$sql = "delete from `order` where id = '{$id}'";
mysqli_query($conn, $sql);
}
function check($conn)
{
$sql = "select count(*) from `order` where uid = 10001";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($result);
if ($row[0] < 2) {
return true;
} else {
return false;
}
}
if (isset($_GET['reset']) && $_GET['reset'] == true) {
resetDB($conn);
}
if (isset($_GET['action']) && $_GET['action'] == 'del') {
$id = isset($_GET['id']) ? $_GET['id'] : "";
$id = mysqli_escape_string($conn, $id);
delOrder($conn, $id);
if (check($conn)) {
echo "<h3>flag{check_the_permission}</h3>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>shopping cart</title>
<meta charset="utf-8">
<?php
function resetDB()
{
try {
$dbh = new PDO('mysql:host=localhost;dbname=CoursPHP', "root", "11Dennis");
$dbh->query("UPDATE jeu SET mWin=0 WHERE id=1");
$dbh->query("UPDATE jeu SET tWin=0 WHERE id=1");
$dbh = null;
} catch (PDOException $e) {
print "Erreur !: " . $e->getMessage() . "<br/>";
die;
}
}
resetDB();
header('Location: Jeu.php');
<?
require_once '../lib/util.php';
require_once '../lib/reset.php';
?>
<html>
<head><title>Admin panel</title></head>
<body>
<div align=center width=500>
<form>
Admin password: <input name=password type=password></input>
</form>
<? if ($_GET['password'] === $adminPassword) { ?>
<a href="/admin.php?password=<?php
echo $adminPassword;
?>
&reset=true">RESET THE DATABASE</a>
<? if ($_GET['reset'] === 'true') { ?>
<? resetDB(); ?>
The database has been reset
<? } ?>
<? } ?>
</div>
</body>
</html>