placeholder="" data-error="" maxlength="32" autocomplete="new-password"
|
<input type="password" id="password" name="password" placeholder="" maxlength="32"/>
|
||||||
autofocus="true" />
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<b class="flash" id="error">ACCESS DENIED</b>
|
<b class="flash" id="error">ACCESS DENIED</b>
|
||||||
|
|||||||
@ -8,7 +8,7 @@ $(document).ready(function(){
|
|||||||
password=$("#password").val();
|
password=$("#password").val();
|
||||||
$.ajax({
|
$.ajax({
|
||||||
type: "POST",
|
type: "POST",
|
||||||
url: "login.php",
|
url: "zetatech-admin.php",
|
||||||
data: "username="+username+"&password="+password+"&login=Login",
|
data: "username="+username+"&password="+password+"&login=Login",
|
||||||
success: function(response) {
|
success: function(response) {
|
||||||
|
|
||||||
|
|||||||
@ -1,13 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
||||||
|
|
||||||
|
$state = new \stdClass();
|
||||||
|
|
||||||
if ( isset($_POST['username']) && !empty($_POST['username']) ) {
|
if ( isset($_POST['username']) && !empty($_POST['username']) ) {
|
||||||
if ( isset($_POST['password']) && !empty($_POST['password']) ) {
|
if ( isset($_POST['password']) && !empty($_POST['password']) ) {
|
||||||
|
|
||||||
$bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");
|
$bdd = new mysqli("localhost", "cyber-zetatech-inc", "wY7nhg7xnzmCcJbfz3Gf89qyU5cvpr", "ctf-zetatech-inc");
|
||||||
if ($bdd->connect_errno) {
|
if ($bdd->connect_errno) {
|
||||||
//echo "Echec lors de la connexion à MySQL : (" . $bdd->connect_errno . ") " . $bdd->connect_error;
|
|
||||||
|
|
||||||
$state->return = 'error';
|
$state->return = 'error';
|
||||||
$state->string = 'Connection error';
|
$state->string = 'Connection error';
|
||||||
$state_json = json_encode($state);
|
$state_json = json_encode($state);
|
||||||
@ -19,19 +20,13 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
|||||||
$user = $_POST['username'];
|
$user = $_POST['username'];
|
||||||
$pass = hash("sha256", $_POST['password']);
|
$pass = hash("sha256", $_POST['password']);
|
||||||
$sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
|
$sql = "SELECT user,password FROM access WHERE user='".$user."' AND password='".$pass."'";
|
||||||
//$sql = "SELECT user,password FROM access WHERE user='admin' OR 1=1 LIMIT 1 OFFSET 1";// AND password='".$pass."'";;
|
|
||||||
|
|
||||||
// curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"
|
// curl -X POST http://localhost/netrunner/login.php -d "password=admiefn&login=Login&username=admin' OR 1 LIMIT 1 OFFSET 1 #"
|
||||||
|
|
||||||
//echo "\n";
|
|
||||||
//echo $sql;
|
|
||||||
//echo "\n\n";
|
|
||||||
|
|
||||||
$res = mysqli_query($bdd, $sql);
|
$res = mysqli_query($bdd, $sql);
|
||||||
|
|
||||||
$num_row = mysqli_num_rows($res);
|
$num_row = mysqli_num_rows($res);
|
||||||
$row=mysqli_fetch_assoc($res);
|
$row=mysqli_fetch_assoc($res);
|
||||||
//print_r($row);
|
|
||||||
|
|
||||||
if ($_POST['username'] === "admin") {
|
if ($_POST['username'] === "admin") {
|
||||||
$state->return = 'false';
|
$state->return = 'false';
|
||||||
@ -64,9 +59,4 @@ if (isset($_POST['login']) && $_POST['login'] == 'Login') {
|
|||||||
$state_json = json_encode($state);
|
$state_json = json_encode($state);
|
||||||
echo $state_json;
|
echo $state_json;
|
||||||
|
|
||||||
} else { // DEBUG
|
|
||||||
$state->return = 'form';
|
|
||||||
$state->string = 'Submit form';
|
|
||||||
$state_json = json_encode($state);
|
|
||||||
echo $state_json;
|
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user