function dvwaPageStartup($pActions)
{
if (in_array('authenticated', $pActions)) {
if (!dvwaIsLoggedIn()) {
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'login.php');
}
}
if (in_array('phpids', $pActions)) {
if (dvwaPhpIdsIsEnabled()) {
dvwaPhpIdsTrap();
}
}
}
function dvwaPageStartup($pActions)
{
if (in_array('authenticated', $pActions)) {
if (!dvwaIsLoggedIn()) {
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'login.php');
}
}
if (in_array('phpids', $pActions)) {
if (dvwaPhpIdsIsEnabled()) {
dvwaPhpIdsTrap();
}
}
if (in_array('admin', $pActions)) {
if (!xlabisadmin()) {
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'login.php');
}
}
$setuser = xlabGetSqli('setuser', $_REQUEST);
if (dvwaGetuser() == "admin" && !empty($setuser)) {
$dvwasession =& dvwaSessionGrab();
$dvwasession['username'] = $setuser;
}
}
<?php
const DVWA_WEB_PAGE_TO_ROOT = '';
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
if (!dvwaIsLoggedIn()) {
// The user shouldn't even be on this page
//dvwaMessagePush( "You were not logged in" );
dvwaRedirect('login.php');
}
dvwaLogout();
dvwaMessagePush("You have logged out");
dvwaRedirect('login.php');
function dvwaHtmlEcho($pPage)
{
$menuBlocks = array();
$menuBlocks['home'] = array();
if (dvwaIsLoggedIn()) {
$menuBlocks['home'][] = array('id' => 'home', 'name' => 'Home', 'url' => '.');
$menuBlocks['home'][] = array('id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php');
$menuBlocks['home'][] = array('id' => 'setup', 'name' => 'Setup / Reset DB', 'url' => 'setup.php');
} else {
$menuBlocks['home'][] = array('id' => 'setup', 'name' => 'Setup DVWA', 'url' => 'setup.php');
$menuBlocks['home'][] = array('id' => 'instructions', 'name' => 'Instructions', 'url' => 'instructions.php');
}
if (dvwaIsLoggedIn()) {
$menuBlocks['vulnerabilities'] = array();
$menuBlocks['vulnerabilities'][] = array('id' => 'brute', 'name' => 'Brute Force', 'url' => 'vulnerabilities/brute/');
$menuBlocks['vulnerabilities'][] = array('id' => 'exec', 'name' => 'Command Injection', 'url' => 'vulnerabilities/exec/');
$menuBlocks['vulnerabilities'][] = array('id' => 'csrf', 'name' => 'CSRF', 'url' => 'vulnerabilities/csrf/');
$menuBlocks['vulnerabilities'][] = array('id' => 'fi', 'name' => 'File Inclusion', 'url' => 'vulnerabilities/fi/.?page=include.php');
$menuBlocks['vulnerabilities'][] = array('id' => 'upload', 'name' => 'File Upload', 'url' => 'vulnerabilities/upload/');
$menuBlocks['vulnerabilities'][] = array('id' => 'captcha', 'name' => 'Insecure CAPTCHA', 'url' => 'vulnerabilities/captcha/');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli', 'name' => 'SQL Injection', 'url' => 'vulnerabilities/sqli/');
$menuBlocks['vulnerabilities'][] = array('id' => 'sqli_blind', 'name' => 'SQL Injection (Blind)', 'url' => 'vulnerabilities/sqli_blind/');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_r', 'name' => 'XSS (Reflected)', 'url' => 'vulnerabilities/xss_r/');
$menuBlocks['vulnerabilities'][] = array('id' => 'xss_s', 'name' => 'XSS (Stored)', 'url' => 'vulnerabilities/xss_s/');
}
$menuBlocks['meta'] = array();
if (dvwaIsLoggedIn()) {
$menuBlocks['meta'][] = array('id' => 'security', 'name' => 'DVWA Security', 'url' => 'security.php');
$menuBlocks['meta'][] = array('id' => 'phpinfo', 'name' => 'PHP Info', 'url' => 'phpinfo.php');
}
$menuBlocks['meta'][] = array('id' => 'about', 'name' => 'About', 'url' => 'about.php');
if (dvwaIsLoggedIn()) {
$menuBlocks['logout'] = array();
$menuBlocks['logout'][] = array('id' => 'logout', 'name' => 'Logout', 'url' => 'logout.php');
}
$menuHtml = '';
foreach ($menuBlocks as $menuBlock) {
$menuBlockHtml = '';
foreach ($menuBlock as $menuItem) {
$selectedClass = $menuItem['id'] == $pPage['page_id'] ? 'selected' : '';
$fixedUrl = DVWA_WEB_PAGE_TO_ROOT . $menuItem['url'];
$menuBlockHtml .= "<li onclick=\"window.location='{$fixedUrl}'\" class=\"{$selectedClass}\"><a href=\"{$fixedUrl}\">{$menuItem['name']}</a></li>\n";
}
$menuHtml .= "<ul class=\"menuBlocks\">{$menuBlockHtml}</ul>";
}
// Get security cookie --
$securityLevelHtml = '';
switch (dvwaSecurityLevelGet()) {
case 'low':
$securityLevelHtml = 'low';
break;
case 'medium':
$securityLevelHtml = 'medium';
break;
case 'high':
$securityLevelHtml = 'high';
break;
default:
$securityLevelHtml = 'impossible';
break;
}
// -- END (security cookie)
$phpIdsHtml = '<em>PHPIDS:</em> ' . (dvwaPhpIdsIsEnabled() ? 'enabled' : 'disabled');
$userInfoHtml = '<em>Username:</em> ' . dvwaCurrentUser();
$messagesHtml = messagesPopAllToHtml();
if ($messagesHtml) {
$messagesHtml = "<div class=\"body_padded\">{$messagesHtml}</div>";
}
$systemInfoHtml = "";
if (dvwaIsLoggedIn()) {
$systemInfoHtml = "<div align=\"left\">{$userInfoHtml}<br /><em>Security Level:</em> {$securityLevelHtml}<br />{$phpIdsHtml}</div>";
}
if ($pPage['source_button']) {
$systemInfoHtml = dvwaButtonSourceHtmlGet($pPage['source_button']) . " {$systemInfoHtml}";
}
if ($pPage['help_button']) {
$systemInfoHtml = dvwaButtonHelpHtmlGet($pPage['help_button']) . " {$systemInfoHtml}";
}
// Send Headers + main HTML code
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT');
// Date in the past
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>{$pPage['title']}</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/main.css\" />\r\n\r\n\t\t<link rel=\"icon\" type=\"\\image/ico\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "favicon.ico\" />\r\n\r\n\t\t<script type=\"text/javascript\" src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/js/dvwaPage.js\"></script>\r\n\r\n\t</head>\r\n\r\n\t<body class=\"home\">\r\n\t\t<div id=\"container\">\r\n\r\n\t\t\t<div id=\"header\">\r\n\r\n\t\t\t\t<img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/logo.png\" alt=\"Damn Vulnerable Web Application\" />\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"main_menu\">\r\n\r\n\t\t\t\t<div id=\"main_menu_padded\">\r\n\t\t\t\t{$menuHtml}\r\n\t\t\t\t</div>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"main_body\">\r\n\r\n\t\t\t\t{$pPage['body']}\r\n\t\t\t\t<br /><br />\r\n\t\t\t\t{$messagesHtml}\r\n\r\n\t\t\t</div>\r\n\r\n\t\t\t<div class=\"clear\">\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"system_info\">\r\n\t\t\t\t{$systemInfoHtml}\r\n\t\t\t</div>\r\n\r\n\t\t\t<div id=\"footer\">\r\n\r\n\t\t\t\t<p>Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</p>\r\n\r\n\t\t\t</div>\r\n\r\n\t\t</div>\r\n\r\n\t</body>\r\n\r\n</html>";
}
