All materials
index.php
phpindex.php
<?php
require_once '../includes/db.php';
require_once '../includes/config.php';
session_start();
// Handle login
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$username = $_POST['username'];
$password = $_POST['password'];
// VULNERABLE: weak credentials (admin/admin) and no rate limiting
// Also vulnerable to SQL injection via login form
$result = query_db("SELECT * FROM users WHERE username = '$username' AND password_hash = '" . md5($password) . "' AND role = 'admin'");
if ($result && $result->num_rows > 0) {
$_SESSION['admin'] = true;
$_SESSION['username'] = $username;
}
}
if (isset($_SESSION['admin']) && $_SESSION['admin'] === true):
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Panel - <?php echo $site_name; ?></title>
<style>
body { font-family: Arial, sans-serif; margin: 0; padding: 0; background: #f5f5f5; }
header { background: #333; color: white; padding: 15px 20px; }
.content { max-width: 800px; margin: 20px auto; padding: 20px; background: white; border: 1px solid #ddd; }
table { width: 100%; border-collapse: collapse; }
th, td { padding: 10px; text-align: left; border-bottom: 1px solid #ddd; }
th { background: #f0f0f0; }
</style>
</head>
<body>
<header>
<h1>Gintaro Kelias Admin</h1>
<span>Logged in as: <?php echo $_SESSION['username']; ?></span>
</header>
<div class="content">
<h2>Customer Accounts</h2>
<?php
$users = query_db("SELECT id, username, email, role FROM users");
?>
<table>
<tr><th>ID</th><th>Username</th><th>Email</th><th>Role</th></tr>
<?php while ($user = $users->fetch_assoc()): ?>
<tr>
<td><?php echo $user['id']; ?></td>
<td><?php echo $user['username']; ?></td>
<td><?php echo $user['email']; ?></td>
<td><?php echo $user['role']; ?></td>
</tr>
<?php endwhile; ?>
</table>
<h2>Recent Orders</h2>
<?php
$orders = query_db("SELECT o.id, u.username, o.total, o.status, o.created_at FROM orders o JOIN users u ON o.user_id = u.id ORDER BY o.created_at DESC LIMIT 10");
?>
<table>
<tr><th>Order ID</th><th>Customer</th><th>Total</th><th>Status</th><th>Date</th></tr>
<?php while ($order = $orders->fetch_assoc()): ?>
<tr>
<td><?php echo $order['id']; ?></td>
<td><?php echo $order['username']; ?></td>
<td>€<?php echo number_format($order['total'], 2); ?></td>
<td><?php echo $order['status']; ?></td>
<td><?php echo $order['created_at']; ?></td>
</tr>
<?php endwhile; ?>
</table>
</div>
</body>
</html>
<?php else: ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Admin Login - <?php echo $site_name; ?></title>
<style>
body { font-family: Arial, sans-serif; background: #f5f5f5; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; }
.login-box { background: white; padding: 30px; border: 1px solid #ddd; width: 300px; }
.login-box h2 { text-align: center; color: #333; }
.login-box input { width: 100%; padding: 10px; margin: 8px 0; box-sizing: border-box; border: 1px solid #ccc; }
.login-box button { width: 100%; padding: 10px; background: #8b6914; color: white; border: none; cursor: pointer; margin-top: 10px; }
</style>
</head>
<body>
<div class="login-box">
<h2>Gintaro Kelias Admin</h2>
<form method="POST">
<input type="text" name="username" placeholder="Username" required>
<input type="password" name="password" placeholder="Password" required>
<button type="submit">Login</button>
</form>
</div>
</body>
</html>
<?php endif; ?>