docker-vulnerable-dvwa/dvwa/vulnerabilities/brute/source/medium.php

<?php

if( isset( $_GET[ 'Login' ] ) ) {
	// Sanitise username input
	$user = $_GET[ 'username' ];
	$user = mysql_real_escape_string( $user );

	// Sanitise password input
	$pass = $_GET[ 'password' ];
	$pass = mysql_real_escape_string( $pass );
	$pass = md5( $pass );

	// Check the database
	$query  = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
	$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );

	if( $result && mysql_num_rows( $result ) == 1 ) {
		// Get users details
		$avatar = mysql_result( $result, 0, "avatar" );

		// Login successful
		$html .= "<p>Welcome to the password protected area {$user}</p>";
		$html .= "<img src=\"{$avatar}\" />";
	}
	else {
		// Login failed
		sleep( 2 );
		$html .= "<pre><br />Username and/or password incorrect.</pre>";
	}

	mysql_close();
}

?>
first commit 2016-12-02 19:19:11 +00:00			`<?php`

			`if( isset( $_GET[ 'Login' ] ) ) {`
			`// Sanitise username input`
			`$user = $_GET[ 'username' ];`
			`$user = mysql_real_escape_string( $user );`

			`// Sanitise password input`
			`$pass = $_GET[ 'password' ];`
			`$pass = mysql_real_escape_string( $pass );`
			`$pass = md5( $pass );`

			`// Check the database`
			$query = "SELECT * FROM `users` WHERE user = '$user' AND password = '$pass';";
			`$result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' );`

			`if( $result && mysql_num_rows( $result ) == 1 ) {`
			`// Get users details`
			`$avatar = mysql_result( $result, 0, "avatar" );`

			`// Login successful`
			`$html .= "<p>Welcome to the password protected area {$user}</p>";`
			`$html .= "<img src=\"{$avatar}\" />";`
			`}`
			`else {`
			`// Login failed`
			`sleep( 2 );`
			`$html .= "<pre><br />Username and/or password incorrect.</pre>";`
			`}`

			`mysql_close();`
			`}`

			`?>`