I want to understand php code?

B

BotaniQ_Q2018-01-26 20:37:57

PHP

BotaniQ_Q, 2018-01-26 20:37:57

<?php
require 'flag.php';

if (isset ($_GET['password'])) {
  if (ereg ("^[a-zA-Z0-9]+$", $_GET['password']) === FALSE)
    echo '<p class="alert">You password must be alphanumeric</p>';
  else if (strpos ($_GET['password'], '--') !== FALSE)
    die('Flag: ' . $flag);
  else
    echo '<p class="alert">РќРµРІРµСЂРЅС‹Р№ РїР°СЂРѕР»СЊ</p>';
}
?>

In general, it is clear that a password check is taking place
. This is a task from a hackerdom, you need to enter a password on the training.hackerdom.ru/tasks/open/122/ website, I don’t know php and I have difficulty in solving this problem, what do these lines mean:

require 'flag.php';
die('Flag: ' . $flag);

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrey Burov, 2018-01-26
@BuriK666

password

"something\n--"
ergeg('^[a-zA-Z0-9]+$') проверит только первую строку (до \n) переменной $_GET['password'],
а strpos ($_GET['password'], '--') ищет во всей строке.