3v4l.org

run code in 200+ php & hhvm versions
Bugs & Features
<?php $unserialize_str = 'a:2:{s:4:"user";b:1;s:4:"pass";b:"s878926199a";}'; $u=unserialize($unserialize_str); echo $u; $_POST='a:3:{s:8:"username";b:1;s:8:"password";b:s878926199a;s:5:"login";s:5:"Login";}'; //$USER="ADMIN"; //$PASS="PASS"; $P=unserialize($_POST); echo $P; if(isset($_POST['login'])) { $user = addslashes($_POST['username']); if(strlen($user)>50) die("用户名长度不能超过50个字符"); $user=urldecode($user); $user_arr=unserialize($user); $pass = addslashes($_POST['password']); $adminpass="!1793422703!"; if($pass==$adminpass){die("请勿攻击admin账户!");} if(md5($pass)==md5($adminpass)){ if($user_arr['user']==$USER && $user_arr['pass']==$PASS) echo "Well done, the key:".$KEY;//KEY隐藏了 else die("用户名错误"); }else{ die("密码错误!"); } } ?>
based on kcgjI
Output for 5.5.0 - 7.3.1
Notice: unserialize(): Error at offset 31 of 48 bytes in /in/niafh on line 3 Notice: unserialize(): Error at offset 39 of 78 bytes in /in/niafh on line 9