function dvwaGuestbook()
{
$query = "SELECT name, comment FROM guestbook";
$result = mysql_query($query);
$guestbook = '';
while ($row = mysql_fetch_row($result)) {
if (dvwaSecurityLevelGet() == 'high' || dvwaIsCtf() || dvwaIfWork()) {
$name = htmlspecialchars($row[0]);
$comment = htmlspecialchars($row[1]);
} else {
$name = $row[0];
$comment = $row[1];
}
$guestbook .= "<div id=\"guestbook_comments\">Name: {$name} <br />" . "Message: {$comment} <br /></div>";
}
return $guestbook;
}
<?php
define('DVWA_WEB_PAGE_TO_ROOT', '../../');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('authenticated', 'phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Work';
$page['page_id'] = 'work';
if (!dvwaIfWork()) {
exit;
}
dvwaDatabaseConnect();
$user = dvwaCurrentUser();
$html = '';
if (isset($_GET['act']) && $_GET['act'] == 'detail') {
$date = $_GET['date'];
$author = $_GET['user'];
if ($user == "admin") {
$sql = "select * from report where date='{$date}' and name='{$author}'";
} else {
$sql = "select * from report where name='{$user}' and date='{$date}'";
}
#echo $sql;
$result = mysql_query($sql);
$num = mysql_numrows($result);
if ($num > 0) {
$date = mysql_result($result, 0, "date");
$name = mysql_result($result, 0, "name");
$report = mysql_result($result, 0, "report");
}
/*
switch ($_POST['security']) {
case 'low':
$securityLevel = 'low';
break;
case 'medium':
$securityLevel = 'medium';
break;
case 'ctf':
if (!dvwaIfCtf()) {
break;
}
dvwaCtfSet();
$securityLevel = 'ctf';
break;
}
if (dvwaIfWork() and !dvwaIfWork()) {
$securityLevel = 'high';
}
dvwaSecurityLevelSet($securityLevel);
dvwaMessagePush("Security level set to {$securityLevel}");
dvwaPageReload();
}
if (isset($_GET['phpids']) and xlabisadmin()) {
switch ($_GET['phpids']) {
case 'on':
dvwaPhpIdsEnabledSet(true);
dvwaMessagePush("PHPIDS is now enabled");
break;
case 'off':
dvwaPhpIdsEnabledSet(false);
dvwaMessagePush("PHPIDS is now disabled");
