SBD_XSS_Demo/app/login.php

<?php
if ( empty(session_id()) ) session_start();

if ($_SERVER["REQUEST_METHOD"] === "POST") {
    $_SESSION["username"] = $_POST["username"];
    header("Location: /");
    return;
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>SBD XSS | Login</title>
</head>
<body>
    <div>
        Hey, what's your name?
    </div>
    <form action="/login.php" method="POST">
        <input type="text" name="username" placeholder="Enter your username">
        <input type="submit" value="Log in">
    </form>
</body>
</html>