/index.perl
Secret
Created Dec 9, 2017
SECCON予選2017の問題
| #!/usr/bin/perl | |
| use CGI; | |
| my $q = new CGI; | |
| use CGI::Session; | |
| my $s = CGI::Session->new(undef, $q->cookie('CGISESSID')||undef, {Directory=>'/tmp'}); | |
| $s->expire('+1M'); require './.htcrypt.pl'; | |
| my $user = $q->param('user'); | |
| print $q->header(-charset=>'UTF-8', -cookie=> | |
| [ | |
| $q->cookie(-name=>'CGISESSID', -value=>$s->id), | |
| ($q->param('save') eq '1' ? $q->cookie(-name=>'remember', -value=>&encrypt($user), -expires=>'+1M') : undef) | |
| ]), | |
| $q->start_html(-lang=>'ja', -encoding=>'UTF-8', -title=>'SECCON 2017', -bgcolor=>'black'); | |
| $user = &decrypt($q->cookie('remember')) if($user eq '' && $q->cookie('remember') ne ''); | |
| my $errmsg = ''; | |
| if($q->param('login') ne '') { | |
| use DBI; | |
| my $dbh = DBI->connect('dbi:SQLite:dbname=./.htDB'); | |
| my $sth = $dbh->prepare("SELECT password FROM users WHERE username='".$q->param('user')."';"); | |
| $errmsg = '<h2 style="color:red">Login Error!</h2>'; | |
| eval { | |
| $sth->execute(); | |
| if(my @row = $sth->fetchrow_array) { | |
| if($row[0] ne '' && $q->param('pass') ne '' && $row[0] eq &encrypt($q->param('pass'))) { | |
| $s->param('autheduser', $q->param('user')); | |
| print "<scr"."ipt>document.location='./menu.cgi';</script>"; | |
| $errmsg = ''; | |
| } | |
| } | |
| }; | |
| if($@) { | |
| $errmsg = '<h2 style="color:red">Database Error!</h2>'; | |
| } | |
| $dbh->disconnect(); | |
| } | |
| $user = $q->escapeHTML($user); | |
| print <<"EOM"; | |
| <!-- The Kusomon by KeigoYAMAZAKI, 2017 --> | |
| <div style="background:#000 url(./bg-header.jpg) 50% 50% no-repeat;position:fixed;width:100%;height:300px;top:0;"> | |
| </div> | |
| <div style="position:relative;top:300px;color:white;text-align:center;"> | |
| <h1>Login</h1> | |
| <form action="?" method="post">$errmsg | |
| <table border="0" align="center" style="background:white;color:black;padding:50px;border:1px solid darkgray;"> | |
| <tr><td>Username:</td><td><input type="text" name="user" value="$user"></td></tr> | |
| <tr><td>Password:</td><td><input type="password" name="pass" value=""></td></tr> | |
| <tr><td colspan="2"><input type="checkbox" name="save" value="1">Remember Me</td></tr> | |
| <tr><td colspan="2" align="right"><input type="submit" name="login" value="Login"></td></tr> | |
| </table> | |
| </form> | |
| </div> | |
| </body> | |
| </html> | |
| EOM | |
| 1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment