[PHP] 纯文本查看 复制代码
Masel's secure site
include("auth.php");
$servername = $host;
$username = $dbuser;
$password = $dbpass;
$database = $dbname;
error_reporting(0);
if($_POST["user"] && $_POST["pass"]) {
$conn = mysqli_connect($servername, $username, $password, $database);
if ($conn->connect_error) {
die("Connection failed: " . mysqli_error($conn));
}
$user = $_POST["user"];
$pass = $_POST["pass"];
$sql = "select user from user where pw='$pass'";
//echo $sql;
$query = mysqli_query($conn,$sql);
if (!$query) {
printf("Error: %s\n", mysqli_error($conn));
exit();
}
$row = mysqli_fetch_array($query);
//echo $row["pw"];
if ($row[user]){
if ($row[user] == "flag" && $user=="flag") {
echo "
Logged in! Flag: ******************
";}
else{
echo "
Password is right, but it's not for the flag
";}
}
else {
echo("
Wrong password!
");}
}
?>