-
Notifications
You must be signed in to change notification settings - Fork 1
/
signup.php
executable file
·60 lines (59 loc) · 2.05 KB
/
signup.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php
function check($str)
{
if (!strstr($str,'!')&&!strstr($str,'@')&&!strstr($str,'#')&&!strstr($str,'$')&&!strstr($str,'%')&&!strstr($str,'^')&&!strstr($str,'&')&&!strstr($str,'*')&&!strstr($str,'(')&&!strstr($str,')')&&!strstr($str,'-')&&!strstr($str,'_')&&!strstr($str,'=')&&!strstr($str,'+')&&!strstr($str,'[')&&!strstr($str,']')&&!strstr($str,'"')&&!strstr($str,'\'')&&!strstr($str,';')&&!strstr($str,'<')&&!strstr($str,'>')&&!strstr($str,'?')&&!strstr($str,'`')&&!strstr($str,'~')&&!strstr($str,'\\')&&!strstr($str,'/')&&!strstr($str,'|')) {
return TRUE;
}
else{
return FALSE;
}
}
$user = "ezbabyctf";
$passwd = "ezbabyctf";
$db = "ezbabyctf";
$tb = "users";
$conn = new mysqli("localhost",$user,$passwd,$db);
if($conn->connect_error){
die("Connection faild.".$conn->connect_error);
}
else{
if(isset($_GET["flag"])&&isset($_GET["name"])){
$name = urldecode($_GET["name"]);
if(!check($name)){
exit("false");
}
mysqli_query($conn,"SET NAMES UTF8");
$s1 = "select * from ".$tb." where name=\"".$name."\"";
$conn->query($s1);
if(mysqli_affected_rows($conn)!=0){
exit("false");
}
else{
exit("true");
}
}
elseif(isset($_GET["name"])&&isset($_GET["password"])){
$name = urldecode($_GET["name"]);
$password = urldecode($_GET["password"]);
if (!check($name)||!check($password)) {
die("Invalid call.");}
$id = md5($name);
$team = "__NONE__";
$s2 = "insert into ".$tb." (`id`,`name`,`team`,`password`) values (\"".$id."\",\"".$name."\",\"".$team."\",\"".$password."\");";
$conn->query($s2);
//echo $s2;
// mysqli_query($conn,$s2);
if(mysqli_affected_rows($conn)!=-1){
echo "Successfully sign up!";
//setcookie("salt",$id.time());
//header("Location:index.html");
}
else{
die("Tamper with the package is invalid!");
}
}
else{
die("Invalid call.");
}
}
?>