as - PHP Online
Form of PHP Sandbox
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Enter Your PHP code here for testing/debugging in the Online PHP Sandbox. As in the usual PHP files, you can also add HTML, but do not forget to add the tag <?php
in the places where the PHP script should be executed.
Result of php executing
Full code of as.php
- <?php
- <?php
- include 'get_flag.php';
- class User
- {
- private $userlevel = 0;
- private $username = '';
- function __construct($name, $level)
- {
- $this->username = $name;
- $this->userlevel = $level;
- }
- public function getName()
- {
- return $this->username;
- }
- public function getBadge()
- {
- // Aha you shall not get the flag easily.
- if ($this->userlevel === 999) $str = getFlag();
- else $str = "Noob";
- return $str;
- }
- }
- function sign($str)
- {
- global $secret;
- // This way of producing a signature is actually SUPER secure,
- // because nobody else would know my secret, which is like
- // 32 bytes of random characters. Try guessing that!
- return hash('sha256', $secret . $str);
- }
- function unserialize_safe($str)
- {
- // http://php.net/manual/en/function.unserialize.php warns me
- // not to pass untrusted user input to unserialize, but this
- // is ok because I only unserialize data "signed" by me
- return unserialize($str, ['allowed_classes' => ['User']]);
- }
- if (isset($_COOKIE['users']) && isset($_COOKIE['signature'])) {
- $serialized_users = $_COOKIE['users'];
- $signature = $_COOKIE['signature'];
- // http://php.net/manual/en/function.hash-equals.php
- // Aha! Timing attack safe string comparison! Brute force aint gonna work.
- if (hash_equals(sign($serialized_users), $signature) === FALSE) {
- unset($_COOKIE['users']);
- } else {
- $serialized_users = explode('<x>', $serialized_users);
- $users = array_map('unserialize_safe', $serialized_users);
- }
- }
- if (!isset($_COOKIE['users']) || !isset($_COOKIE['signature'])) {
- $users = [new User("John Doe", 10), new User("Peter Parker", 33), new User("Gabe Newell", 87)];
- // http://php.net/manual/en/function.serialize.php
- // Maybe this will help you understand serialization.
- $serialized_users = implode('<x>', array_map('serialize', $users));
- setcookie('users', $serialized_users);
- setcookie('signature', sign($serialized_users));
- }
- ?>
File Description
- as
- PHP Code
- 20 Feb-2021
- 2.01 Kb
You can Share it:
Latest PHP Pastes