xxxxxxxxxx<html lang = "en"> <head> <title>HackThis!! - Capture the Flag</title> <meta charset = "UTF-8" /> <link href='https://fonts.googleapis.com/css?family=Ubuntu|Orbitron' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="/ctf/css/main.css"> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script> </head> <body> <div class='level_title'> Level 8 </div> <div class='nav'> <a href='/ctf/leaderboard'>Leaderboard</a> | <a href='/ctf/irc'>IRC</a> | <a href='/'>Normal Site</a> | <a href='?logout'>Logout</a> </div> <div class='level_container'> <div style='font-weight: bold; margin-bottom: 4px;'>Login</div> <form autocomplete="off" method="POST"> <input type="text" name="user" data-holder="Username"/><br/> <input type="password" name="pass" data-holder="Password"/><br/> <input type="submit" class="submit" value="Login"/> </form> <a href='/ctf/8?register'>Register</a> | <a href='#' class='view'>View Details</a> </div> <div class='level_code'> <a href='#' class='close'>[X]</a> <div class='code'> <code><span style="color: #000000">donkeydiver is being very abusive,<br />but none of the admins are paying attention.<br />Please block his account but don't delete it.<br /><br /><span style="color: #0000BB"><?php<br /> </span><span style="color: #FF8000">// ...<br /><br /> </span><span style="color: #007700">include(</span><span style="color: #DD0000">"user.inc"</span><span style="color: #007700">);<br /> </span><span style="color: #0000BB">$user </span><span style="color: #007700">= new </span><span style="color: #0000BB">user</span><span style="color: #007700">();<br /><br /> if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'register'</span><span style="color: #007700">])) {<br /> </span><span style="color: #0000BB">$tmp_user </span><span style="color: #007700">= </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'user'</span><span style="color: #007700">];<br /> </span><span style="color: #0000BB">$tmp_pass </span><span style="color: #007700">= </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'pass'</span><span style="color: #007700">];<br /><br /> </span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">register</span><span style="color: #007700">(</span><span style="color: #0000BB">$tmp_user</span><span style="color: #007700">, </span><span style="color: #0000BB">$tmp_pass</span><span style="color: #007700">);<br /> }<br /><br /> if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'out'</span><span style="color: #007700">])) {<br /> </span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">logout</span><span style="color: #007700">();<br /> }<br /><br /> if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'login'</span><span style="color: #007700">])) {<br /> </span><span style="color: #0000BB">$tmp_user </span><span style="color: #007700">= </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'user'</span><span style="color: #007700">];<br /> </span><span style="color: #0000BB">$tmp_pass </span><span style="color: #007700">= </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">'pass'</span><span style="color: #007700">];<br /><br /> </span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">login</span><span style="color: #007700">(</span><span style="color: #0000BB">$tmp_user</span><span style="color: #007700">, </span><span style="color: #0000BB">$tmp_pass</span><span style="color: #007700">);<br /> }<br /><br /> </span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">check</span><span style="color: #007700">();<br /><br /> </span><span style="color: #FF8000">// ...<br /><br /> </span><span style="color: #007700">if (</span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">loggedIn</span><span style="color: #007700">) {<br /> </span><span style="color: #FF8000">// ...<br /> </span><span style="color: #007700">if (isset(</span><span style="color: #0000BB">$_GET</span><span style="color: #007700">[</span><span style="color: #DD0000">'block'</span><span style="color: #007700">]) && </span><span style="color: #0000BB">$user</span><span style="color: #007700">-></span><span style="color: #0000BB">isAdmin</span><span style="color: #007700">()) {<br /> </span><span style="color: #FF8000">// ...<br /> </span><span style="color: #007700">}<br /> } else {<br /> </span><span style="color: #FF8000">// ...<br /> </span><span style="color: #007700">}<br /></span><span style="color: #0000BB">?><br /></span></span></code> </div> </div> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-34026704-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'https://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <script src="/ctf/js/main.js"></script> </body></html> https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js