function dvwaClearIdsLog() { if (isset($_GET['clear_log'])) { $fp = fopen(DVWA_WEB_PAGE_TO_PHPIDS_LOG, w); fclose($fp); dvwaMessagePush("PHPIDS log cleared"); dvwaPageReload(); } }
$baseUrl = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']; $stripPos = strpos($baseUrl, 'dvwa/setup.php'); $baseUrl = substr($baseUrl, 0, $stripPos) . 'dvwa/hackable/users/'; $insert = "INSERT INTO users VALUES\n\t('1','admin','admin','admin',MD5('password'),'{$baseUrl}admin.jpg'),\n\t('2','Gordon','Brown','gordonb',MD5('abc123'),'{$baseUrl}gordonb.jpg'),\n\t('3','Hack','Me','1337',MD5('charley'),'{$baseUrl}1337.jpg'),\n\t('4','Pablo','Picasso','pablo',MD5('letmein'),'{$baseUrl}pablo.jpg'),\n\t('5','bob','smith','smithy',MD5('password'),'{$baseUrl}smithy.jpg');"; if (!pg_query($insert)) { dvwaMessagePush("Data could not be inserted into 'users' table<br />SQL: " . pg_last_error()); dvwaPageReload(); } dvwaMessagePush("Data inserted into 'users' table."); // Create guestbook table $drop_table = "DROP table IF EXISTS guestbook;"; if (!@pg_query($drop_table)) { dvwaMessagePush("Could not drop existing users table<br />SQL: " . pg_last_error()); dvwaPageReload(); } $create_tb_guestbook = "CREATE TABLE guestbook (comment text, name text, comment_id SERIAL PRIMARY KEY);"; if (!pg_query($create_tb_guestbook)) { dvwaMessagePush("guestbook table could not be created<br />SQL: " . pg_last_error()); dvwaPageReload(); } dvwaMessagePush("'guestbook' table was created."); // Insert data into 'guestbook' $insert = "INSERT INTO guestbook (comment, name) VALUES('This is a test comment.','admin')"; if (!pg_query($insert)) { dvwaMessagePush("Data could not be inserted into 'guestbook' table<br />SQL: " . pg_last_error()); dvwaPageReload(); } dvwaMessagePush("Data inserted into 'guestbook' table."); dvwaMessagePush("Setup successful!"); dvwaPageReload(); pg_close($dbconn);
function dvwaDatabaseConnect() { global $_DVWA; global $DBMS; //global $DBMS_connError; global $db; if ($DBMS == 'MySQL') { if (!@mysql_connect($_DVWA['db_server'], $_DVWA['db_user'], $_DVWA['db_password']) || !@mysql_select_db($_DVWA['db_database'])) { //die( $DBMS_connError ); dvwaLogout(); dvwaMessagePush('Unable to connect to the database.<br />' . $DBMS_errorFunc); dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php'); } // MySQL PDO Prepared Statements (for impossible levels) $db = new PDO('mysql:host=' . $_DVWA['db_server'] . ';dbname=' . $_DVWA['db_database'] . ';charset=utf8', $_DVWA['db_user'], $_DVWA['db_password']); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); } elseif ($DBMS == 'PGSQL') { //$dbconn = pg_connect("host={$_DVWA[ 'db_server' ]} dbname={$_DVWA[ 'db_database' ]} user={$_DVWA[ 'db_user' ]} password={$_DVWA[ 'db_password' ])}" //or die( $DBMS_connError ); dvwaMessagePush('PostgreSQL is not yet fully supported.'); dvwaPageReload(); } else { die("Unknown {$DBMS} selected."); } }