-
Notifications
You must be signed in to change notification settings - Fork 0
/
login.inc.php
39 lines (29 loc) · 1.07 KB
/
login.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?php
if(isset($_POST["submit"])){
require_once 'dbh.inc.php';
require_once 'loginFunctionsALLsafe.inc.php';
/*
-make "functionsBRUTEvuln.inc.php" for brute-force vulenrable
-make "functionsBRUTEsafe.inc.php" for brute-force secure
-make "functionsSQLIvuln.inc.php" for SQLi vulnerable
---------------------------------------------------------------
-make "loginFunctionsALLsafe.php" for Brute, SQLi, captcha, and password encryption: USE THIS FOR ATTACKING PROGRAM!!!!
---------------------------------------------------------------
- 'signupFunctions.inc.php'
- ' OR '1'='1' -- ' OR '1'='1'
*/
$username = $_POST["uid"];
$pwd = $_POST["pwd"];
$username = mysqli_real_escape_string($conn, $username);
$pwd = mysqli_real_escape_string($conn, $pwd);
//comment out the empty password check for SQLi and bruteforce
if(emptyInputLogin($username,$pwd) !== False){
header("location: ../login.php?error=emptylogin");
exit;
}
loginUser($conn, $username, $pwd);
}
else{
header("location: ../login.php");
exit();
}