File: login.php

package info (click to toggle)
siege 4.1.6-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 2,676 kB
  • sloc: ansic: 13,015; sh: 9,149; makefile: 160; php: 142; perl: 11
file content (92 lines) | stat: -rw-r--r-- 2,511 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
<?php
  main();

  function main(){
    $arr = array();
    $arr = $_GET + $_POST;
    foreach($arr as $key => $val){
      $arr[$key] = $vay;
      switch($key){
        case "username":
          $username = $val;
          break;
        case "password":
          $password = $val;
          break;
      }
    }
    if(empty($username) && empty($password)){
      login();
      return;
    }
    if($username == "siege" && $password == "haha"){
      success();
      return;
    } else {
      header('HTTP/1.1 403 Forbidden', true, 403);
      print <<<END
<html>
<head><title>SIEGE: Access denied</title></head>
<body>
<h2>Access denied</h2>
Seriously. We provided you with login credentials. How did you mess that up?
</body>
</html>
END;
      exit; 
    }
  }
 
  function success(){
    print <<<END
<HTML>
  <head><title>SIEGE: Successful login</title></head>
  <body>
    <h2>Logged in as "siege"</h2>
    Congratulations. You are able to penetrate our defenses by entering the <br>username and password combination that we provided you on the login page.
  </body>
</HTML>  
END;
  }

  function login(){
    print <<<END
    <HTML>
  <head><title>SIEGE: Login Page</title></head>
  <body>
    <h2>Restricted area</h2>
    <form name='login' action='login.php' method='GET'>
    <table>
      <tr>
        <td colspan='2'>Welcome to the top-secret siege login page. To login, user the following credentials:<br><br>
                        <code>
                        username: siege<br>
                        password: haha
                        </code>
                        <br><br>
                        This page accepts both GET and POST requests. You may construct siege URLs in either manner:<br><br>
                        <code>
                        siege -c1 -r1 "http://my.server.com/login.php?username=siege&password=haha"<br>
                        </code>OR<br>
                        <code>
                        siege -c1 -r1 "http://my.server.com/login.php POST username=siege&password=haha"
                        </code>
                        <br><br> 
      </tr>
      <tr>
        <td>Username: </td><td><input type='text' name='username' value='' size='30'></td>
      </tr>
      <tr>
        <td>Password: </td><td><input type='password' name='password' value='' size='30'></td>
      </tr>
      <tr>
        <td></td><td><input type='submit' name='submit' value=' OK '></td>
      </tr>
    </table> 
    </form>
  </body>
</HTML> 
END;
  }

?>