Username: 
Password: 
Restrict session to IP 
Questions  |  score: 4  |  4.39 6.08 5.43 |  Solved By 610 People  |  118045 views  |  since Sep 23, 2011 - 22:52:21

Training: RegexMini (Training, Regex)

Regex Mini
We are trying hard to make a secure site.
So far, we got a secure definition of a username.
Unless you prove otherwise.

Again you are given the source, also as highlighted version.

©Softworx(tm) 2011
GeSHi`ed PHP code for regex2/index.php
1
2
3
4
56
7
8
9
1011
12
13
14
1516
17
18
19
2021
22
23
24
2526
27
28
29
3031
32
33
34
3536
37
38
39
4041
42
43
44
4546
47
48
49
5051
52
53
54
5556
57
58
59
6061
62
63
64
6566
67
68
69
7071
72
73
74
7576
77
78
79
8081
82
83
84
8586
87
88
89
9091
92
93
94
95
<?php
# Show src
if (isset($_GET['show']))
{
        # http://en.wikipedia.org/wiki/Quine_%28computing%29        header('Content-Type: text/plain');
        die(file_get_contents('index.php'));
}
 
# Headerchdir('../../../');
define('GWF_PAGE_TITLE', 'Training: RegexMini');
require_once('challenge/html_head.php');
if (false === ($chall = WC_Challenge::getByTitle(GWF_PAGE_TITLE))) {
        $chall = WC_Challenge::dummyChallenge(GWF_PAGE_TITLE, 2, 'challenge/training/regex2/index.php', false);}
$chall->showHeader();
 
# Info box
echo GWF_Box::box($chall->lang('info', array('index.php?show=source', 'index.php?highlight=christmas')), $chall->lang('title')); 
# Show highlighted src
if (isset($_GET['highlight']))
{
        $source = '[PHP title=regex2/index.php]'.file_get_contents('challenge/training/regex2/index.php').'';        echo GWF_Box::box(GWF_Message::display($source, true, false));
}
 
# Submitted?
if (isset($_POST['submit'])){
        # Check it!
        $error = ludde_is_satisfied($chall);
        
        # Oooops!        if ($error === true)
        {
                $chall->onChallengeSolved(GWF_Session::getUserID());
        }
                # All normal and ok
        elseif ($error === false)
        {
                echo GWF_HTML::message(GWF_PAGE_TITLE, $chall->lang('msg_ok', array($_POST['username'])), false);
        }        
        # Error!
        else
        {
                echo GWF_HTML::error(GWF_PAGE_TITLE, $error, false);        }
}
 
# Check it!
function ludde_is_satisfied(WC_Challenge $chall){
        # Missing POST var?
        if (!isset($_POST['username']))
        {
                return $chall->lang('err_missing_var');        }
        
        # Submitted a string?
        if (!is_string($_POST['username']))
        {                return $chall->lang('err_var_type');
        }
        
        # Valid username?
        if (!preg_match('/^[a-zA-Z]{1,16}$/', $_POST['username']))        {
                return $chall->lang('err_illegal_username', array(1, 16));
        }
        
        # WTF! WTF! WTF!        if (strlen($_POST['username']) > 16)
        {
                return true;
        }
                # Normal, OK and no error :)
        return false; 
}
?>
<div id="EUISM" class="box box_c">        <form id="Every User Input Seems Malicious" action="index.php" method="post">
                <label for="username"><?php echo $chall->lang('username'); ?></label>:&nbsp;<input type="text" name="username" value="" size="16" />
                <input type="submit" name="submit" value="<?php echo $chall->lang('submit'); ?>" />
        </form>
</div><?php
# Copyright + Footer
echo $chall->copyrightFooter();
require_once('challenge/html_foot.php');
?>
© 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 and 2021 by ludde