- preg_match: documentation ( source)
<?php
$dn="admin";
$pass="\x00\x41";
if (empty($dn) or empty($pass)) { exit(); } //check for empty strings
if (preg_match('/[^a-zA-Z]/',$dn) or preg_match('/[^a-zA-Z0-9\x20!@#$%^&*()]/',$pass)) { exit(); } //check for expected values (whitelisting)
//if (preg_match('/\x00/',$dn) or preg_match('/\x00/',$pass)) { exit(); } //check for null byte (blacklisting)
$ldapconn=ldap_connect("challenge01.root-me.org", "54013") or die("Could not connect to LDAP server.");
if ($ldapconn) {
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
$ldapbind=ldap_bind($ldapconn, $dn, $pass);
if ($ldapbind) {
echo("success");
} else {
echo("fail");
}
}
?>