Introduced support for piggybacked queries

Author: lorezvn

docker-compose.yml

@@ -2,13 +2,15 @@ version: '3.8'
 services:
   web:
     build: .
+    container_name: sqli-example-web
     ports:
       - "8080:80"
     depends_on:
       - db
 
   db:
     image: mysql:5.7
+    container_name: sqli-example-db
     environment:
       MYSQL_ROOT_PASSWORD: rootpassword
       MYSQL_DATABASE: sqli_db

src/home.php

@@ -25,10 +25,12 @@
     <link rel="stylesheet" href="assets/styles.css">
 </head>
 <body>
-    <div class="container mt-5">
-        <h1 class="text-center">Welcome!</h1>
-        <div class="text-center mt-4">
-            <p>You have successfully logged in</p>
+    <div class="login-container">
+        <div class="login-box">
+            <h1 class="text-center">Welcome, <?php echo $username?>!</h1>
+            <div class="text-center mt-4">
+                <p>You have successfully logged in</p>
+            </div>
         </div>
     </div>
 

src/index.php

@@ -30,11 +30,11 @@
                 <?php endif ?>
                 <div class="form-group mb-3">
                     <label for="username">Username</label>
-                    <input type="text" class="form-control" name="username" placeholder="Enter username" required>
+                    <input type="text" class="form-control" name="username" placeholder="Enter username" autocomplete="off">
                 </div>
                 <div class="form-group mb-3">
                     <label for="password">Password</label>
-                    <input type="password" class="form-control" name="password" placeholder="Enter password" required>
+                    <input type="password" class="form-control" name="password" placeholder="Enter password" autocomplete="off">
                 </div>
                 <div class="d-grid mt-3">
                     <button type="submit" class="btn btn-primary btn-block">Login</button>

src/login.php

@@ -20,24 +20,30 @@
         $user = $_POST['username'];
         $pass = $_POST['password'];
 
-        // Verifica che i campi non siano vuoti
-        if (empty($user) || empty($pass)) {
-            $_SESSION['error'] = "Username and password cannot be empty.";
-            header("Location: index.php");
-            exit();
-        }
-
         // Query SQL vulnerabile a SQL Injection
         $sql = "SELECT * FROM users WHERE username = '$user' AND password = '$pass'";
-        $result = $conn->query($sql);
 
-        if ($result->num_rows > 0) {
-            $_SESSION['success'] = "Login successful!";
-            header("Location: home.php");
+        // multi_query per supportare query multiple (piggybacked queries)
+        if ($conn->multi_query($sql)) {
+            do {
+                // Store first result set
+                if ($result = $conn->store_result()) {
+                    if ($result->num_rows > 0) {
+                        $_SESSION['success'] = "Login successful!";
+                        $_SESSION['username'] = $user;
+                        header("Location: home.php");
+                    } else {
+                        $_SESSION['error'] = "Invalid username or password.";
+                        header("Location: index.php");
+                    }
+                    $result->free();
+                }
+                // Prepare for the next result set
+            } while ($conn->next_result());
         } else {
-            $_SESSION['error'] = "Invalid username or password.";
             header("Location: index.php");
         }
+    
 
         $conn->close();
         exit();