saru2017/http06_login.php

## http06_login.php
<?php

session_start();

$name_post = $_POST["name"];
$pass_post = $_POST["pass"];
$csrf_nonce_post = $_POST["csrf_nonce"];

if(isset($_SESSION["csrf_nonce"]) == false){
  echo("login failed: CSRF is detected.");
  exit(1);
}

$csrf_nonce = $_SESSION["csrf_nonce"];
unset($_SESSION["csrf_nonce"]);

if($csrf_nonce_post !== $csrf_nonce){
  echo("login failed: CSRF nonce is broken.");
  exit(1);
}

$flag = file_get_contents("/home/http06/flag.txt");
$flag = trim($flag);
$pass = file_get_contents("/home/http06/pass.txt");
$pass = trim($pass);

if($name_post === "b3" && $pass_post === $pass){
  echo($flag);
}else{
  echo("login failed: name or/and pass is/are wrong.");
}

?>
	<?php

	session_start();

	$name_post = $_POST["name"];
	$pass_post = $_POST["pass"];
	$csrf_nonce_post = $_POST["csrf_nonce"];

	if(isset($_SESSION["csrf_nonce"]) == false){
	echo("login failed: CSRF is detected.");
	exit(1);
	}

	$csrf_nonce = $_SESSION["csrf_nonce"];
	unset($_SESSION["csrf_nonce"]);

	if($csrf_nonce_post !== $csrf_nonce){
	echo("login failed: CSRF nonce is broken.");
	exit(1);
	}

	$flag = file_get_contents("/home/http06/flag.txt");
	$flag = trim($flag);
	$pass = file_get_contents("/home/http06/pass.txt");
	$pass = trim($pass);

	if($name_post === "b3" && $pass_post === $pass){
	echo($flag);
	}else{
	echo("login failed: name or/and pass is/are wrong.");
	}

	?>