3v4l.org

run code in 300+ PHP versions simultaneously
<?php // http://sudobash.net/?p=736 session_start(); session_destroy(); if(!isset($_POST['user'])){ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> <!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> --> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>LOGIN TITLE</title> </head> <body> <table align="center" height="200px" id="content"> <tr> <td valign="middle"> <h2>TITLE Login</h2> <form action="login.php" method="POST"> <tt>RAC Username:</tt> <input type="text" name="user" size="30" /><br /> <tt>RAC Password:</tt> <input type="password" name="password" size="30" /> <input type="submit" value="Login" name="submit" /> </form> </td> </tr> </table> </body> </html> <?php } ?> <?php if(isset($_POST['user'])){ ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> <!-- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> --> <head> <title>LOGIN RESULTS TITLE</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <?php include 'conf.php'; // Don't display the warnings - we are already setup to annoy the user ini_set( "display_errors", 0); // No funny stuff! $user = htmlspecialchars($_POST['user']); $user = explode(" ", $user); $user = $user[0]; $user = preg_replace("/[^a-zA-Z0-9_]/", "", $user); $filter = "admin=" . $user; // Connect to the LDAP server. $ldapconn = ldap_connect($server, $port) or die("Could not connect to " . $server . ":" . $port . "."); // Bind with rootreader to the LDAP server to search and retrieve DN. $ldapbind = ldap_bind($ldapconn) or die("Could not bind - contact admin@adamskalicky.com"); $result = ldap_search($ldapconn,$basedn,$filter) or die ("Search error."); $entries = ldap_get_entries($ldapconn, $result); $binddn = $entries[0]["dn"]; // Bind again using the DN retrieved. If this bind is successful, // then the user has managed to authenticate. $ldapbind = ldap_bind($ldapconn, $binddn, $_POST['password']); if ($ldapbind) { echo "<center><h2>Successful authentication for <span style='color: #000;'>" . $user . "</span></center>"; ?> <table align="center" height="200px" id="content"> <tr> <td valign="middle"> <form action="restricted.php" method="post"> <input type="hidden" name='user' value="<?=$user;?>" > <input type="submit" value="Great, Let's go!" > </form> </td> </tr> </table> <?php } else { echo "<center><h2>Failed authentication for <span style='color: #000;'>" . $user . "</span><br /><br /> <a href='login.php'>Try again</a></center>"; } ldap_close($ldapconn); ?> </body> </html> <?php } ?>
Finding entry points
Branch analysis from position: 0
2 jumps found. (Code = 43) Position 1 = 8, Position 2 = 9
Branch analysis from position: 8
2 jumps found. (Code = 43) Position 1 = 13, Position 2 = 100
Branch analysis from position: 13
2 jumps found. (Code = 47) Position 1 = 46, Position 2 = 52
Branch analysis from position: 46
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 52
2 jumps found. (Code = 47) Position 1 = 57, Position 2 = 59
Branch analysis from position: 57
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 59
2 jumps found. (Code = 47) Position 1 = 66, Position 2 = 68
Branch analysis from position: 66
1 jumps found. (Code = 79) Position 1 = -2
Branch analysis from position: 68
2 jumps found. (Code = 43) Position 1 = 86, Position 2 = 93
Branch analysis from position: 86
1 jumps found. (Code = 42) Position 1 = 96
Branch analysis from position: 96
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 93
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 100
Branch analysis from position: 9
filename:       /in/lnQqE
function name:  (null)
number of ops:  101
compiled vars:  !0 = $user, !1 = $filter, !2 = $ldapconn, !3 = $server, !4 = $port, !5 = $ldapbind, !6 = $result, !7 = $basedn, !8 = $entries, !9 = $binddn
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   INIT_FCALL                                               'session_start'
          1        DO_ICALL                                                 
    4     2        INIT_FCALL                                               'session_destroy'
          3        DO_ICALL                                                 
    6     4        FETCH_IS                                         ~12     '_POST'
          5        ISSET_ISEMPTY_DIM_OBJ                         0  ~13     ~12, 'user'
          6        BOOL_NOT                                         ~14     ~13
          7      > JMPZ                                                     ~14, ->9
    8     8    >   ECHO                                                     '%0A%3C%21DOCTYPE+html+PUBLIC+%22-%2F%2FW3C%2F%2FDTD+XHTML+1.1%2F%2FEN%22+%22http%3A%2F%2Fwww.w3.org%2FTR%2Fxhtml11%2FDTD%2Fxhtml11.dtd%22%3E%0A+%3Chtml+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml%22+dir%3D%22ltr%22%3E%0A++%3C%21--+%3C%21DOCTYPE+HTML+PUBLIC+%22-%2F%2FW3C%2F%2FDTD+HTML+4.01+Transitional%2F%2FEN%22%3E+--%3E%0A+%3Chead%3E%0A+++%3Cmeta+http-equiv%3D%22Content-Type%22+content%3D%22text%2Fhtml%3B+charset%3Diso-8859-1%22%3E%0A%0A%3Ctitle%3ELOGIN+TITLE%3C%2Ftitle%3E%0A%3C%2Fhead%3E%0A%3Cbody%3E%0A++++%3Ctable+align%3D%22center%22+height%3D%22200px%22+id%3D%22content%22%3E%0A++++++%3Ctr%3E%0A++++++++%3Ctd+valign%3D%22middle%22%3E%0A++++++++++%3Ch2%3ETITLE+Login%3C%2Fh2%3E%0A++++++++++%3Cform+action%3D%22login.php%22+method%3D%22POST%22%3E%0A++++++++++++++%3Ctt%3ERAC+Username%3A%3C%2Ftt%3E%0A++++++++++++++%3Cinput+type%3D%22text%22+name%3D%22user%22+size%3D%2230%22+%2F%3E%3Cbr+%2F%3E%0A++++++++++++++%3Ctt%3ERAC+Password%3A%3C%2Ftt%3E%0A++++++++++++++%3Cinput+type%3D%22password%22+name%3D%22password%22+size%3D%2230%22+%2F%3E%0A++++++++++++++%3Cinput+type%3D%22submit%22+value%3D%22Login%22+name%3D%22submit%22+%2F%3E%0A++++++++++%3C%2Fform%3E%0A++++++++%3C%2Ftd%3E%0A++++++%3C%2Ftr%3E%0A++++%3C%2Ftable%3E%0A%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A%0A'
   39     9    >   ECHO                                                     '%0A'
   41    10        FETCH_IS                                         ~15     '_POST'
         11        ISSET_ISEMPTY_DIM_OBJ                         0          ~15, 'user'
         12      > JMPZ                                                     ~16, ->100
   43    13    >   ECHO                                                     '%0A%3C%21DOCTYPE+html+PUBLIC+%22-%2F%2FW3C%2F%2FDTD+XHTML+1.1%2F%2FEN%22+%22http%3A%2F%2Fwww.w3.org%2FTR%2Fxhtml11%2FDTD%2Fxhtml11.dtd%22%3E%0A+%3Chtml+xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml%22+dir%3D%22ltr%22%3E%0A++%3C%21--+%3C%21DOCTYPE+HTML+PUBLIC+%22-%2F%2FW3C%2F%2FDTD+HTML+4.01+Transitional%2F%2FEN%22%3E+--%3E%0A+%3Chead%3E%0A++%3Ctitle%3ELOGIN+RESULTS+TITLE%3C%2Ftitle%3E%0A+++%3Cmeta+http-equiv%3D%22Content-Type%22+content%3D%22text%2Fhtml%3B+charset%3Diso-8859-1%22%3E%0A%0A+%3C%2Fhead%3E%0A++%3Cbody%3E%0A++++++++'
   54    14        INCLUDE_OR_EVAL                                          'conf.php', INCLUDE
   56    15        INIT_FCALL                                               'ini_set'
         16        SEND_VAL                                                 'display_errors'
         17        SEND_VAL                                                 0
         18        DO_ICALL                                                 
   58    19        INIT_FCALL                                               'htmlspecialchars'
         20        FETCH_R                      global              ~19     '_POST'
         21        FETCH_DIM_R                                      ~20     ~19, 'user'
         22        SEND_VAL                                                 ~20
         23        DO_ICALL                                         $21     
         24        ASSIGN                                                   !0, $21
   59    25        INIT_FCALL                                               'explode'
         26        SEND_VAL                                                 '+'
         27        SEND_VAR                                                 !0
         28        DO_ICALL                                         $23     
         29        ASSIGN                                                   !0, $23
   60    30        FETCH_DIM_R                                      ~25     !0, 0
         31        ASSIGN                                                   !0, ~25
   61    32        INIT_FCALL                                               'preg_replace'
         33        SEND_VAL                                                 '%2F%5B%5Ea-zA-Z0-9_%5D%2F'
         34        SEND_VAL                                                 ''
         35        SEND_VAR                                                 !0
         36        DO_ICALL                                         $27     
         37        ASSIGN                                                   !0, $27
   63    38        CONCAT                                           ~29     'admin%3D', !0
         39        ASSIGN                                                   !1, ~29
   66    40        INIT_FCALL_BY_NAME                                       'ldap_connect'
         41        SEND_VAR_EX                                              !3
         42        SEND_VAR_EX                                              !4
         43        DO_FCALL                                      0  $31     
         44        ASSIGN                                           ~32     !2, $31
         45      > JMPNZ_EX                                         ~32     ~32, ->52
   67    46    >   CONCAT                                           ~33     'Could+not+connect+to+', !3
         47        CONCAT                                           ~34     ~33, '%3A'
         48        CONCAT                                           ~35     ~34, !4
         49        CONCAT                                           ~36     ~35, '.'
         50      > EXIT                                                     ~36
         51*       BOOL                                             ~32     <true>
   70    52    >   INIT_FCALL_BY_NAME                                       'ldap_bind'
         53        SEND_VAR_EX                                              !2
         54        DO_FCALL                                      0  $37     
         55        ASSIGN                                           ~38     !5, $37
         56      > JMPNZ_EX                                         ~38     ~38, ->59
         57    > > EXIT                                                     'Could+not+bind+-+contact+admin%40adamskalicky.com'
         58*       BOOL                                             ~38     <true>
   71    59    >   INIT_FCALL_BY_NAME                                       'ldap_search'
         60        SEND_VAR_EX                                              !2
         61        SEND_VAR_EX                                              !7
         62        SEND_VAR_EX                                              !1
         63        DO_FCALL                                      0  $39     
         64        ASSIGN                                           ~40     !6, $39
         65      > JMPNZ_EX                                         ~40     ~40, ->68
         66    > > EXIT                                                     'Search+error.'
         67*       BOOL                                             ~40     <true>
   72    68    >   INIT_FCALL_BY_NAME                                       'ldap_get_entries'
         69        SEND_VAR_EX                                              !2
         70        SEND_VAR_EX                                              !6
         71        DO_FCALL                                      0  $41     
         72        ASSIGN                                                   !8, $41
   73    73        FETCH_DIM_R                                      ~43     !8, 0
         74        FETCH_DIM_R                                      ~44     ~43, 'dn'
         75        ASSIGN                                                   !9, ~44
   77    76        INIT_FCALL_BY_NAME                                       'ldap_bind'
         77        SEND_VAR_EX                                              !2
         78        SEND_VAR_EX                                              !9
         79        CHECK_FUNC_ARG                                           
         80        FETCH_FUNC_ARG               global              $46     '_POST'
         81        FETCH_DIM_FUNC_ARG                               $47     $46, 'password'
         82        SEND_FUNC_ARG                                            $47
         83        DO_FCALL                                      0  $48     
         84        ASSIGN                                                   !5, $48
   78    85      > JMPZ                                                     !5, ->93
   79    86    >   CONCAT                                           ~50     '%3Ccenter%3E%3Ch2%3ESuccessful+authentication+for+%3Cspan+style%3D%27color%3A+%23000%3B%27%3E', !0
         87        CONCAT                                           ~51     ~50, '%3C%2Fspan%3E%3C%2Fcenter%3E'
         88        ECHO                                                     ~51
   80    89        ECHO                                                     '+++%3Ctable+align%3D%22center%22+height%3D%22200px%22+id%3D%22content%22%3E%0A+++++++++++++%3Ctr%3E%0A+++++++++++++++%3Ctd+valign%3D%22middle%22%3E%0A+++++++++++++++++%3Cform+action%3D%22restricted.php%22+method%3D%22post%22%3E%0A+++++++++++++++++++%3Cinput+type%3D%22hidden%22+name%3D%27user%27+value%3D%22'
   84    90        ECHO                                                     !0
         91        ECHO                                                     '%22+%3E%0A+++++++++++++++++++%3Cinput+type%3D%22submit%22+value%3D%22Great%2C+Let%27s+go%21%22+%3E%0A+++++++++++++++++%3C%2Fform%3E%0A+++++++++++++++%3C%2Ftd%3E%0A+++++++++++++%3C%2Ftr%3E%0A++++++++++++++%3C%2Ftable%3E%0A++++++++'
   78    92      > JMP                                                      ->96
   92    93    >   CONCAT                                           ~52     '%3Ccenter%3E%3Ch2%3EFailed+authentication+for+%3Cspan+style%3D%27color%3A+%23000%3B%27%3E', !0
         94        CONCAT                                           ~53     ~52, '%3C%2Fspan%3E%3Cbr+%2F%3E%3Cbr+%2F%3E%0A++++++++++++++++++%3Ca+href%3D%27login.php%27%3ETry+again%3C%2Fa%3E%3C%2Fcenter%3E'
         95        ECHO                                                     ~53
   96    96    >   INIT_FCALL_BY_NAME                                       'ldap_close'
         97        SEND_VAR_EX                                              !2
         98        DO_FCALL                                      0          
   98    99        ECHO                                                     '%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A'
  103   100    > > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
147.11 ms | 1024 KiB | 19 Q