sql 注入登陆![]()
用户名为a' or 1=1 or 1=1 or''-'或者a' or 1=1 or 1=1 or '
密码可以随便输
验证码必须输入正确
a' or 1=1 or 1=1 (delete * from member where 1=1 or') 可以利用注入删除所有的信息
<?phpsession_start();?><!DOCTYPE html><html><head><meta charset="utf-8"><title></title><meta name="keywords" content="关键字"><meta name="description" content="简介"></head><body><h1>会员注册</h1><form action="reg.php" method="post" enctype="multipart/form-data">账号:<input type="text" name="maccount"><br>密码:<input type="password" name="mpassword"><br>确认密码:<input type="password" name="mpassword2"><br>真实姓名:<input type="text" name="mname"><br><input type="submit" value="提交"><br><a href="user1.php">会员一</a><a href="user2.php">会员二</a><?phpif(isset($_SESSION['user'])){echo '欢迎'.$_SESSION['name'];?><a href="tuichu.php" target="_top">安全退出</a><!-- 点击此链接时,目标网页就会在当前浏览器中打开,而框架会消失。 --><?php}else{?><a href="denglu.html">会员登录</a><?php}?></form></body></html>
login.php
<?php// [maccount] => aaa// [mpassword] => a//[yzm] => 5ese// [code] => 5Esesession_start();//echo '<pre>';//print_r($_POST);//print_r($_SESSION);$yzm=$_POST['yzm'];if(trim($yzm)==''){echo '验证码不能为空';}else if(strtolower($yzm)==strtolower($_SESSION['code'])){include 'inc/db_mysqli.php';$aa=$_POST['maccount'];//$pp=md5($_POST['mpassword']);$pp=mymd5($_POST['mpassword'],$aa);//$result=$m->query("select count(*) from member where maccount='$aa' and mpassword='$pp'");//$rs=$result->fetch_row();//如下使用预处理语句来判断防止注入$stmt=$m->prepare('select count(*),mname from member where maccount=? and mpassword=?');$stmt->bind_param('ss',$aa,$pp);$stmt->execute();$stmt->bind_result($rs,$name);$stmt->fetch();if($rs>0){echo '登录成功';$_SESSION['user']=$aa;$_SESSION['name']=$name;echo '<a href=./>首页</a>';}else{echo '登录失败';}}else{echo '验证码输入不正确';}
user1.php
<?phpsession_start();if(!isset($_SESSION['user'])){//header('location:./');echo '<script>';echo "alert('请登录');location.href='./'";echo '</script>';}?><!doctype html><html><head><meta charset="utf-8"><title>会员查看222</title><meta name="keywords" content="关键字"><meta name="description" content="简介"><script src=""></script></head><body>欢迎:<?php echo $_SESSION['name']?><?phpecho '会员查看一一ok';?></body></html>
use2.php
<?phpsession_start();if(!isset($_SESSION['user'])){//header('location:./');echo '<script>';echo "alert('请登录');location.href='./'";echo '</script>';}?><!doctype html><html><head><meta charset="utf-8"><title>会员查看222</title><meta name="keywords" content="关键字"><meta name="description" content="简介"><link rel="stylesheet" type="text/css" href="inc/index.css"><script src=""></script></head><body>欢迎:<?php echo $_SESSION['name']?><?phpecho '会员查看二二ok';?></body></html>
yzm.php
<?phpinclude 'inc/i.php';check();
tuichu.php
<?phpsession_start();//unset($_SESSION['user'],$_SESSION['name']);session_destroy();//关闭会话header('location:./');
reg.php
<?phpinclude 'mysqli.php';if(isset($_POST['maccount'])){$a=$_POST['maccount'];$n=$_POST['mname'];$p=$_POST['mpassword'];$p2=$_POST['mpassword2'];if(trim($a)==''||trim($n)==''||trim($p)==''){echo '注册失败,账号密码真实姓名不能为空';}else if($p!==$p2){echo '注册失败,请保证2次密码一致';}else{$result=$m->query("select count(*) from member where maccount='$a'");$rs=$result->fetch_row();//echo $rs[0];//0代码没有找到这个账号if($rs[0]==0){//$p=md5($p);$p=mymd5($p,$a);$m->query("insert into member values(null,'$n','$a','$p')");$m->close();echo '注册成功,你的账号是'.$a;}else{echo '注册失败,此账号已经被注册不可以使用';}}}
db_mysqli.php
<?php$host = 'localhost';$user = 'root';$pass = '';$dbname = 'db';$charset = 'utf8';$m = new mysqli($host,$user,$pass,$dbname);$m->set_charset($charset);function mymd5($p,$c='webrx'){$s1 = md5($p.$c);$s2 = sha1($p.$c);$sok = substr($s1,0,6).substr($s2,0,6);$sok .= substr($s1,12,5).substr($s2,22,5);$sok .= substr($s1,22,5).substr($s2,32,5);return $sok;}function pager($tn,$currpage=1,$f='*',$pagesize=3,$w='1=1'){global $m;$stmt = $m->prepare("select count(*) from $tn where $w");$stmt->execute();$stmt->bind_result($recordcount);$stmt->fetch();$stmt->free_result();$stmt->close();$stmt = $m->prepare("select $f from $tn where $w limit ?,?");$pagecount = ceil($recordcount/$pagesize);$start = $currpage*$pagesize - $pagesize;$stmt->bind_param('ii',$start,$pagesize);$stmt->execute();$result = $stmt->get_result();$row = array();$row[] = $result->fetch_all( MYSQLI_NUM);$stmt->free_result();$stmt->close();$first = 1;$end = 10;$pages = '<div class="page">';if($currpage>=7){$first = $currpage-5;$end = $first+$end-1;}if($currpage>1){$prev = $currpage-1;if($first>1){$pages.="<a href=?p=1>首页</a><a href=?p=$prev>上一页</a>";}else{$pages.="<a href=?p=$prev>上一页</a>";}}for($i=$first;$i<=$end;$i++){if($i>$pagecount){break;}if($i==$currpage){$pages.='<a class="checked">'.$i.'</a>';continue;}$pages.="<a href=?p=$i>$i</a>";}if($currpage<$pagecount){$next = $currpage+1;$pages.="<a href=?p=$next>下一页</a>";}if($end<$pagecount){$pages.="<a href=?p=$pagecount>尾页</a>";}$row[] = $pages.'</div>';$row[] = $pagesize;$row[] = $pagecount;$row[] = $recordcount;$row[] = $currpage;return $row;}function css1(){$css = <<<css<style>.page{font-size:12px;height:30px;padding:15px 0;clear:both;overflow:hidden;text-align:center;}.page a{text-decoration:none;line-height:25px;padding:0px 10px;display:inline-block;margin-right:5px;border:solid 1px #c8c7c7;}.page a:hover,.page a.checked{text-decoration:none;border:solid 1px #0086d6;background:#0091e3;color:#fff;}.page a:visited,.page a:link{color:#333;}.page a:active{color:#3B3B3B;}</style>css;echo $css;}
i.php
<?phpfunction check($len=4){session_start();header('content-type:image/png');$fs = ['/a.ttf','/b.ttf','/f.ttf'];$font = dirname(__FILE__).$fs[mt_rand(0,1)];$w = 35*$len;$h = 50;$i = imagecreatetruecolor($w,$h);$c = imagecolorallocatealpha($i,0,0,0,127);//imagecolortransparent($i,$c);//imagefill($i,0,0,$c);imagefilledrectangle($i,0,0,$w,$h,gc($i,'ffffff',mt_rand(0,2)));$sss = '';for($j=0;$j<$len;$j++){$st = gs(1);$sss.=$st;imagettftext($i,mt_rand(15,25),mt_rand(-30,30),$j*35+10,mt_rand(28,38),gc($i),$font,$st);}$_SESSION['code'] = $sss;imagesetthickness($i,mt_rand(2,8));for($j=0;$j<mt_rand(5,10);$j++){imagefilledarc($i,mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,$w),mt_rand(0,$h),mt_rand(0,360),mt_rand(0,360),gc($i,'rand',mt_rand(100,120)),IMG_ARC_NOFILL);}for($j=0;$j<10;$j++){imagettftext($i,mt_rand(10,15),mt_rand(-5,5),mt_rand(0,$w),mt_rand(0,$h),gc($i,'rand',mt_rand(100,120)),$font,gs(1));}imagepng($i);imagedestroy($i);}function gs($n=4){$s = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';$t = '';for($i=0;$i<$n;$i++){$t.=substr($s,mt_rand(0,strlen($s)-1),1);}return $t;}/*** 生成缩略*/function thumb($i,$f=false,$w=220,$h=0,$fn='s_'){$ii = getimagesize($i);if($ii[2]==2){if($ii[0]>$w){$src = imagecreatefromjpeg($i);$sw = $ii[0];$sh = $ii[1];$h = $h==0 ? $w/$sw*$sh : $h;//建立新的缩略图$dst = imagecreatetruecolor($w,$h);imagecopyresampled($dst,$src,0,0,0,0,$w,$h,$sw,$sh);if($f){imagejpeg($dst,$i);}else{$path = dirname($i).'/';$name = $fn.substr($i,strrpos($i,'/')+1);imagejpeg($dst,$path.$name);}imagedestroy($dst);imagedestroy($src);}}}/*** 功能:生成水银图标,水银图标文件在inc目录中 名称 logo.png*/function logo($i,$p=5,$f=true,$fn='logo_'){$ii = getimagesize($i);if($ii[2]==2){if($ii[0]>300){$ni = imagecreatefromjpeg($i);$w = $ii[0];$h = $ii[1];//水银图标 logo.png 格式$logo = dirname(__FILE__).'/logo.png';$li = imagecreatefrompng($logo);$liw = imagesx($li);$lih = imagesy($li);$x = ($w-$liw)/2;$y = ($h-$lih)/2;$pad = 35;switch($p){case 1:$x = 0+$pad;$y = 0+$pad;break;case 2:$y = 0+$pad;break;case 3:$x = $w-$liw-$pad;$y = 0+$pad;break;case 4:$x = 0+$pad;break;case 6:$x = $w-$liw-$pad;break;case 7:$x = 0+$pad;$y = $h-$lih-$pad;break;case 8:$y = $h-$lih-$pad;break;case 9:$x = $w-$liw-$pad;$y = $h-$lih-$pad;break;}imagecopy($ni,$li,$x,$y,0,0,$liw,$lih);if($f){imagejpeg($ni,$i);}else{$path = dirname($i).'/';$name = $fn.substr($i,strrpos($i,'/')+1);imagejpeg($ni,$path.$name);}imagedestroy($ni);imagedestroy($li);}}}function txt($i,$s=30,$t='版权所有',$c='rand',$a=0,$p=5,$f=true,$fn='t_'){$font = dirname(__FILE__).'/f.ttf';$ii = getimagesize($i);if($ii[2]==2){if($ii[0]>300){$ni = imagecreatefromjpeg($i);$pos = imagettfbbox($s,0,$font,$t);$pad = 30;switch($p){case 1://左上角$x = 0-$pos[0]+$pad;$y = 0-$pos[7]+$pad;break;case 2://上边 水平中央$x = ($ii[0]-$pos[2])/2;$y = 0-$pos[7]+$pad;break;case 3:$x = $ii[0]-$pos[2]-$pad;$y = 0-$pos[7]+$pad;break;case 4:$x = 0-$pos[0]+$pad;$y = ($ii[1]-$pos[6])/2;break;case 5:$x = ($ii[0]-$pos[2])/2;$y = ($ii[1]-$pos[6])/2;break;case 6:$x = $ii[0]-$pos[2]-$pad;$y = ($ii[1]-$pos[6])/2;break;case 7:$x = 0-$pos[0]+$pad;$y = $ii[1]-$pos[6]-$pad;break;case 8:$x = ($ii[0]-$pos[2])/2;$y = $ii[1]-$pos[6]-$pad;break;case 9:$x = $ii[0]-$pos[2]-$pad;$y = $ii[1]-$pos[6]-$pad;break;}imagettftext($ni,$s,0,$x,$y,gc($ni,$c,$a),$font,$t);if($f){imagejpeg($ni,$i);}else{$path = dirname($i).'/';$name = $fn.substr($i,strrpos($i,'/')+1);imagejpeg($ni,$path.$name);}imagedestroy($ni);}}}function gc($i,$c='rand',$a=0){$color = '';switch($c){case 'white':$color = imagecolorallocatealpha($i,255,255,255,$a);break;case 'black':$color = imagecolorallocatealpha($i,0,0,0,$a);break;case 'red':$color = imagecolorallocatealpha($i,255,0,0,$a);break;case 'green':$color = imagecolorallocatealpha($i,0,255,0,$a);break;case 'rand':$color = imagecolorallocatealpha($i,mt_rand(0,255),mt_rand(0,255),mt_rand(0,255),$a);break;default:$cc = str_split($c,2);$color = imagecolorallocatealpha($i,hexdec($cc[0]),hexdec($cc[1]),hexdec($cc[2]),$a);break;}return $color;}
浙公网安备 33010602011771号