<?php
if (isset($_GET['view-source'])) {
show_source(__FILE__);
exit();
}
include("../lib.php"); // include for auth_code function.
/*******************************************************
- DB SCHEMA (initilizing)
create table accounts(
idx int auto_increment primary key,
user_id varchar(32) not null unique,
user_ps varchar(64) not null,
encrypt_ss text not null
);
********************************************************/
function db_conn(){
mysql_connect("localhost","login_with_cryp","login_with_crypto_but_pz");
mysql_select_db("login_with_crypto_but");
}
function init(){
db_conn();
$password = crypt(rand().sha1(file_get_contents("/var/lib/dummy_file").rand())).rand();
mysql_query("insert into accounts values (null,'admin','{$password}','".sucker_enc('881114')."')"); // admin`s password is secret! xD
mysql_query("insert into accounts values (null,'guest','guest','".sucker_enc('000000')."')");
}
//init(); // create user for initializing
function enc($str){
$s_key = "L0V3LySH:butsheismyxgf..";
$s_vector_iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_ECB), MCRYPT_RAND);
$en_str = mcrypt_encrypt(MCRYPT_3DES, $s_key, $str, MCRYPT_MODE_ECB, $s_vector_iv);
$en_base64 = base64_encode($en_str);
$en_hex = bin2hex($en_str);
return $en_hex;
}
function sucker_enc($str){
for($i=0;$i<8;$i++) $str = enc($str);
return $str;
}
function get_password($user,$ssn){
db_conn();
$user = mysql_real_escape_string($user);
$ssn = mysql_real_escape_string($ssn);
$result = mysql_query("select user_ps from accounts where user_id='{$user}' and encrypt_ss='".sucker_enc($ssn)."'");
$row = mysql_fetch_array($result);
if ($row === false) {
die("there is not valid account!");
}
return $row[0];
}
ini_set("display_errors", true);
if( (isset($_POST['user']) && isset($_POST['ssn']) && isset($_POST['pass'])) ){
sleep(2); // do not bruteforce !!!! this challenge is not for bruteforce!!
if($_POST['pass'] == get_password($_POST['user'],$_POST['ssn'])){
if($_POST['user'] == "admin"){
echo "Login Success!!! PASSWORD IS : <b>".auth_code("login with crypto! but..")."</b>";
}else{
echo "Login Success. but you r not 'admin'..";
}
}else{
echo "Login Failed";
}
}
?>
<hr />
<form method="post" action="./index.php">
<table>
<tr><td>Identify</td><td><input type='text' value='guest' maxlength='32' name='user' /></td>
<tr><td>Social Security</td><td><input type='text' maxlength='6' value='000000' name='ssn' /></td>
<tr><td>PASSWORD</td><td><input type='text' value='guest' name='pass' /></td>
<tr><td colspan="2"><input type="submit" value="Login" /></td></tr>
</table>
</form>
<hr />
<a href='./?view-source'>GET SOURCE</a>