PHP code
<head><meta charset="utf-8" /></head>
<?php
include "sql_and_php_debug_with_anticheat.php";
mysql_connect("localhost", "level32", "zkDI/jp8WTtxadc2q64UbQ==");
mysql_select_db("level32");
?>
<h1>Guestbook</h1>
Next level: query is INSERT now, and flag is split in parts:<p/>
<code>TABLE `flag`</code><br/>
<table border=1 frame="void" cellpadding=2 cellspacing=0><tr><th>part</th><th>flag</th></tr><tr><td>1</td><td>2e1</td></tr><tr><td>2</td><td>bf4b</td></tr><tr><td colspan=2>...</td></tr></table>
<h2>Leave a message in our guestbook:</h2>
<form method="POST" action="?" id="form">
<table border=0>
<tr><td align="right">Your name:</td><td align="left"><input type="text" name="name" id="name" size=60 value="<?php echo isset($_POST['name']) ? htmlspecialchars($_POST['name']) : ""; ?>" /></td></tr>
<tr><td align="right">Email:</td><td align="left"><input type="text" name="email" id="email" size=60 value="<?php echo isset($_POST['email']) ? htmlspecialchars($_POST['email']) : ""; ?>" /></td></tr>
<tr><td align="right" valign="top">Message:</td><td align="left"><textarea name="message" id="message" rows=5 cols=40><?php echo isset($_POST['message']) ? htmlspecialchars($_POST['message']) : ""; ?></textarea></td></tr>
<tr><td></td><td align="left"><input type="submit" value="Post message »" /></td></tr>
</table>
<input type="hidden" name="sig_name" id="sig_name" />
<input type="hidden" name="sig_email" id="sig_email" />
<input type="hidden" name="sig_message" id="sig_message" />
</form>
<?php
if (isset($_POST['message'])) {
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$ip = $_SERVER['REMOTE_ADDR'];
if (strpos($name, "'") !== false) {
echo "<b style='color: #c00000'>Hacking attempt! Name contains '</b><p/>";
} elseif (strpos($message, "'") !== false) {
echo "<b style='color: #c00000'>Hacking attempt! Message contains '</b><p/>";
} elseif (strpos($email, "@") === false && strpos($email, ".") === false) {
echo "<b style='color: #c00000'>Hacking attempt! Email does not contain . or @</b><p/>";
} else {
$res = debug_mysql_query("INSERT INTO messages (id, time, ip, name, email, message) VALUES ('0', NOW(), '" . $ip . "', '" . $name . "', '" . $email . "', '" . $message . "')");
}
}
if (isset($_GET['clear'])) {
debug_mysql_query("TRUNCATE messages");
}
?>
<b><a href="?clear&sig_clear">[×] Delete all guestbook messages »</a></b> (remember that everyone sees same page as you)
<?php
$res = debug_mysql_query("SELECT * FROM messages ORDER BY time DESC LIMIT 5");
while ($row = mysql_fetch_assoc($res)) {
echo "<h2>$row[time]</h2>From <b>" . htmlspecialchars($row['name']) . "</b> (IP " . htmlspecialchars($row['ip']) . ", email " . htmlspecialchars($row['email']) . "):<p/><code>" . nl2br(htmlspecialchars($row['message'])) . "</code><br/><br/>";
}