forked from piqah/DevWeb
admin
fcbf1f47de
Une race condition est possible en ne définissant pas $_SESSION['admin']. Comme on est dans un échec, il faut le mettre à false.
22 lines
539 B
PHP
22 lines
539 B
PHP
<?php
|
|
require 'includes/config.php';
|
|
require 'includes/header.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
if ($_POST['user'] === ADMIN_USER && $_POST['pass'] === ADMIN_PASS) {
|
|
$_SESSION['admin'] = true;
|
|
header("Location: flag.php");
|
|
exit;
|
|
}
|
|
$_SESSION['admin'] = false;
|
|
echo "Hehehe bien tenté! ;) mais non";
|
|
}
|
|
?>
|
|
<form method="POST">
|
|
<input name="user" placeholder="user">
|
|
<input name="pass" type="password" placeholder="password">
|
|
<button>Login</button>
|
|
</form>
|
|
|
|
<?php require 'includes/footer.php'; ?>
|