码迷,mamicode.com
首页 > 其他好文 > 详细

后台登陆页面

时间:2015-05-27 00:59:24      阅读:258      评论:0      收藏:0      [点我收藏+]

标签:

sql 注入登陆
用户名为a‘ or 1=1 or 1=1 or‘‘-‘或者a‘ or 1=1 or 1=1 or ‘
密码可以随便输
验证码必须输入正确
a‘ or 1=1 or 1=1 (delete * from member where 1=1 or‘) 可以利用注入删除所有的信息
  1. <?php
  2. session_start();
  3. ?>
  4. <!DOCTYPE html>
  5. <html>
  6. <head>
  7. <meta charset="utf-8">
  8. <title></title>
  9. <meta name="keywords" content="关键字">
  10. <meta name="description" content="简介">
  11. </head>
  12. <body>
  13. <h1>会员注册</h1>
  14. <form action="reg.php" method="post" enctype="multipart/form-data">
  15. 账号:<input type="text" name="maccount"><br>
  16. 密码:<input type="password" name="mpassword"><br>
  17. 确认密码:<input type="password" name="mpassword2"><br>
  18. 真实姓名:<input type="text" name="mname"><br>
  19. <input type="submit" value="提交"><br>
  20. <a href="user1.php">会员一</a>
  21. <a href="user2.php">会员二</a>
  22. <?php
  23. if(isset($_SESSION[‘user‘])){
  24. echo ‘欢迎‘.$_SESSION[‘name‘];
  25. ?>
  26. <a href="tuichu.php" target="_top">安全退出</a><!-- 点击此链接时,目标网页就会在当前浏览器中打开,而框架会消失。 -->
  27. <?php
  28. }else{
  29. ?>
  30. <a href="denglu.html">会员登录</a>
  31. <?php
  32. }
  33. ?>
  34. </form>
  35. </body>
  36. </html>
技术分享
login.php
  1. <?php
  2. // [maccount] => aaa
  3. // [mpassword] => a
  4. //[yzm] => 5ese
  5. // [code] => 5Ese
  6. session_start();
  7. //echo ‘<pre>‘;
  8. //print_r($_POST);
  9. //print_r($_SESSION);
  10. $yzm=$_POST[‘yzm‘];
  11. if(trim($yzm)==‘‘){
  12. echo ‘验证码不能为空‘;
  13. }else if(strtolower($yzm)==strtolower($_SESSION[‘code‘])){
  14. include ‘inc/db_mysqli.php‘;
  15. $aa=$_POST[‘maccount‘];
  16. //$pp=md5($_POST[‘mpassword‘]);
  17. $pp=mymd5($_POST[‘mpassword‘],$aa);
  18. //$result=$m->query("select count(*) from member where maccount=‘$aa‘ and mpassword=‘$pp‘");
  19. //$rs=$result->fetch_row();
  20. //如下使用预处理语句来判断防止注入
  21. $stmt=$m->prepare(‘select count(*),mname from member where maccount=? and mpassword=?‘);
  22. $stmt->bind_param(‘ss‘,$aa,$pp);
  23. $stmt->execute();
  24. $stmt->bind_result($rs,$name);
  25. $stmt->fetch();
  26. if($rs>0){
  27. echo ‘登录成功‘;
  28. $_SESSION[‘user‘]=$aa;
  29. $_SESSION[‘name‘]=$name;
  30. echo ‘<a href=./>首页</a>‘;
  31. }else{
  32. echo ‘登录失败‘;
  33. }
  34. }else{
  35. echo ‘验证码输入不正确‘;
  36. }
user1.php
  1. <?php
  2. session_start();
  3. if(!isset($_SESSION[‘user‘])){
  4. //header(‘location:./‘);
  5. echo ‘<script>‘;
  6. echo "alert(‘请登录‘);location.href=‘./‘";
  7. echo ‘</script>‘;
  8. }
  9. ?>
  10. <!doctype html>
  11. <html>
  12. <head>
  13. <meta charset="utf-8">
  14. <title>会员查看222</title>
  15. <meta name="keywords" content="关键字">
  16. <meta name="description" content="简介">
  17. <script src=""></script>
  18. </head>
  19. <body>
  20. 欢迎:<?php echo $_SESSION[‘name‘]?>
  21. <?php
  22. echo ‘会员查看一一ok‘;
  23. ?>
  24. </body>
  25. </html>
use2.php
  1. <?php
  2. session_start();
  3. if(!isset($_SESSION[‘user‘])){
  4. //header(‘location:./‘);
  5. echo ‘<script>‘;
  6. echo "alert(‘请登录‘);location.href=‘./‘";
  7. echo ‘</script>‘;
  8. }
  9. ?>
  10. <!doctype html>
  11. <html>
  12. <head>
  13. <meta charset="utf-8">
  14. <title>会员查看222</title>
  15. <meta name="keywords" content="关键字">
  16. <meta name="description" content="简介">
  17. <link rel="stylesheet" type="text/css" href="inc/index.css">
  18. <script src=""></script>
  19. </head>
  20. <body>
  21. 欢迎:<?php echo $_SESSION[‘name‘]?>
  22. <?php
  23. echo ‘会员查看二二ok‘;
  24. ?>
  25. </body>
  26. </html>
yzm.php
  1. <?php
  2. include ‘inc/i.php‘;
  3. check();
tuichu.php
  1. <?php
  2. session_start();
  3. //unset($_SESSION[‘user‘],$_SESSION[‘name‘]);
  4. session_destroy();//关闭会话
  5. header(‘location:./‘);
reg.php
  1. <?php
  2. include ‘mysqli.php‘;
  3. if(isset($_POST[‘maccount‘])){
  4. $a=$_POST[‘maccount‘];
  5. $n=$_POST[‘mname‘];
  6. $p=$_POST[‘mpassword‘];
  7. $p2=$_POST[‘mpassword2‘];
  8. if(trim($a)==‘‘||trim($n)==‘‘||trim($p)==‘‘){
  9. echo ‘注册失败,账号密码真实姓名不能为空‘;
  10. }else if($p!==$p2){
  11. echo ‘注册失败,请保证2次密码一致‘;
  12. }else{
  13. $result=$m->query("select count(*) from member where maccount=‘$a‘");
  14. $rs=$result->fetch_row();
  15. //echo $rs[0];//0代码没有找到这个账号
  16. if($rs[0]==0){
  17. //$p=md5($p);
  18. $p=mymd5($p,$a);
  19. $m->query("insert into member values(null,‘$n‘,‘$a‘,‘$p‘)");
  20. $m->close();
  21. echo ‘注册成功,你的账号是‘.$a;
  22. }else{
  23. echo ‘注册失败,此账号已经被注册不可以使用‘;
  24. }
  25. }
  26. }
db_mysqli.php
  1. <?php
  2. $host = ‘localhost‘;
  3. $user = ‘root‘;
  4. $pass = ‘‘;
  5. $dbname = ‘db‘;
  6. $charset = ‘utf8‘;
  7. $m = new mysqli($host,$user,$pass,$dbname);
  8. $m->set_charset($charset);
  9. function mymd5($p,$c=‘webrx‘){
  10. $s1 = md5($p.$c);
  11. $s2 = sha1($p.$c);
  12. $sok = substr($s1,0,6).substr($s2,0,6);
  13. $sok .= substr($s1,12,5).substr($s2,22,5);
  14. $sok .= substr($s1,22,5).substr($s2,32,5);
  15. return $sok;
  16. }
  17. function pager($tn,$currpage=1,$f=‘*‘,$pagesize=3,$w=‘1=1‘){
  18. global $m;
  19. $stmt = $m->prepare("select count(*) from $tn where $w");
  20. $stmt->execute();
  21. $stmt->bind_result($recordcount);
  22. $stmt->fetch();
  23. $stmt->free_result();
  24. $stmt->close();
  25. $stmt = $m->prepare("select $f from $tn where $w limit ?,?");
  26. $pagecount = ceil($recordcount/$pagesize);
  27. $start = $currpage*$pagesize - $pagesize;
  28. $stmt->bind_param(‘ii‘,$start,$pagesize);
  29. $stmt->execute();
  30. $result = $stmt->get_result();
  31. $row = array();
  32. $row[] = $result->fetch_all( MYSQLI_NUM);
  33. $stmt->free_result();
  34. $stmt->close();
  35. $first = 1;
  36. $end = 10;
  37. $pages = ‘<div class="page">‘;
  38. if($currpage>=7){
  39. $first = $currpage-5;
  40. $end = $first+$end-1;
  41. }
  42. if($currpage>1){
  43. $prev = $currpage-1;
  44. if($first>1){
  45. $pages.="<a href=?p=1>首页</a><a href=?p=$prev>上一页</a>";
  46. }else{
  47. $pages.="<a href=?p=$prev>上一页</a>";
  48. }
  49. }
  50. for($i=$first;$i<=$end;$i++){
  51. if($i>$pagecount){
  52. break;
  53. }
  54. if($i==$currpage){
  55. $pages.=‘<a class="checked">‘.$i.‘</a>‘;
  56. continue;
  57. }
  58. $pages.="<a href=?p=$i>$i</a>";
  59. }
  60. if($currpage<$pagecount){
  61. $next = $currpage+1;
  62. $pages.="<a href=?p=$next>下一页</a>";
  63. }
  64. if($end<$pagecount){
  65. $pages.="<a href=?p=$pagecount>尾页</a>";
  66. }
  67. $row[] = $pages.‘</div>‘;
  68. $row[] = $pagesize;
  69. $row[] = $pagecount;
  70. $row[] = $recordcount;
  71. $row[] = $currpage;
  72. return $row;
  73. }
  74. function css1(){
  75. $css = <<<css
  76. <style>
  77. .page{font-size:12px;height:30px;padding:15px 0;clear:both;overflow:hidden;text-align:center;}
  78. .page a{text-decoration:none;line-height:25px;padding:0px 10px;display:inline-block;margin-right:5px;border:solid 1px #c8c7c7;}
  79. .page a:hover,.page a.checked{text-decoration:none;border:solid 1px #0086d6;background:#0091e3;color:#fff;}
  80. .page a:visited,.page a:link{color:#333;}
  81. .page a:active{color:#3B3B3B;}
  82. </style>
  83. css;
  84. echo $css;
  85. }
i.php
  1. <?php
  2. function check($len=4){
  3. session_start();
  4. header(‘content-type:image/png‘);
  5. $fs = [‘/a.ttf‘,‘/b.ttf‘,‘/f.ttf‘];
  6. $font = dirname(__FILE__).$fs[mt_rand(0,1)];
  7. $w = 35*$len;
  8. $h = 50;
  9. $i = imagecreatetruecolor($w,$h);
  10. $c = imagecolorallocatealpha($i,0,0,0,127);
  11. //imagecolortransparent($i,$c);
  12. //imagefill($i,0,0,$c);
  13. imagefilledrectangle($i,0,0,$w,$h,gc($i,‘ffffff‘,mt_rand(0,2)));
  14. $sss = ‘‘;
  15. for($j=0;$j<$len;$j++){
  16. $st = gs(1);
  17. $sss.=$st;
  18. imagettftext($i,mt_rand(15,25),mt_rand(-30,30),$j*35+10,mt_rand(28,38),gc($i),$font,$st);
  19. }
  20. $_SESSION[‘code‘] = $sss;
  21. imagesetthickness($i,mt_rand(2,8));
  22. for($j=0;$j<mt_rand(5,10);$j++){
  23. imagefilledarc($i,mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,360),mt_rand(0,360),gc($i,‘rand‘,mt_rand(100,120)),IMG_ARC_NOFILL);
  24. }
  25. for($j=0;$j<10;$j++){
  26. imagettftext($i,mt_rand(10,15),mt_rand(-5,5),mt_rand(0,$w),mt_rand(0,$h),gc($i,‘rand‘,mt_rand(100,120)),$font,gs(1));
  27. }
  28. imagepng($i);
  29. imagedestroy($i);
  30. }
  31. function gs($n=4){
  32. $s = ‘abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789‘;
  33. $t = ‘‘;
  34. for($i=0;$i<$n;$i++){
  35. $t.=substr($s,mt_rand(0,strlen($s)-1),1);
  36. }
  37. return $t;
  38. }
  39. /**
  40. * 生成缩略
  41. */
  42. function thumb($i,$f=false,$w=220,$h=0,$fn=‘s_‘){
  43. $ii = getimagesize($i);
  44. if($ii[2]==2){
  45. if($ii[0]>$w){
  46. $src = imagecreatefromjpeg($i);
  47. $sw = $ii[0];
  48. $sh = $ii[1];
  49. $h = $h==0 ? $w/$sw*$sh : $h;
  50. //建立新的缩略图
  51. $dst = imagecreatetruecolor($w,$h);
  52. imagecopyresampled($dst,$src,0,0,0,0,$w,$h,$sw,$sh);
  53. if($f){
  54. imagejpeg($dst,$i);
  55. }else{
  56. $path = dirname($i).‘/‘;
  57. $name = $fn.substr($i,strrpos($i,‘/‘)+1);
  58. imagejpeg($dst,$path.$name);
  59. }
  60. imagedestroy($dst);
  61. imagedestroy($src);
  62. }
  63. }
  64. }
  65. /**
  66. * 功能:生成水银图标,水银图标文件在inc目录中 名称 logo.png
  67. */
  68. function logo($i,$p=5,$f=true,$fn=‘logo_‘){
  69. $ii = getimagesize($i);
  70. if($ii[2]==2){
  71. if($ii[0]>300){
  72. $ni = imagecreatefromjpeg($i);
  73. $w = $ii[0];
  74. $h = $ii[1];
  75. //水银图标 logo.png 格式
  76. $logo = dirname(__FILE__).‘/logo.png‘;
  77. $li = imagecreatefrompng($logo);
  78. $liw = imagesx($li);
  79. $lih = imagesy($li);
  80. $x = ($w-$liw)/2;
  81. $y = ($h-$lih)/2;
  82. $pad = 35;
  83. switch($p){
  84. case 1:
  85. $x = 0+$pad;
  86. $y = 0+$pad;
  87. break;
  88. case 2:
  89. $y = 0+$pad;
  90. break;
  91. case 3:
  92. $x = $w-$liw-$pad;
  93. $y = 0+$pad;
  94. break;
  95. case 4:
  96. $x = 0+$pad;
  97. break;
  98. case 6:
  99. $x = $w-$liw-$pad;
  100. break;
  101. case 7:
  102. $x = 0+$pad;
  103. $y = $h-$lih-$pad;
  104. break;
  105. case 8:
  106. $y = $h-$lih-$pad;
  107. break;
  108. case 9:
  109. $x = $w-$liw-$pad;
  110. $y = $h-$lih-$pad;
  111. break;
  112. }
  113. imagecopy($ni,$li,$x,$y,0,0,$liw,$lih);
  114. if($f){
  115. imagejpeg($ni,$i);
  116. }else{
  117. $path = dirname($i).‘/‘;
  118. $name = $fn.substr($i,strrpos($i,‘/‘)+1);
  119. imagejpeg($ni,$path.$name);
  120. }
  121. imagedestroy($ni);
  122. imagedestroy($li);
  123. }
  124. }
  125. }
  126. function txt($i,$s=30,$t=‘版权所有‘,$c=‘rand‘,$a=0,$p=5,$f=true,$fn=‘t_‘){
  127. $font = dirname(__FILE__).‘/f.ttf‘;
  128. $ii = getimagesize($i);
  129. if($ii[2]==2){
  130. if($ii[0]>300){
  131. $ni = imagecreatefromjpeg($i);
  132. $pos = imagettfbbox($s,0,$font,$t);
  133. $pad = 30;
  134. switch($p){
  135. case 1://左上角
  136. $x = 0-$pos[0]+$pad;
  137. $y = 0-$pos[7]+$pad;
  138. break;
  139. case 2://上边 水平中央
  140. $x = ($ii[0]-$pos[2])/2;
  141. $y = 0-$pos[7]+$pad;
  142. break;
  143. case 3:
  144. $x = $ii[0]-$pos[2]-$pad;
  145. $y = 0-$pos[7]+$pad;
  146. break;
  147. case 4:
  148. $x = 0-$pos[0]+$pad;
  149. $y = ($ii[1]-$pos[6])/2;
  150. break;
  151. case 5:
  152. $x = ($ii[0]-$pos[2])/2;
  153. $y = ($ii[1]-$pos[6])/2;
  154. break;
  155. case 6:
  156. $x = $ii[0]-$pos[2]-$pad;
  157. $y = ($ii[1]-$pos[6])/2;
  158. break;
  159. case 7:
  160. $x = 0-$pos[0]+$pad;
  161. $y = $ii[1]-$pos[6]-$pad;
  162. break;
  163. case 8:
  164. $x = ($ii[0]-$pos[2])/2;
  165. $y = $ii[1]-$pos[6]-$pad;
  166. break;
  167. case 9:
  168. $x = $ii[0]-$pos[2]-$pad;
  169. $y = $ii[1]-$pos[6]-$pad;
  170. break;
  171. }
  172. imagettftext($ni,$s,0,$x,$y,gc($ni,$c,$a),$font,$t);
  173. if($f){
  174. imagejpeg($ni,$i);
  175. }else{
  176. $path = dirname($i).‘/‘;
  177. $name = $fn.substr($i,strrpos($i,‘/‘)+1);
  178. imagejpeg($ni,$path.$name);
  179. }
  180. imagedestroy($ni);
  181. }
  182. }
  183. }
  184. function gc($i,$c=‘rand‘,$a=0){
  185. $color = ‘‘;
  186. switch($c){
  187. case ‘white‘:
  188. $color = imagecolorallocatealpha($i,255,255,255,$a);
  189. break;
  190. case ‘black‘:
  191. $color = imagecolorallocatealpha($i,0,0,0,$a);
  192. break;
  193. case ‘red‘:
  194. $color = imagecolorallocatealpha($i,255,0,0,$a);
  195. break;
  196. case ‘green‘:
  197. $color = imagecolorallocatealpha($i,0,255,0,$a);
  198. break;
  199. case ‘rand‘:
  200. $color = imagecolorallocatealpha($i,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255),$a);
  201. break;
  202. default:
  203. $cc = str_split($c,2);
  204. $color = imagecolorallocatealpha($i,hexdec($cc[0]),hexdec($cc[1]),hexdec($cc[2]),$a);
  205. break;
  206. }
  207. return $color;
  208. }









后台登陆页面

标签:

原文地址:http://www.cnblogs.com/lsr111/p/4532177.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!