-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathregistration.php
102 lines (94 loc) · 3.57 KB
/
registration.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
// Start Session
session_start();
// Database connection
require __DIR__ . '/config/db_connection.php';
$db = DB();
// Application library ( with DemoLib class )
require __DIR__ . '/library/library.php';
$app = new DemoLib($db);
require_once __DIR__ . '/GoogleAuthenticator/GoogleAuthenticator.php';
$pga = new PHPGangsta_GoogleAuthenticator();
$secret = $pga->createSecret();
$register_error_message = '';
// check Register request
if (!empty($_POST['btnRegister'])) {
if ($_POST['name'] == "") {
$register_error_message = 'Name field is required!';
} else if ($_POST['email'] == "") {
$register_error_message = 'Email field is required!';
} else if ($_POST['username'] == "") {
$register_error_message = 'Username field is required!';
} else if ($_POST['password'] == "") {
$register_error_message = 'Password field is required!';
} else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
$register_error_message = 'Invalid email address!';
} else if ($app->isEmail($_POST['email'])) {
$register_error_message = 'Email is already in use!';
} else if ($app->isUsername($_POST['username'])) {
$register_error_message = 'Username is already in use!';
} else {
$user_id = $app->Register($_POST['name'], $_POST['email'], $_POST['username'], $_POST['password'], $secret);
// set session and redirect user to the profile page
$_SESSION['user_id'] = $user_id;
header("Location: confirm_google_auth.php");
}
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>OTP - MFA/2FA BYPASS : Registration</title>
<!-- Latest compiled and minified CSS -->
<link rel="stylesheet" href="css/bootstrap.min.css">
</head>
<body>
<div class="container">
<div class="row jumbotron">
<div class="col-md-12">
<h2>
<center>MULTI-FACTOR BYPASS SIMULATION</center>
</h2>
<p>
<center>Note: This is a Vulnerable Multi-Factor Application</center>
</p>
</div>
</div>
<div class="row">
<div class="col-md-5 col-md-offset-3 well">
<h4>Register</h4>
<?php
if ($register_error_message != "") {
echo '<div class="alert alert-danger"><strong>Error: </strong> ' . $register_error_message . '</div>';
}
?>
<form action="registration.php" method="post">
<div class="form-group">
<label for="">Name</label>
<input type="text" name="name" class="form-control"/>
</div>
<div class="form-group">
<label for="">Email</label>
<input type="email" name="email" class="form-control"/>
</div>
<div class="form-group">
<label for="">Username</label>
<input type="text" name="username" class="form-control"/>
</div>
<div class="form-group">
<label for="">Password</label>
<input type="password" name="password" class="form-control"/>
</div>
<div class="form-group">
<input type="submit" name="btnRegister" class="btn btn-primary" value="Register"/>
</div>
</form>
<div class="form-group">
Click here to <a href="index.php">Login</a> if you have already registered your account.
</div>
</div>
</div>
</div>
</body>
</html>