3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php $unserialize_str = 'a:2:{s:4:"user";b:1;s:4:"pass";b:"s878926199a";}'; echo unserialize($unserialize_str); $_POST='a:3:{s:8:"username";b:1;s:8:"password";b:0;s:5:"login";s:5:"Login";}'; //$USER="ADMIN"; //$PASS="PASS"; $P=unserialize($_POST); echo $P; if(isset($_POST['login'])) { $user = addslashes($_POST['username']); if(strlen($user)>50) die("用户名长度不能超过50个字符"); $user=urldecode($user); $user_arr=unserialize($user); $pass = addslashes($_POST['password']); $adminpass="!1793422703!"; if($pass==$adminpass){die("请勿攻击admin账户!");} if(md5($pass)==md5($adminpass)){ if($user_arr['user']==$USER && $user_arr['pass']==$PASS) echo "Well done, the key:".$KEY;//KEY隐藏了 else die("用户名错误"); }else{ die("密码错误!"); } } ?>
based on V57Yg
Output for 5.5.0 - 7.3.0rc3
Notice: unserialize(): Error at offset 31 of 48 bytes in /in/A7cZH on line 4 Notice: Array to string conversion in /in/A7cZH on line 10 Array