<?php
	/* Author: sting8k */
    error_reporting(0);
	include_once 'config.php';
	  $alert = null;
    $nonce = hash("sha256",rand(10000000, 99999999).rand(10000000, 99999999)."928c115@!%");

    function gen_hash($n, $m){
      global $secret_key;
  		$first = hash_hmac('sha256',$n,$secret_key);
  		return hash_hmac('sha256',$m,$first);
    }

    function validate_hash(){
      global $secret_key, $alert;

			if(isset($_POST['nonce'])){
				$first_key = hash_hmac('sha256',$_POST['nonce'],$secret_key);
			}
			$final_hash = hash_hmac('sha256',$_POST['message'],$first_key);
			if ($final_hash === $_POST['hash']){
				if($_POST['message'] !== "gimmereward"){
					$alert = "Nice try, but not this one";
				} else {
					$alert = "Congratulation! Here is your reward: Flag{****}";
				}
			} else {
				$alert = "We don't do that here";
			}
    }
	  if(isset($_POST['hash']) && isset($_POST['message']) && isset($_POST['nonce'])){
				validate_hash();
    }
    

?>

<!DOCTYPE html>
<html lang="en">

<head>

  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
  <meta name="description" content="">
  <meta name="author" content="">

  <title>Get your reward!</title>

  <!-- Bootstrap core CSS -->
  <link href="vendor/bootstrap/css/bootstrap.min.css" rel="stylesheet">

</head>

<body>

  <!-- Navigation -->
  <nav class="navbar navbar-expand-lg navbar-dark bg-dark static-top">
    <div class="container">
      <a class="navbar-brand" href="#">Get Your Reward</a>
      <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarResponsive" aria-controls="navbarResponsive" aria-expanded="false" aria-label="Toggle navigation">
        <span class="navbar-toggler-icon"></span>
      </button>
      <div class="collapse navbar-collapse" id="navbarResponsive">
        <ul class="navbar-nav ml-auto">
          <li class="nav-item active">
            <a class="nav-link" href="index.php">Home
              <span class="sr-only">(current)</span>
            </a>
          </li>
        </ul>
      </div>
    </div>
  </nav>

  <!-- Page Content -->
  <div class="container">
    <div class="row">
      <div class="col-lg-12 text-center">
        <h1 class="mt-5">Catch me if you can!</h1>
        <p><i><?php if($alert) echo $alert; ?></i></p>
        <p class="lead">
			<form class="form-signin" method="POST" action="index.php">
			      <input type="hidden" name="nonce" value="<?php echo $nonce; ?>"/>
			      <input type="hidden" name="hash" value="<?php echo gen_hash($nonce, "Knock Knock"); ?>"/>
            <input type="text" placeholder="Knock Knock" class="form-control" name="message"/>
            <button class="btn btn-lg btn-primary btn-block" style="max-width:300px;margin:auto;margin-top:30px;" type="submit">Send</button>
        </form>
		</p>
        <ul class="list-unstyled">
          <li><a href="source.txt">Source code</a></li>
        </ul>
      </div>
    </div>
  </div>

  <!-- Bootstrap core JavaScript -->
  <script src="vendor/jquery/jquery.slim.min.js"></script>
  <script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>

</body>

</html>