function dvwaGuestbook() { $query = "SELECT name, comment FROM guestbook"; $result = mysql_query($query); $guestbook = ''; while ($row = mysql_fetch_row($result)) { if (dvwaSecurityLevelGet() == 'high' || dvwaIsCtf() || dvwaIfWork()) { $name = htmlspecialchars($row[0]); $comment = htmlspecialchars($row[1]); } else { $name = $row[0]; $comment = $row[1]; } $guestbook .= "<div id=\"guestbook_comments\">Name: {$name} <br />" . "Message: {$comment} <br /></div>"; } return $guestbook; }
<?php define('DVWA_WEB_PAGE_TO_ROOT', '../../'); require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; dvwaPageStartup(array('authenticated', 'phpids')); $page = dvwaPageNewGrab(); $page['title'] .= $page['title_separator'] . 'Work'; $page['page_id'] = 'work'; if (!dvwaIfWork()) { exit; } dvwaDatabaseConnect(); $user = dvwaCurrentUser(); $html = ''; if (isset($_GET['act']) && $_GET['act'] == 'detail') { $date = $_GET['date']; $author = $_GET['user']; if ($user == "admin") { $sql = "select * from report where date='{$date}' and name='{$author}'"; } else { $sql = "select * from report where name='{$user}' and date='{$date}'"; } #echo $sql; $result = mysql_query($sql); $num = mysql_numrows($result); if ($num > 0) { $date = mysql_result($result, 0, "date"); $name = mysql_result($result, 0, "name"); $report = mysql_result($result, 0, "report"); } /*
switch ($_POST['security']) { case 'low': $securityLevel = 'low'; break; case 'medium': $securityLevel = 'medium'; break; case 'ctf': if (!dvwaIfCtf()) { break; } dvwaCtfSet(); $securityLevel = 'ctf'; break; } if (dvwaIfWork() and !dvwaIfWork()) { $securityLevel = 'high'; } dvwaSecurityLevelSet($securityLevel); dvwaMessagePush("Security level set to {$securityLevel}"); dvwaPageReload(); } if (isset($_GET['phpids']) and xlabisadmin()) { switch ($_GET['phpids']) { case 'on': dvwaPhpIdsEnabledSet(true); dvwaMessagePush("PHPIDS is now enabled"); break; case 'off': dvwaPhpIdsEnabledSet(false); dvwaMessagePush("PHPIDS is now disabled");