Beispiel #1
0
    $sql = "delete from `order` where id = '{$id}'";
    mysqli_query($conn, $sql);
}
function check($conn)
{
    $sql = "select count(*) from `order` where uid = 10001";
    $result = mysqli_query($conn, $sql);
    $row = mysqli_fetch_row($result);
    if ($row[0] < 2) {
        return true;
    } else {
        return false;
    }
}
if (isset($_GET['reset']) && $_GET['reset'] == true) {
    resetDB($conn);
}
if (isset($_GET['action']) && $_GET['action'] == 'del') {
    $id = isset($_GET['id']) ? $_GET['id'] : "";
    $id = mysqli_escape_string($conn, $id);
    delOrder($conn, $id);
    if (check($conn)) {
        echo "<h3>flag{check_the_permission}</h3>";
    }
}
?>
<!DOCTYPE html>
<html>
<head>
	<title>shopping cart</title>
	<meta charset="utf-8">
Beispiel #2
0
<?php

function resetDB()
{
    try {
        $dbh = new PDO('mysql:host=localhost;dbname=CoursPHP', "root", "11Dennis");
        $dbh->query("UPDATE jeu SET mWin=0 WHERE id=1");
        $dbh->query("UPDATE jeu SET tWin=0 WHERE id=1");
        $dbh = null;
    } catch (PDOException $e) {
        print "Erreur !: " . $e->getMessage() . "<br/>";
        die;
    }
}
resetDB();
header('Location: Jeu.php');
Beispiel #3
0
<?
    require_once '../lib/util.php';
    require_once '../lib/reset.php';
?>
<html>
    <head><title>Admin panel</title></head>
    <body>
        <div align=center width=500>
            <form>
                Admin password: <input name=password type=password></input>
            </form>
            <? if ($_GET['password'] === $adminPassword) { ?>
                <a href="/admin.php?password=<?php 
echo $adminPassword;
?>
&reset=true">RESET THE DATABASE</a>
                <? if ($_GET['reset'] === 'true') { ?>
                    <? resetDB(); ?>
                    The database has been reset
                <? } ?>
            <? } ?>
        </div>
    </body>
</html>