<?php
  
include "../../config.php";
  if(
$_GET['view_source']) view_source();
?><html>
<head>
<title>Challenge 35</title>
<head>
<body>
<form method=get action=index.php>
phone : <input name=phone size=11 style=width:200px>
<input name=id type=hidden value=guest>
<input type=submit value='add'>
</form>
<?php
$db 
dbconnect();
if(
$_GET['phone'] && $_GET['id']){
  if(
preg_match("/\*|\/|=|select|-|#|;/i",$_GET['phone'])) exit("no hack");
  if(
strlen($_GET['id']) > 5) exit("no hack");
  if(
preg_match("/admin/i",$_GET['id'])) exit("you are not admin");
  
mysqli_query($db,"insert into chall35(id,ip,phone) values('{$_GET['id']}','{$_SERVER['REMOTE_ADDR']}',{$_GET['phone']})") or die("query error");
  echo 
"Done<br>";
}

$isAdmin mysqli_fetch_array(mysqli_query($db,"select ip from chall35 where id='admin' and ip='{$_SERVER['REMOTE_ADDR']}'"));
if(
$isAdmin['ip'] == $_SERVER['REMOTE_ADDR']){
  
solve(35);
  
mysqli_query($db,"delete from chall35");
}

$phone_list mysqli_query($db,"select * from chall35 where ip='{$_SERVER['REMOTE_ADDR']}'");
echo 
"<!--\n";
while(
$r mysqli_fetch_array($phone_list)){
  echo 
htmlentities($r['id'])." - ".$r['phone']."\n";
}
echo 
"-->\n";
?>
<br><a href=?view_source=1>view-source</a>
</body>
</html>