<?php
// Challenge: make this terrible code safe
echo "<!doctype html>\n";
/* ALWAYS make sure to use PHP 5.5.0+ */
if (version_compare(PHP_VERSION, '5.5.0', '<')) {
echo "You are using PHP " . PHP_VERSION . ". Please update to PHP 5.5.0 or higher.";
exit;
}
$username = (!empty($_GET['username'])) ? : ((!empty($argv[1])) ? : null);
$password = (!empty($_GET['password'])) ? : ((!empty($argv[2])) ? : null);
if (empty($username) || empty($password)) {
echo "No Username/Password Found!";
exit;
}
/**
* While creating a new User we use password_hash() method to
* generate a SALT+HASH string and store it
* e.g.
* $password = password_hash($password, PASSWORD_DEFAULT);
*/
try {
$pdo = new PDO('sqlite::memory:');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$pdo->exec("DROP TABLE IF EXISTS users");
$pdo->exec("CREATE TABLE users (username VARCHAR(255), password VARCHAR(255))");
/* Set ROOT password (SALT+HASH) */
$rootPassword = password_hash("secret", PASSWORD_DEFAULT);
$data = ['username' => 'root', 'password' => $rootPassword];
$query = $pdo->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
$query->bindValue(':username', $data['username'], PDO::PARAM_STR);
$query->bindValue(':password', $data['password'], PDO::PARAM_STR);
$query->execute();
/* Select Data */
$statement = $pdo->prepare("SELECT * FROM users WHERE username = :username LIMIT 1");
$statement->bindValue(':username', $username, PDO::PARAM_STR);
$statement->execute();
$user = $statement->fetch(PDO::FETCH_ASSOC); // Get the single ROW
/**
* Verify the password using supplied string & stored SALT+HASH
* password_verify(supplied, stored)
*/
if (!empty($user) && password_verify($password, $user['password'])) {
echo "Access granted to $username!<br>\n";
} else {
echo "Access denied for $username!<br>\n";
}
} catch (PDOException $e) {
// Print PDOException message
echo $e->getMessage();
}
preferences:
35.32 ms | 402 KiB | 5 Q