<?php
$flag = "flag";
if (isset($_GET['name']) and isset($_GET['password']))
{
var_dump($_GET['name']);
echo "
";
var_dump($_GET['password']);
var_dump(sha1($_GET['name']));
var_dump(sha1($_GET['password']));
if ($_GET['name'] == $_GET['password'])
echo '
Your password can not be your name!
';
else if (sha1($_GET['name']) === sha1($_GET['password']))
die('Flag: '.$flag);
else
echo '
Invalid password.
';
}
else
echo '
Login first!
';
?>
if ($_GET['name'] == $_GET['password'])
//判断两个字段是不是相等,==是判断字符。
(sha1($_GET['name']) === sha1($_GET['password']))
//然后sha1可以通过数组来绕过
构造
?name[]=ltz&password[]=