HackMe-SQL-Injection-Challenges/loggedin.php at master · zados/HackMe-SQL-Injection-Challenges · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
<?php

session_start();
require "global_func.php";
if ($_SESSION['loggedin'] == 0)
{
    header("Location: login.php");
    exit;
}
$userid = $_SESSION['userid'];
require "header.php";
$h = new headers;
$h->startheaders();
include "mysql.php";
global $c;
$is =
        mysql_query(
                "SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",
                $c) or die(mysql_error());
$ir = mysql_fetch_array($is);
check_level();
$fm = money_formatter($ir['money']);
$cm = money_formatter($ir['crystals'], '');
$lv = date('F j, Y, g:i:s a', $ir['laston']);
$h->userdata($ir, $lv, $fm, $cm);
$h->menuarea();
print
        "<h1>You have logged on, {$ir['username']}!</h1>
<h2>Welcome back, your last visit was: $lv.</h2>";
$q = mysql_query("SELECT * FROM papercontent LIMIT 1", $c);
$content = mysql_result($q, 0, 0);
print "breakthenet Latest News:<br />
$content
";
$h->endpage();