Search

Search Among Profile

Submit

Source Code

<!DOCTYPE html>
<?php
// Challenge: Let's leak $secret!

// this defines $users and $secret.
include 'data.php';

// loosen pcre's backtrack limit to allow complex queries for our good customers :-)
ini_set("pcre.backtrack_limit", "1000000000");

$t1 = microtime(TRUE);

// main logic
if (isset($_POST['query'])){
    // search
    $result = array_filter($users, function($v, $k) {
    return preg_match("/" . $_POST['query'] . "/", $v) === 1;
    }, ARRAY_FILTER_USE_BOTH);

    // something like authZ 
    $result = array_reduce(array_map(function($k, $v) use ($secret) {
    return array($k => ($v === $secret? "**censored**" : $v));
    }, array_keys($result), $result), function ($acc, $a) {
    return $acc + $a;
    }, []);
} else {
    $result = [];
}

$t2 = microtime(TRUE);
$duration = $t2 - $t1;
?>

<html>
    <head>
    <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1">
        <title>Search</title>
        <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bulma@0.8.2/css/bulma.min.css">
        <script defer src="https://use.fontawesome.com/releases/v5.3.1/js/all.js"></script>
    </head>
    <body>
        <section class="section">
            <div class="container">
                <h1 class="title">
                    Search
                </h1>
            </div>
        </section>
        <section class="section">
        <div class="container">
        <h2 class="title is-2">Search Among Profile</h2>        
        <form method="POST">
            <div class="field has-addons">
            <div class="control is-expanded">
                <input class="input" type="text" name="query" placeholder="Query to search among profiles (e.g. Kenta)">
            </div>
            <div class="control">
                <button class="button is-link">Submit</button>
            </div>
            </div>
        </form>

        <div class="tile is-ancestor">
            <?php foreach ($result as $k => $v){?>
            <div class="tile is-parent">
                <div class="tile is-child box">
                <p class="title"><?= $k ?></p>               
                <p><?= $v ?></p>
            </div>
            </div>
        <?php } ?>
        </div>
        </div>
    </section>
        <section class="section">
        <div class="container">
        <h2 class="title is-2">Source Code</h2>
        <?php highlight_file(__FILE__); ?>
        </div>
        </section>
    <footer class="footer">
        <div class="content has-text-centered">
        <p>
            It took <?= $duration ?> seconds to process your request.
        </p>
        </div>
    </footer>
    </body>    
</html>