Submitted by GreenGrasshopper420 in programming

Hello everybody, I want to make a link-collection for the dark web. It's nearly finish, but it has some things that doesn't work... First it doesn't read the links from the database. The date shows without any problem, but the links somehow doesn't show.

Here is the code from the html file from the links:

<div class="links">
                <form method="post">
                    <select name="category">
                        <?php
                        $category = selectCategory();
                        foreach($category as $c){
                            echo '<option>'.$c["category"].'</option>';
                        }
                        ?>
                    </select>
                    <input type="submit" name="select" value="Select Category">
                </form>
                <?php
                if(isset($_POST["select"])){
                    $categoryl = $_POST["category"];
                    $links = selectLinks($categoryl);
                ?>
                <?php
                    echo '<h3>'.$categoryl.'</h3>';
                ?>
                <table>
                    <colgroup>
                        <col width="400">
                        <col width="150">
                    </colgroup>
                    <tr>
                        <th align="left">Name</th>
                        <th align="left">Last Check</th>
                    </tr>
                    <?php
                    foreach($links as $l){
                    ?>
                    <tr>
                        <td>
                            <?php
                        echo '<option><a href="'.$l["address"].'">'.$l["name"].'</a></option>';
                            ?>
                        </td>
                        <?php
                        if($l["status"] == 'green'){
                        ?>
                        <td class="green">
                            <?php
                            echo '<option>'.$l["date"].'</option>';
                            ?>
                        </td>
                        <?php
                        } else if($l["status"] == 'orange'){
                        ?>
                        <td class="orange">
                            <?php
                            echo '<option>'.$l["date"].'</option>';
                            ?>
                        </td>
                        <?php
                        } else if($l["status"] == 'red'){
                        ?>
                        <td class="red">
                            <?php
                            echo '<option>'.$l["date"].'</option>';
                            ?>
                        </td>
                        <?php
                        }
                        ?>
                    </tr>
                    <?php
                    }
                    ?>
                </table>
                <div class="legend">
                    <table>
                        <td id="green">Site is ok</td>
                        <td> | </td>
                        <td id="orange">Network-Timeout</td>
                        <td> | </td>
                        <td id="red">Shut down or not reachable</td>
                    </table>
                    <br>
                </div>
                <?php
                }
                ?>
            </div>

And here is the code from the database file:

function selectLinks($categoryl){
        $conn = openDBConnection();
        $sql = "SELECT address, name, date, status FROM link WHERE category = '$categoryl'";
        $result = mysqli_query($conn, $sql);
        $link = array();
        while ($row = $result->fetch_assoc()) {
            array_push($link, $row);
        }
        $result->free();
        dbConnectionClose($conn);
        return $link;
    }

The second problem is with the login page. Somehow the if funktion won't work, it always goes to the else, but I have checked and the input from the database should be the same as the input from the form...

Here is the code of the html file for the login:

<div class="from">
                <form action="" method="post">
                    <input type="text" name="name" placeholder="Name" required>
                    <input type="password" name="pw" placeholder="Password" required>
                    <input type="password" name="pin" placeholder="PIN" required>
                    <input type="submit" name="login" value="Login">
                </form>
                <?php
                if(isset($_POST["login"])){
                    $name = $_POST["name"];
                    $pw = $_POST["pw"];
                    $pin = $_POST["pin"];
                    $hashname = hash('sha256', $name);
                    $hashpw = hash('sha256', $pw);
                    $hashpin = hash('sha256', $pin);

                    $nameadminarr = getName();
                    $pwadminarr = getPassword();
                    $pinadminarr = getPin();
                    
                    $nameadmin = $nameadminarr["adminname"];
                    $pwadmin = $pwadminarr["password"];
                    $pinadmin = $pinadminarr["pin"];
                    
                    if($hashname == $nameadmin && $hashpw == $pwadmin && $hashpin == $pinadmin){
                        header('location: adminpanel.php');
                        exit();
                    } else {
                        header('location: index.php');FUNKTIONIERT
                        exit();
                    }
                }
                ?>
            </div>

And here is the code of the database file:

function getName(){
        $conn = openDBConnection();
        $sql = 'SELECT adminname FROM admin';
        $data = mysqli_query($conn, $sql);
        $adminname = mysqli_fetch_assoc($data);
        dbConnectionClose($conn);
        return $adminname;
    }

    function getPassword(){
        $conn = openDBConnection();
        $sql = 'SELECT password FROM admin';
        $data = mysqli_query($conn, $sql);
        $password = mysqli_fetch_assoc($data);
        dbConnectionClose($conn);
        return $password;
    }

    function getPin(){
        $conn = openDBConnection();
        $sql = 'SELECT pin FROM admin';
        $data = mysqli_query($conn, $sql);
        $pin = mysqli_fetch_assoc($data);
        dbConnectionClose($conn);
        return $pin;
    }

If someone could help me, that would be very nice :)

Thanks in advice,
GreenGrasshopper420

3

Comments

You must log in or register to comment.

emma wrote (edited )

  1. You can't have <a> elements inside an <option>.
  2. Your code is vulnerable to SQL injection.
  3. Your code is vulnerable to XSS.
  4. Your code is vulnerable to authentication bypass via type juggling.
  5. Your code is vulnerable to credential snooping via timing attacks.
6