23 lines
768 B
PHP
23 lines
768 B
PHP
<?php
|
|
// Admin panel — exposes session from login.php, also accepts weak creds directly.
|
|
$sess = isset($_COOKIE['session']) ? json_decode(base64_decode($_COOKIE['session']), true) : null;
|
|
?><!DOCTYPE html>
|
|
<html><body>
|
|
<h1>Admin Panel · newploit</h1>
|
|
<p>You are: <?= $sess ? htmlspecialchars($sess['username']) : 'guest' ?></p>
|
|
|
|
<h2>Sign in</h2>
|
|
<form method="post" action="/login.php">
|
|
<p><label>username <input name="username"></label></p>
|
|
<p><label>password <input name="password" type="password"></label></p>
|
|
<p><button>enter admin</button></p>
|
|
</form>
|
|
|
|
<h2>Quick nav</h2>
|
|
<ul>
|
|
<li><a href="/admin/config.php">config</a></li>
|
|
<li><a href="/admin/users.php">users</a></li>
|
|
<li><a href="/phpinfo.php">phpinfo</a></li>
|
|
</ul>
|
|
</body></html>
|