Skip to content

Instantly share code, notes, and snippets.

@AndyNovo

AndyNovo/chat.html

Last active April 28, 2016 16:45
Show Gist options
  • Save AndyNovo/ab7223184e321518b55554a14bf99dbe to your computer and use it in GitHub Desktop.
Save AndyNovo/ab7223184e321518b55554a14bf99dbe to your computer and use it in GitHub Desktop.
Download ZIP
Raw
chat.html
<!doctype html>
<html>
<head>
<title>Welcome to the chat</title>
</head>
<body>
<p>Chat screen for MYUSERNAME <span class="lang">LANGUAGEHERE</span></p>
<hr>
<table border="1">
<col style="width:10%">
<col style="width:90%">
<tr><th>Username</th><th>Message</th></tr>
MESSAGESHERE
</table>
<hr>
<form action="index.php" method="post">
<input type="hidden" name="csrftoken" value="THETOKENGOESHERE"/>
<input type="text" name="message" placeholder="chat here"></input>
<button type="submit">Send</button>
</form>
<hr>
<form action="index.php" method="post">
<input type="hidden" name="logout" value="true"/>
<button type="submit">Logout</button>
</form>
</body>
</html>
Raw
cookieInject.php
<?php
session_start();
function sanitize_html_string($string)
{
$pattern[0] = '/\&/';
$pattern[1] = '/</';
$pattern[2] = "/>/";
$pattern[3] = '/\n/';
$pattern[4] = '/"/';
$pattern[5] = "/'/";
$pattern[6] = "/%/";
$pattern[7] = '/\(/';
$pattern[8] = '/\)/';
$pattern[9] = '/\+/';
$pattern[10] = '/-/';
$replacement[0] = '&amp;';
$replacement[1] = '&lt;';
$replacement[2] = '&gt;';
$replacement[3] = '<br>';
$replacement[4] = '&quot;';
$replacement[5] = '&#39;';
$replacement[6] = '&#37;';
$replacement[7] = '&#40;';
$replacement[8] = '&#41;';
$replacement[9] = '&#43;';
$replacement[10] = '&#45;';
return preg_replace($pattern, $replacement, $string);
}
function add_message($message){
$dbhandle = new PDO("sqlite:chat.db") or die("Failed to open DB");
if (!$dbhandle) die ($error);
$statement = $dbhandle->prepare("insert into messages ('username','message') values (:username,:message)");
$statement->bindParam(":username", $_SESSION["username"]);
$statement->bindParam(":message", $message);
$statement->execute();
};
function render_chat(){
$dbhandle = new PDO("sqlite:chat.db") or die("Failed to open DB");
if (!$dbhandle) die ($error);
$statement = $dbhandle->prepare("select username, message from messages order by id DESC limit 0, 100");
$statement->execute();
$messages = $statement->fetchAll(PDO::FETCH_ASSOC);
$template = file_get_contents("chat.html");
$message_template = file_get_contents("message.html");
$message_rows = "";
foreach($messages as $message){
$message_rows .= str_replace("USERNAME", sanitize_html_string($message["username"]),
str_replace("MESSAGEHERE", sanitize_html_string($message["message"]), $message_template));
}
echo str_replace("MESSAGESHERE", $message_rows,
str_replace("MYUSERNAME",sanitize_html_string($_SESSION["username"]), str_replace("LANGUAGEHERE", ($_COOKIE['language']!='' ? $_COOKIE['language'] : 'English'), $template)));
};
function render_login($message = ""){
$template = file_get_contents("login.html");
echo str_replace("MESSAGEHERE", sanitize_html_string($message),
str_replace("LANGUAGEHERE", ($_COOKIE['language']!='' ? $_COOKIE['language'] : 'English'),$template));
};
function login($username, $pwd){
$dbhandle = new PDO("sqlite:chat.db") or die("Failed to open DB");
if (!$dbhandle) die ($error);
$statement = $dbhandle->prepare("Select * from users where username=:username and password=:password");
$statement->bindParam(":username", $username);
$statement->bindParam(":password", $pwd);
$statement->execute();
$results = $statement->fetch(PDO::FETCH_ASSOC);
if (isset($results["username"])){
$_SESSION["username"] = $results["username"];
$_SESSION["logged_in"] = "1";
render_chat();
} else {
render_login("Failed authentication");
}
};
function logout(){
session_start();
unset($_SESSION["username"]);
unset($_SESSION["logged_in"]);
};
function register($username, $pwd){
$dbhandle = new PDO("sqlite:chat.db") or die("Failed to open DB");
if (!$dbhandle) die ($error);
$statement = $dbhandle->prepare("insert into users values (:username,:password)");
$statement->bindParam(":username", $username);
$statement->bindParam(":password", $pwd);
$statement->execute();
$_SESSION["username"] = $username;
$_SESSION["logged_in"] = "1";
};
if (isset($_REQUEST["language"])){
header("Set-Cookie: language=".$_REQUEST["language"].";");
}
if (isset($_SESSION["logged_in"])){
if ($_SESSION["logged_in"] == "1"){
if (isset($_REQUEST["logout"])){
logout();
render_login();
} else if (isset($_REQUEST["message"])){
add_message($_REQUEST["message"]);
render_chat();
} else {
render_chat();
}
}
} else {
if (isset($_REQUEST["login"])){
login($_REQUEST["username"], $_REQUEST["password"]);
} else if (isset($_REQUEST["register"])) {
register($_REQUEST["username"], $_REQUEST["password"]);
render_chat();
} else {
render_login();
}
}
?>
Raw
login.html
<!doctype html>
<html>
<head>
<title>Login Please</title>
</head>
<body>
<p>Welcome to the insecure and unpleasant chat app. <span class="lang">LANGUAGEHERE</span></p>
MESSAGEHERE
<hr>
<form method="post">
<input type="text" name="username" placeholder="username, e.g. admin"></input>
<input type="password" name="password" placeholder="password"></input>
<input type="hidden" name="login" value="login">
<button type="submit">Login</button>
</form>
<hr>
<form action="index.php" method="post">
<input type="text" name="username" placeholder="username, e.g. admin"></input>
<input type="password" name="password" placeholder="password"></input>
<input type="hidden" name="register" value="register">
<button type="submit">or Register</button>
</form>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment