403Webshell
Server IP : 109.234.162.214  /  Your IP : 216.73.216.222
Web Server : Apache
System : Linux servd162214.srv.odns.fr 4.18.0-372.26.1.lve.1.el8.x86_64 #1 SMP Fri Sep 16 14:08:19 EDT 2022 x86_64
User : carpe ( 1178)
PHP Version : 8.0.30
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/carpe/public_html/CURSED/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/carpe/public_html/CURSED/verif.php
<?php

session_start();
include 'database.php';


$database = new Database();
$connexion = $database->getConnection();


    


if ($connexion) {

    if(isset($_POST['cause'])){
        $cause = $_POST['cause'];
        
        if($cause == "login"){
            if(isset($_POST['nom']) && isset($_POST['mdp'])){
                $error = 0;
                $nom = $_POST['nom'];
                $mdp = $_POST['mdp'];
                
                $sql = "SELECT * FROM users where pseudo = '$nom'";
                $statement = $connexion->prepare($sql);
                $statement->execute();
            
                $results = $statement->fetchAll(PDO::FETCH_ASSOC);
                if(empty($results)){
                    echo "Nom d'utilisateur inconnu";
                }
                foreach ($results as $row) {
                        $username = $row["pseudo"];
                    	$password = $row["mdp"];
                    	if(password_verify($mdp, $password)){
                    	    $_SESSION['login']= $nom;
                            //header("Location: cursed.php");
                            echo "Connexion reussie";
                            //echo json_encode(['success' => true, 'message' => 'Connexion réussie']);
                    	    
                    	}else{
                    	    $error ++;
                    	}
                }
                if($error>0){
                    echo "Mot de passe incorrect";
                }
            }
        }
        if($cause == "register"){
            
            if(isset($_POST['nom']) && isset($_POST['mdp'])){
                $error =  0;
                $nom = $_POST['nom'];
                $mdp = $_POST['mdp'];
                $password = password_hash($mdp, PASSWORD_DEFAULT);
                
                $sql = "SELECT * FROM users";
                $statement = $connexion->prepare($sql);
                $statement->execute();
                
                $results = $statement->fetchAll(PDO::FETCH_ASSOC);
                foreach ($results as $row) {
                    $username = $row["pseudo"];
                    if($nom == $username){
                    	$error++;
                    }
                }
                if($error<1){
                    $sql2 = "INSERT INTO `users`(`pseudo`, `mdp`, `vie`, `vivres`, `gold`, `monde`,`quest`,`niv`,`bateau`,`mess`) VALUES ('$nom','$password','100','100','100','0','1','1','1','1')";
                    $statement2 = $connexion->prepare($sql2);
                    $statement2->execute();
                    echo "Enregistrement réussi";
                    $_SESSION['login']= $nom;
                    

                    
                    //Je pense qu'ici va falloir créer / mettre les bails dans la base de donnée genre vie, vivres etc en fonction du niveau du joueur quand il a cliqué sur s'inscrire.
                }
                
                
                if($error>0){
                    echo "Nom d'utilisateur déja prit";
                }
            }
        }
        
    }
    
    
        
        

}

?>

Youez - 2016 - github.com/yon3zu
LinuXploit