zoukankan html css js c++ java

后台登陆页面

sql 注入登陆

用户名为a' or 1=1 or 1=1 or''-'或者a' or 1=1 or 1=1 or '

密码可以随便输

验证码必须输入正确

a' or 1=1 or 1=1 (delete * from member where 1=1 or') 可以利用注入删除所有的信息

<?php 
	session_start();
?>
<!DOCTYPE html>
<html>
<head>
	<meta charset="utf-8">
	<title></title>
	<meta name="keywords" content="关键字">
	<meta name="description" content="简介">
</head>
<body>
<h1>会员注册</h1>
<form  action="reg.php" method="post" enctype="multipart/form-data">
账号:<input type="text" name="maccount"><br>
密码:<input type="password" name="mpassword"><br>
确认密码:<input type="password" name="mpassword2"><br>
真实姓名:<input type="text" name="mname"><br>
<input type="submit" value="提交"><br>
<a href="user1.php">会员一</a>
<a href="user2.php">会员二</a>
<?php
if(isset($_SESSION['user'])){
	echo '欢迎'.$_SESSION['name'];
?>
<a href="tuichu.php" target="_top">安全退出</a><!-- 点击此链接时，目标网页就会在当前浏览器中打开，而框架会消失。 -->
<?php 
}else{
 ?>
<a href="denglu.html">会员登录</a>
<?php 
}
?>
</form>
</body>
</html>

<?php
// [maccount] => aaa
// [mpassword] => a
//[yzm] => 5ese
// [code] => 5Ese
session_start();
//echo '<pre>';
//print_r($_POST);
//print_r($_SESSION);
$yzm=$_POST['yzm'];
if(trim($yzm)==''){
	echo '验证码不能为空';
}else if(strtolower($yzm)==strtolower($_SESSION['code'])){
	include 'inc/db_mysqli.php';
	$aa=$_POST['maccount'];
	//$pp=md5($_POST['mpassword']);
	$pp=mymd5($_POST['mpassword'],$aa);
	//$result=$m->query("select count(*) from member where maccount='$aa' and mpassword='$pp'");
	//$rs=$result->fetch_row();
	//如下使用预处理语句来判断防止注入
	$stmt=$m->prepare('select count(*),mname from member where maccount=? and mpassword=?');
	$stmt->bind_param('ss',$aa,$pp);
	$stmt->execute();
	$stmt->bind_result($rs,$name);
	$stmt->fetch();
	if($rs>0){
		echo '登录成功';
		$_SESSION['user']=$aa;
		$_SESSION['name']=$name;
		echo '<a href=./>首页</a>';
	}else{
		echo '登录失败';
	}
}else{
	echo '验证码输入不正确';
}

user1.php

<?php
session_start();
if(!isset($_SESSION['user'])){
	//header('location:./');
	echo '<script>';
	echo "alert('请登录');location.href='./'";
	echo '</script>';
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>会员查看222</title>
<meta name="keywords" content="关键字">
<meta name="description" content="简介">
<script src=""></script>
</head>
<body>
欢迎：<?php echo $_SESSION['name']?>
<?php
echo '会员查看一一ok';
?>
</body>
</html>

use2.php

<?php
session_start();
if(!isset($_SESSION['user'])){
	//header('location:./');
	echo '<script>';
	echo "alert('请登录');location.href='./'";
	echo '</script>';
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>会员查看222</title>
<meta name="keywords" content="关键字">
<meta name="description" content="简介">
<link rel="stylesheet" type="text/css" href="inc/index.css">
<script src=""></script>
</head>
<body>
欢迎：<?php echo $_SESSION['name']?>
<?php
echo '会员查看二二ok';
?>
</body>
</html>

yzm.php

<?php
include 'inc/i.php';
check();

tuichu.php

<?php
session_start();
//unset($_SESSION['user'],$_SESSION['name']);
session_destroy();//关闭会话
header('location:./');

reg.php

<?php
include 'mysqli.php';
if(isset($_POST['maccount'])){
	$a=$_POST['maccount'];
	$n=$_POST['mname'];
	$p=$_POST['mpassword'];
	$p2=$_POST['mpassword2'];
	if(trim($a)==''||trim($n)==''||trim($p)==''){
		echo '注册失败，账号密码真实姓名不能为空';
	}else if($p!==$p2){
		echo '注册失败，请保证2次密码一致';
	}else{
	$result=$m->query("select count(*) from member where maccount='$a'");
	$rs=$result->fetch_row();
	//echo $rs[0];//0代码没有找到这个账号
		if($rs[0]==0){
			//$p=md5($p);
			$p=mymd5($p,$a);
			$m->query("insert into member values(null,'$n','$a','$p')");
			$m->close();
			echo '注册成功，你的账号是'.$a;
		}else{
			echo '注册失败，此账号已经被注册不可以使用';
		}
	}
}

db_mysqli.php

<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$dbname = 'db';
$charset = 'utf8';
$m = new mysqli($host,$user,$pass,$dbname);
$m->set_charset($charset);
function mymd5($p,$c='webrx'){
    $s1 = md5($p.$c);
	$s2 = sha1($p.$c);
	$sok = substr($s1,0,6).substr($s2,0,6);
	$sok .= substr($s1,12,5).substr($s2,22,5);
	$sok .= substr($s1,22,5).substr($s2,32,5);
	return $sok;
}
function pager($tn,$currpage=1,$f='*',$pagesize=3,$w='1=1'){
	global $m;
	$stmt = $m->prepare("select count(*) from $tn where $w");
	$stmt->execute();
	$stmt->bind_result($recordcount);
	$stmt->fetch();
	$stmt->free_result();
	$stmt->close();
	
	$stmt = $m->prepare("select $f from $tn where $w limit ?,?");
	$pagecount = ceil($recordcount/$pagesize);
	$start = $currpage*$pagesize - $pagesize;
	$stmt->bind_param('ii',$start,$pagesize);
	$stmt->execute();
	$result = $stmt->get_result();
	$row = array();
	$row[] = $result->fetch_all( MYSQLI_NUM);
	$stmt->free_result();
	$stmt->close();
	$first = 1;
	$end = 10;
	$pages = '<div class="page">';
	if($currpage>=7){
    	$first = $currpage-5;
		$end = $first+$end-1;
	}
	if($currpage>1){
		$prev = $currpage-1;
		if($first>1){
			$pages.="<a href=?p=1>首页</a><a href=?p=$prev>上一页</a>";
		}else{
			$pages.="<a href=?p=$prev>上一页</a>";			
		}
	}
	for($i=$first;$i<=$end;$i++){
		if($i>$pagecount){
	    	break;	
		}
		if($i==$currpage){
	    	$pages.='<a class="checked">'.$i.'</a>';
			continue;	
		}
        $pages.="<a href=?p=$i>$i</a>";
	}
	if($currpage<$pagecount){
		$next = $currpage+1;
		$pages.="<a href=?p=$next>下一页</a>";		
	}
	if($end<$pagecount){
		$pages.="<a href=?p=$pagecount>尾页</a>";
	}
	$row[] = $pages.'</div>';
	$row[] = $pagesize;
	$row[] = $pagecount;
	$row[] = $recordcount;
	$row[] = $currpage;
	return $row;
}
function css1(){
    $css = <<<css
	<style>
	.page{font-size:12px;height:30px;padding:15px 0;clear:both;overflow:hidden;text-align:center;}
	.page a{text-decoration:none;line-height:25px;padding:0px 10px;display:inline-block;margin-right:5px;border:solid 1px #c8c7c7;}
	.page a:hover,.page a.checked{text-decoration:none;border:solid 1px #0086d6;background:#0091e3;color:#fff;}
	.page a:visited,.page a:link{color:#333;}
	.page a:active{color:#3B3B3B;}
	</style>
css;
    echo $css;		
}

i.php

<?php
function check($len=4){
	session_start();
	header('content-type:image/png');
	$fs = ['/a.ttf','/b.ttf','/f.ttf'];
	$font = dirname(__FILE__).$fs[mt_rand(0,1)];
	$w = 35*$len;
	$h = 50;
	$i = imagecreatetruecolor($w,$h);
	$c = imagecolorallocatealpha($i,0,0,0,127);
	//imagecolortransparent($i,$c);
	//imagefill($i,0,0,$c);
	imagefilledrectangle($i,0,0,$w,$h,gc($i,'ffffff',mt_rand(0,2)));
	$sss = '';
	for($j=0;$j<$len;$j++){
		$st = gs(1);
		$sss.=$st;
	   imagettftext($i,mt_rand(15,25),mt_rand(-30,30),$j*35+10,mt_rand(28,38),gc($i),$font,$st);
	}
	$_SESSION['code'] = $sss;
	imagesetthickness($i,mt_rand(2,8));
	for($j=0;$j<mt_rand(5,10);$j++){
		imagefilledarc($i,mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,360),mt_rand(0,360),gc($i,'rand',mt_rand(100,120)),IMG_ARC_NOFILL);	
	}
	for($j=0;$j<10;$j++){
	   imagettftext($i,mt_rand(10,15),mt_rand(-5,5),mt_rand(0,$w),mt_rand(0,$h),gc($i,'rand',mt_rand(100,120)),$font,gs(1));
	}
	imagepng($i);
	imagedestroy($i);	
}
function gs($n=4){
    $s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';	
	$t = '';
	for($i=0;$i<$n;$i++){
		$t.=substr($s,mt_rand(0,strlen($s)-1),1);
	}
	return $t;
}
/**
 *  生成缩略
 */
function thumb($i,$f=false,$w=220,$h=0,$fn='s_'){
	$ii = getimagesize($i);
	if($ii[2]==2){
		if($ii[0]>$w){
		    $src = imagecreatefromjpeg($i);
			$sw = $ii[0];
			$sh = $ii[1];
			$h = $h==0 ? $w/$sw*$sh : $h;
			//建立新的缩略图
			$dst = imagecreatetruecolor($w,$h);
			imagecopyresampled($dst,$src,0,0,0,0,$w,$h,$sw,$sh);
			if($f){
				imagejpeg($dst,$i);
			}else{
				$path = dirname($i).'/';
				$name = $fn.substr($i,strrpos($i,'/')+1);
				imagejpeg($dst,$path.$name);			
			}
			imagedestroy($dst);
			imagedestroy($src);
		}
	}
}
/**
 * 功能：生成水银图标，水银图标文件在inc目录中 名称 logo.png
 */
function logo($i,$p=5,$f=true,$fn='logo_'){
	$ii = getimagesize($i);
	if($ii[2]==2){
		if($ii[0]>300){
		    $ni = imagecreatefromjpeg($i);
			$w = $ii[0];
			$h = $ii[1];
			
			//水银图标 logo.png 格式
			$logo = dirname(__FILE__).'/logo.png';
			$li = imagecreatefrompng($logo);
			$liw = imagesx($li);
			$lih = imagesy($li);
			
			$x = ($w-$liw)/2;
			$y = ($h-$lih)/2;
			
			$pad = 35;
			switch($p){
			    case 1:
					$x = 0+$pad;
					$y = 0+$pad;
				break;
				
				case 2:
					$y = 0+$pad;				
				break;
				
				case 3:
					$x = $w-$liw-$pad;
					$y = 0+$pad;
				break;
				
				case 4:
					$x = 0+$pad;
				break;
				
				case 6:
					$x = $w-$liw-$pad;
				break;
				
				case 7:
					$x = 0+$pad;
					$y = $h-$lih-$pad;
				break;
				
				case 8:
					$y = $h-$lih-$pad;
				break;
				
				case 9:
					$x = $w-$liw-$pad;
					$y = $h-$lih-$pad;
				break;	
			}
			imagecopy($ni,$li,$x,$y,0,0,$liw,$lih);
			if($f){
				imagejpeg($ni,$i);
			}else{
				$path = dirname($i).'/';
				$name = $fn.substr($i,strrpos($i,'/')+1);
				imagejpeg($ni,$path.$name);			
			}
			imagedestroy($ni);
			imagedestroy($li);
		}
	}
}
function txt($i,$s=30,$t='版权所有',$c='rand',$a=0,$p=5,$f=true,$fn='t_'){
	$font = dirname(__FILE__).'/f.ttf';
	$ii = getimagesize($i);
	if($ii[2]==2){
		if($ii[0]>300){
		    $ni = imagecreatefromjpeg($i);
			$pos = imagettfbbox($s,0,$font,$t);
			$pad = 30;
			switch($p){
				case 1://左上角
					$x = 0-$pos[0]+$pad;
					$y = 0-$pos[7]+$pad;
				break;
				
				case 2://上边 水平中央
					$x = ($ii[0]-$pos[2])/2;
					$y = 0-$pos[7]+$pad;
				break;
				
				case 3:
					$x = $ii[0]-$pos[2]-$pad;
					$y = 0-$pos[7]+$pad;
				break;
				
				case 4:
					$x = 0-$pos[0]+$pad;
					$y = ($ii[1]-$pos[6])/2;
				break;
				
				case 5:
					$x = ($ii[0]-$pos[2])/2;
					$y = ($ii[1]-$pos[6])/2;
				break;
				
				case 6:
					$x = $ii[0]-$pos[2]-$pad;
					$y = ($ii[1]-$pos[6])/2;
				break;
				
				case 7:
					$x = 0-$pos[0]+$pad;
					$y = $ii[1]-$pos[6]-$pad;
				break;
				
				case 8:
					$x = ($ii[0]-$pos[2])/2;
					$y = $ii[1]-$pos[6]-$pad;
				break;
				
				case 9:
				 	$x = $ii[0]-$pos[2]-$pad;
					$y = $ii[1]-$pos[6]-$pad;
				break;
			}
			imagettftext($ni,$s,0,$x,$y,gc($ni,$c,$a),$font,$t);
			if($f){
				imagejpeg($ni,$i);
			}else{
				$path = dirname($i).'/';
				$name = $fn.substr($i,strrpos($i,'/')+1);
				imagejpeg($ni,$path.$name);			
			}
			imagedestroy($ni);
		}
	}
}
function gc($i,$c='rand',$a=0){
	$color = '';
	switch($c){
	    case 'white':
			$color = imagecolorallocatealpha($i,255,255,255,$a);
		break;
	    case 'black':
			$color = imagecolorallocatealpha($i,0,0,0,$a);
		break;
		case 'red':
			$color = imagecolorallocatealpha($i,255,0,0,$a);
		break;
		case 'green':
			$color = imagecolorallocatealpha($i,0,255,0,$a);
		break;
		case 'rand':
			$color = imagecolorallocatealpha($i,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255),$a);
		break;
		default:
		    $cc = str_split($c,2);
			$color = imagecolorallocatealpha($i,hexdec($cc[0]),hexdec($cc[1]),hexdec($cc[2]),$a);
		break;
	}
	return $color;
}

来自为知笔记(Wiz)

查看全文

相关阅读:
被放弃的概率权,机器下围棋不理会沉没成本
 百位性感女明星三围大曝光，体型测试设计
 斯坦福大学机器学习，EM算法求解高斯混合模型
 Javascript图片预加载详解
 使用马尔可夫模型自动生成文章
 18种女粉引流方法、效果、评估
 既然认准了这条路，就不必打听要走多久！
新媒体运营10个大坑，思维导图版
 谷歌发布"自动机器学习"技术 AI可自我创造
 Centos7下PHP的卸载与安装nginx

原文地址：https://www.cnblogs.com/lsr111/p/4532177.html