<?php

#"Users" table only has 1 record
#the flag is the password of "admin" user! (lowercase hex)
$servername = "localhost";
$username = "challenge";
$password = "password";
$dbname = "challenge1";


if (!isset($_GET["username"])|| !isset($_GET["password"])){highlight_file(__FILE__);die();}


try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$username=$_GET['username'];
$password=str_replace('\'','',$_GET['password']);
if (is_string($password)===false) die();
if (strlen($password) !== 32 || !(ctype_xdigit($password)))die("password must be 32 bytes hex");

###checks###
if ($username!=="admin"){
if (strpos($username, '0x')!==false or strpos($username, '0b')!==false) die("what are you doing there??");
$tmp=str_replace("SELECT","",str_replace("FROM","",str_replace("Users","",$username)));
if(preg_match("/[a-z][a-z]/i", $tmp))die("What are you doing there??");
}
###end checks###


$stmt = $conn->query("SELECT * FROM Users WHERE password='$password' and username='$username' limit 1");
$user = $stmt->fetch();
if ($user['username']==='admin')die("Correct!");
else {die("nope");}

}

catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }
$conn = null;
?>