Username: 
Password: 
Restrict session to IP 
Questions  |  score: 3  |  3.35 5.69 5.65 |  Solved By 542 People  |  145588 views  |  since Oct 09, 2011 - 09:58:45

Are you serial (PHP)

Are You Serial?
We are serialsly trying to build a secure website.
This time, we have it secure and extensible, and of course you can see all the sourcecode again:

code.php
insecure.inc.php
SERIAL_LoginForm.php
SERIAL_LogoutForm.php
SERIAL_Solution.php
SERIAL_User.php

As always, code you see is code in use.
GeSHi`ed PHP code for code.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
54
5556
57
58
59
6061
62
63
64
<?php
chdir('../../');
define('GWF_PAGE_TITLE', 'Are you serial');
require_once('challenge/gwf_include.php');
GWF_Module::loadModuleDB('WeChall', true, true);GWF_Module::loadModuleDB('Forum', true, true);
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE)))
{
        $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 3, 'challenge/are_you_serial/index.php');
} 
# --- 8< --- 8< --- SNIP --- 8< --- 8< --- #
# The new fast code!
 
require_once 'insecure.inc.php';$form = new SERIAL_LoginForm();
$form_logout = new SERIAL_LogoutForm();
 
### Action
# Login all the usersif (isset($_POST['login']))
{
        $form->execute(Common::getPostString('username'));
}
# Logout all the userselseif (isset($_POST['logout']))
{
        $form_logout->execute();
}
 ### Display
echo $gwf->onDisplayHead();
 
$chall->showHeader();
 # MEH
GWF_Debug::setDieOnError(false);
GWF_Debug::setMailOnError(false);
 
# Logged in userif (false !== ($user = unserialize(Common::getCookie('serial_user', ''))))
{
        # Show welcome screen
        echo GWF_HTML::message('Serial Challenger', $chall->lang('msg_wb', array(htmlspecialchars($user->getUsername()), $user->getPassword(), $user->getUserlevel())));
                # Show logout form
        echo $form_logout->serial_formz()->templateY($chall->lang('ft_logout'));
}
# Guest
else{
        # Show login form
        echo $form->serial_formz()->templateY($chall->lang('ft_login'));
}
# --- 8< --- 8< --- SNIP --- 8< --- 8< --- # 
# MEH
GWF_Debug::setDieOnError(true);
GWF_Debug::setMailOnError(true);
 echo $chall->copyrightFooter();
require_once 'challenge/html_foot.php';
?>
 
© 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 and 2019 by Gizmore