<?php // Challenge: make this terrible code safe echo "<!doctype html>\n"; /* ALWAYS make sure to use PHP 5.5.0+ */ if (version_compare(PHP_VERSION, '5.5.0', '<')) { echo "You are using PHP " . PHP_VERSION . ". Please update to PHP 5.5.0 or higher."; exit; } $username = (!empty($_GET['username'])) ? : ((!empty($argv[1])) ? : null); $password = (!empty($_GET['password'])) ? : ((!empty($argv[2])) ? : null); if (empty($username) || empty($password)) { echo "No Username/Password Found!"; exit; } /** * While creating a new User we use password_hash() method to * generate a SALT+HASH string and store it * e.g. * $password = password_hash($password, PASSWORD_DEFAULT); */ try { $pdo = new PDO('sqlite::memory:'); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->exec("DROP TABLE IF EXISTS users"); $pdo->exec("CREATE TABLE users (username VARCHAR(255), password VARCHAR(255))"); /* Set ROOT password (SALT+HASH) */ $rootPassword = password_hash("secret", PASSWORD_DEFAULT); $data = ['username' => 'root', 'password' => $rootPassword]; $query = $pdo->prepare("INSERT INTO users (username, password) VALUES (:username, :password)"); $query->bindValue(':username', $data['username'], PDO::PARAM_STR); $query->bindValue(':password', $data['password'], PDO::PARAM_STR); $query->execute(); /* Select Data */ $statement = $pdo->prepare("SELECT * FROM users WHERE username = :username LIMIT 1"); $statement->bindValue(':username', $username, PDO::PARAM_STR); $statement->execute(); $user = $statement->fetch(PDO::FETCH_ASSOC); // Get the single ROW /** * Verify the password using supplied string & stored SALT+HASH * password_verify(supplied, stored) */ if (!empty($user) && password_verify($password, $user['password'])) { echo "Access granted to $username!<br>\n"; } else { echo "Access denied for $username!<br>\n"; } } catch (PDOException $e) { // Print PDOException message echo $e->getMessage(); }
You have javascript disabled. You will not be able to edit any code.