PHP dvwaGetuser Examples

Example #1

File: dvwaPage.inc.php Project: seclabx/xlabas

function dvwaPageStartup($pActions)
{
    if (in_array('authenticated', $pActions)) {
        if (!dvwaIsLoggedIn()) {
            dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'login.php');
        }
    }
    if (in_array('phpids', $pActions)) {
        if (dvwaPhpIdsIsEnabled()) {
            dvwaPhpIdsTrap();
        }
    }
    if (in_array('admin', $pActions)) {
        if (!xlabisadmin()) {
            dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'login.php');
        }
    }
    $setuser = xlabGetSqli('setuser', $_REQUEST);
    if (dvwaGetuser() == "admin" && !empty($setuser)) {
        $dvwasession =& dvwaSessionGrab();
        $dvwasession['username'] = $setuser;
    }
}

Example #2

File: score.php Project: seclabx/xlabas

    $num = mysql_numrows($result);
    $i = 0;
    while ($i < $num) {
        $pid = mysql_result($result, $i, "pid");
        $user = mysql_result($result, $i, "user");
        $flag = mysql_result($result, $i, "flag");
        $status = mysql_result($result, $i, "status");
        $html .= "</tr><td>{$pid}</td><td>{$user}</td><td>{$flag}</td><td>{$status}</td></tr>";
        $i++;
    }
    return "\n\t<table border=1 width=100%>\n\t<tr>\n\t<th>Pid</th><th>User</th><th>Flag</th><th>Status</th>\n\t</tr>\n\t{$html}\n\t</table>";
}
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'View Score';
$page['page_id'] = 'score';
$page['help_button'] = 'score';
$page['source_button'] = 'score';
$magicQuotesWarningHtml = '';
// Check if Magic Quotes are on or off
if (ini_get('magic_quotes_gpc') == true) {
    $magicQuotesWarningHtml = "\t<div class=\"warning\">Magic Quotes are on, you will not be able to inject SQL.</div>";
}
dvwaMessagePush($_GET['msg']);
if (isset($_GET['view'])) {
    if ($_GET['view'] == dvwaGetuser() or xlabisadmin()) {
        $table = getuserflag(xlabGetSqli('view', $_GET));
    }
} else {
    $table = getuserranking();
}
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>View Score</h1>\n\n\t{$magicQuotesWarningHtml}\n\n\t<div >\n\t{$table}\n\t</div>\n</div>\n";

Example #3

File: security.php Project: seclabx/xlabas

<?php

define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'DVWA Security';
$page['page_id'] = 'security';
$user = dvwaGetuser();
$securityHtml = '';
if (isset($_POST['seclev_submit'])) {
    $securityLevel = 'high';
    dvwaCtfUnSet();
    switch ($_POST['security']) {
        case 'low':
            $securityLevel = 'low';
            break;
        case 'medium':
            $securityLevel = 'medium';
            break;
        case 'ctf':
            if (!dvwaIfCtf()) {
                break;
            }
            dvwaCtfSet();
            $securityLevel = 'ctf';
            break;
    }
    if (dvwaIfWork() and !dvwaIfWork()) {
        $securityLevel = 'high';
    }

Example #4

File: act.php Project: seclabx/xlabas

<?php

define('DVWA_WEB_PAGE_TO_ROOT', '../../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
dvwaDatabaseConnect();
if (isset($_GET['del'])) {
    $name = xlabGetSqli('del', $_GET);
    if ($name == dvwaGetuser() or xlabisadmin()) {
        $sql = "DELETE FROM userflag WHERE user='******'";
        $result = mysql_query($sql);
        dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} succfully!!!");
    } else {
        dvwaRedirect(xlabGetLocation() . "/vulnerabilities/ctf/?pid=score&msg=delete {$name} fail!!!");
    }
}