function dvwaClearIdsLog()
{
if (isset($_GET['clear_log'])) {
$fp = fopen(DVWA_WEB_PAGE_TO_PHPIDS_LOG, w);
fclose($fp);
dvwaMessagePush("PHPIDS log cleared");
dvwaPageReload();
}
}
$baseUrl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
$stripPos = strpos($baseUrl, 'dvwa/setup.php');
$baseUrl = substr($baseUrl, 0, $stripPos) . 'dvwa/hackable/users/';
$insert = "INSERT INTO users VALUES\n\t('1','admin','admin','admin',MD5('password'),'{$baseUrl}admin.jpg'),\n\t('2','Gordon','Brown','gordonb',MD5('abc123'),'{$baseUrl}gordonb.jpg'),\n\t('3','Hack','Me','1337',MD5('charley'),'{$baseUrl}1337.jpg'),\n\t('4','Pablo','Picasso','pablo',MD5('letmein'),'{$baseUrl}pablo.jpg'),\n\t('5','bob','smith','smithy',MD5('password'),'{$baseUrl}smithy.jpg');";
if (!pg_query($insert)) {
dvwaMessagePush("Data could not be inserted into 'users' table<br />SQL: " . pg_last_error());
dvwaPageReload();
}
dvwaMessagePush("Data inserted into 'users' table.");
// Create guestbook table
$drop_table = "DROP table IF EXISTS guestbook;";
if (!@pg_query($drop_table)) {
dvwaMessagePush("Could not drop existing users table<br />SQL: " . pg_last_error());
dvwaPageReload();
}
$create_tb_guestbook = "CREATE TABLE guestbook (comment text, name text, comment_id SERIAL PRIMARY KEY);";
if (!pg_query($create_tb_guestbook)) {
dvwaMessagePush("guestbook table could not be created<br />SQL: " . pg_last_error());
dvwaPageReload();
}
dvwaMessagePush("'guestbook' table was created.");
// Insert data into 'guestbook'
$insert = "INSERT INTO guestbook (comment, name) VALUES('This is a test comment.','admin')";
if (!pg_query($insert)) {
dvwaMessagePush("Data could not be inserted into 'guestbook' table<br />SQL: " . pg_last_error());
dvwaPageReload();
}
dvwaMessagePush("Data inserted into 'guestbook' table.");
dvwaMessagePush("Setup successful!");
dvwaPageReload();
pg_close($dbconn);
function dvwaDatabaseConnect()
{
global $_DVWA;
global $DBMS;
//global $DBMS_connError;
global $db;
if ($DBMS == 'MySQL') {
if (!@mysql_connect($_DVWA['db_server'], $_DVWA['db_user'], $_DVWA['db_password']) || !@mysql_select_db($_DVWA['db_database'])) {
//die( $DBMS_connError );
dvwaLogout();
dvwaMessagePush('Unable to connect to the database.<br />' . $DBMS_errorFunc);
dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php');
}
// MySQL PDO Prepared Statements (for impossible levels)
$db = new PDO('mysql:host=' . $_DVWA['db_server'] . ';dbname=' . $_DVWA['db_database'] . ';charset=utf8', $_DVWA['db_user'], $_DVWA['db_password']);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
} elseif ($DBMS == 'PGSQL') {
//$dbconn = pg_connect("host={$_DVWA[ 'db_server' ]} dbname={$_DVWA[ 'db_database' ]} user={$_DVWA[ 'db_user' ]} password={$_DVWA[ 'db_password' ])}"
//or die( $DBMS_connError );
dvwaMessagePush('PostgreSQL is not yet fully supported.');
dvwaPageReload();
} else {
die("Unknown {$DBMS} selected.");
}
}
