$page['source_button'] = 'sqli';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
case 'low':
$vulnerabilityFile = 'low.php';
break;
case 'medium':
$vulnerabilityFile = 'medium.php';
break;
case 'high':
default:
$vulnerabilityFile = 'high.php';
break;
}
// Anti-CSRF
if ($vulnerabilityFile == 'high.php') {
generateTokens();
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/sqli/source/{$vulnerabilityFile}";
$magicQuotesWarningHtml = '';
// Check if Magic Quotes are on or off
if (ini_get('magic_quotes_gpc') == true) {
$magicQuotesWarningHtml = "<div class=\"warning\">Magic Quotes are on, you will not be able to inject SQL.</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: SQL Injection</h1>\r\n\r\n\t{$magicQuotesWarningHtml}\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<form action=\"#\" method=\"GET\">\r\n\t\t\t<p>\r\n\t\t\t\tUser ID:\r\n\t\t\t\t<input type=\"text\" size=\"15\" name=\"id\">\r\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"Submit\">\r\n\t\t\t</p>";
if ($vulnerabilityFile == 'high.php') {
$page['body'] .= "\t\t\t" . tokenField();
}
$page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n\t</div>\r\n\r\n\t<h2>More Information</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.securiteam.com/securityreviews/5DP0N1P76E.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/SQL_injection') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/SQL_Injection') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://bobby-tables.com/') . "</li>\r\n\t</ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);
/**
* [userSave - callback for generating limesurvey tokens and survey meta info when a user is created]
* @param [int] $user_id [the user id of the created user]
* @return [type]
*/
function userSave($user_id)
{
$user = UserModel::findByID($user_id);
error_log('>>> got this far 1');
if ($user) {
$relevant_roles = LimesurveyModel::relevantUserRoles();
if (!in_array($user->roles[0], $relevant_roles)) {
return;
}
error_log('>>> got this far 2');
if (!array_key_exists('acf', $_POST)) {
error_log('No acf data posted');
return;
}
// new relations the user is to be associated with
$posted_evaluations = $_POST["acf"]["field_555eec0761d79"];
$new_user_evaluations = !empty($posted_evaluations) ? $posted_evaluations : [];
$raw_old_user_evaluations = UserModel::getRelations($user_id);
$old_user_evaluations = [];
error_log('>>> got this far 3');
// push old user relation ID's to array to easily get stale relation bellow using array_diff
if (!empty($raw_old_user_evaluations)) {
foreach ($raw_old_user_evaluations as $key => $raw_old_relation) {
$old_user_evaluations[] = (string) $raw_old_relation->ID;
}
}
// clean-up stale user surveys
$stale_evaluations = count($new_user_evaluations) ? array_diff($old_user_evaluations, $new_user_evaluations) : $old_user_evaluations;
foreach ($stale_evaluations as $key => $stale_relation) {
$stale_survey_post = SurveyModel::getByUserAndRelation($user_id, $stale_relation);
if ($stale_survey_post) {
$stale_survey_pod = pods('survey', $stale_survey_post['ID']);
// only if no invitation was sent
$invite_was_sent = $stale_survey_pod->field('invitation_send');
$delete_condition = DEBUG ? true : $invite_was_sent !== "1" && $invite_was_sent !== 1;
if ($delete_condition) {
$stale_survey_pod->delete();
}
}
}
error_log('>>> got this far 4');
// generate tokens for new relations if required
foreach ($new_user_evaluations as $nkey => $nur_id) {
error_log('>>> got this far 4a ' . $nur_id);
generateTokens($user, $nur_id);
}
}
}