vulnerable.html

The code block below contains the vulnerable.html file for Homework 12.10. You should be able to answer the questions without running the file.

<!DOCTYPE html>
<html>
  <body text-align="center">
    <div id="message"></div>
    <?php
        // load the configuration file and create the database connection
        include_once $_SERVER["DOCUMENT_ROOT"]."/includes/mysql-conn.php";

        $userName = "Guest";
        $userMessage = "Seize the day!";
        $currentUser = $_COOKIE['user'];

        function updateMessage($newMessage) {
            $updateQuery = "UPDATE motd SET messageText = '$newMessage' WHERE userid = $currentUser";
            mysql_query($updateQuery)
        }

        if (isset($_POST['newMsg']) {
            updateMessage($_POST['newMsg']);
        }

        $selectQuery = "SELECT * FROM motd WHERE userid = $currentUser LIMIT 1";
        $result = mysql_query($selectQuery);

        if ($row = mysql_fetch_array($result)) {
            $userMessage = $row['messageText'];
            $userName = $row['userName'];
        }
    ?>
    <h4>Hello, <p id="name"><?php echo $userName; ?></p>! Here's your inspiring message of the day: <?php echo $userMessage ?></h4>
    <form action="" method="post">
    <p>Change your message of the day!</p>
    <p>New message: <input type="text" name="newMsg"/></p>
    <p><input type="submit"/></p>
  </body>
</html>