1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<?php
/*
Sets up the database with the necessary tables. Add ?drop to drop _everything_!
Don't forget to create a individual pepper in ../database/pepper.txt first!
*/
$db = new SQLite3("../database/sqlite.db");
session_start();
$bool = false;
if (version_compare(phpversion(), '5.5', '<')) {
echo "You need at least PHP version 5.5 or higher";
exit;
}
foreach ($_GET as $name => $value) {
if(preg_match("/drop(ped)?/i",$name)){
$bool=true;
}
}
if($bool){
if(isset($_SESSION["login"])){
session_destroy();
}
if($db->exec("
BEGIN TRANSACTION;
DROP TRIGGER delete_files;
PRAGMA writable_schema = 1;
DELETE FROM sqlite_master WHERE type = 'table';
PRAGMA writable_schema = 0;
COMMIT;
VACUUM;")
){
echo "dropped everything";
} else {
echo "error with database";
}
} else {
$cleartext_password="password";
$email="admin@iamfabulous.de";
$pepper = file_get_contents("../database/pepper.txt");
if(!$pepper){
echo "There is no pepper in '../database/pepper.txt'! <br> Please generate one manually and run this script again.";
exit;
}
$password = $cleartext_password . $pepper;
$hash_password = password_hash($password, PASSWORD_DEFAULT);
if($db->exec("
BEGIN TRANSACTION;
CREATE TABLE IF NOT EXISTS user (id INTEGER PRIMARY KEY, name TEXT UNIQUE, password TEXT, email TEXT UNIQUE, status INTEGER, register INTEGER);
INSERT INTO user (id, name, status, password, email, register) VALUES (NULL, 'admin', 0, '" . $hash_password . "', '" . $email . "', (SELECT strftime('%s', 'now')));
CREATE TABLE IF NOT EXISTS log (id INTEGER PRIMARY KEY, user INTEGER, login INTEGER, FOREIGN KEY(user) REFERENCES user(id));
CREATE TABLE IF NOT EXISTS banned_user (id INTEGER PRIMARY KEY, login_attempts INTEGER, ip TEXT, session_id TEXT, time INTEGER, user INTEGER);
CREATE TABLE IF NOT EXISTS jg(id INTEGER PRIMARY KEY, name TEXT, adresse TEXT, telefonnummer INTEGER, handynummer INTEGER, email TEXT, geburtstag TEXT);
CREATE TRIGGER IF NOT EXISTS delete_files AFTER DELETE ON user FOR EACH ROW BEGIN DELETE FROM files WHERE owner=OLD.id; END;
COMMIT;")
) {
$_SESSION["login"] = true;
$_SESSION["username"] = "admin";
$_SESSION["userid"] = 1;
include("include.php");
header("Refresh: 2; ".$scheme.$_SERVER["HTTP_HOST"]."/");
echo "Success! You will redirected any moment.";
} else {
echo "Failure! :( <br>";
echo "Your password: ".$hash_password;
}
}
// INSERT INT0 user (id, name, salt, password, status, invites, email, senpai, key) VALUES (NULL, 'admin', '$salt', '$hash_password', 1, 5, 'admin@iamfabulous.de', 0, '11111');
|
