From 7828f82f240383151cbfc9fac0ec1f67b772336f Mon Sep 17 00:00:00 2001
From: chonk <jakob.matzkowski@gmx.de>
Date: Wed, 22 Jan 2020 00:57:33 +0100
Subject: [PATCH] added testme.php for pentesting

---
 content/testme.php | 67 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 content/testme.php
diff --git a/content/testme.php b/content/testme.php
new file mode 100644
index 0000000..b89a421
--- /dev/null
+++ b/content/testme.php
@@ -0,0 +1,67 @@
+<?php
+  $permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ&/()[]$:?_';
+
+  function generate_salt($input, $strength = 5) {
+    $input_length = strlen($input);
+    $random_string = '';
+    for($i = 0; $i < $strength; $i++) {
+      $random_character = $input[random_int(0, $input_length - 1)];
+      $random_string .= $random_character;
+    }
+    return $random_string;
+  }
+
+  $random_salt = generate_salt($permitted_chars);
+  $password_hash_method = "sha256";
+
+  $pdo = new PDO('mysql:host=localhost;dbname=web', 'webstuff', 'Schei// auf Pa$$w0rter!');
+  $query = "SELECT id, name, authentication_algorithm FROM users;";
+
+  if (isset($_GET['action'])) {
+    if ($_GET['action']=='add') {
+      $error = false;
+      $error_message = "";
+      if ($_POST['name']=='' || $_POST['password']=='' || $_POST['password_confirmation']=='') {
+        $error = true;
+        $error_message = "<p>Error: Not all values populated.</p>";
+      }
+      if ($_POST['password'] != $_POST['password_confirmation']) {
+        $error = true;
+        $error_message = "<p>Error: Password confirmation does not match password.</p>";
+      }
+      if (!$error) {
+        $statement = $pdo->prepare('INSERT INTO users (name, authentication_string, authentication_salt, authentication_algorithm) VALUES (:name, :authentication_string, :authentication_salt, :authentication_algorithm)');
+        $result = $statement->execute(array('name' => $_POST['name'], 'authentication_string' => hash($password_hash_method, $_POST['password'] . $random_salt), 'authentication_salt' => $random_salt, 'authentication_algorithm' => $password_hash_method));
+        if (!$result) {
+          $error_message = "<p>Error: SQL error.</p><pre>" . $statement->queryString . "</pre><pre>" . $statement->errorInfo()[2] . "</pre>";
+        }
+      }
+    }
+  }
+?>
+<!DOCTYPE html>
+<html>
+  <head>
+    <title> LostCave Admin Page </title>
+    <meta charset="utf-8" />
+  </head>
+  <body>
+    <h1> Users </h1>
+    <table>
+      <tr><td>User ID</td><td>Name</td><td>Authentication algorithm</td></tr>
+      <?php
+        foreach ($pdo->query($query) as $row) {
+          echo "<tr><td>".$row['id']."</td><td>".$row['name']."</td><td>".$row['authentication_algorithm']."</td></tr>";
+        }
+      ?>
+    </table>
+    <h1> Add user </h1>
+    <form action="?action=add" method="post">
+      <input type="text" maxlength="20" name="name" placeholder="Username" />
+      <input type="password" maxlength="256" name="password" placeholder="Password" />
+      <input type="password" maxlength="256" name="password_confirmation" placeholder="Repeat password" />
+      <input type="submit" value="Add" />
+      <?php echo $error_message; ?>
+    </form>
+  </body>
+</html>

User ID	Name	Authentication algorithm
".$row['id']."	".$row['name']."	".$row['authentication_algorithm']."