Example #1
0
<?php

session_start();
require_once '../library/db.php';
$userNumber = dowith_sql(isset($_POST["STU_NUM"]) ? $_POST["STU_NUM"] : '');
$password = dowith_sql(isset($_POST["STU_PSW"]) ? $_POST["STU_PSW"] : '');
unset($_POST["STU_NUM"]);
isset($_POST["STU_PSW"]);
//接受用户输入开始验证
if ($userNumber != NULL && $password != NULL) {
    $db = new DB();
    $sql = "SELECT * FROM admin WHERE USER_NUM = '{$userNumber}' AND USER_PSW = '{$password}'";
    $db->query("{$sql}");
    $userInfo = $db->getrow();
    if ($userInfo) {
        $_SESSION['adminID'] = $userInfo["ID"];
        //添加session供全局验证
        $ip = $_SERVER['REMOTE_ADDR'];
        if ($userInfo["LOG_IP"]) {
            //记录IP
            $userUpdate["LOG_IP"] = $userInfo["LOG_IP"] . ';' . $ip;
        } else {
            $userUpdate["LOG_IP"] = $ip;
        }
        if (!$userInfo["LOG_TIMES"]) {
            $userUpdate["LOG_TIMES"] = 1;
        } else {
            $userUpdate["LOG_TIMES"] = $userInfo["LOG_TIMES"] + 1;
        }
        $db->update("admin", $userUpdate, "ID='{$userInfo['ID']}'");
        header("Location: user.php?action=1 ");
Example #2
0
                $_POST['version'] = strip_tags(dowith_sql($_POST['version']));
                $sql = "insert into version_log(app,version,admin,edittime) values('a',\"{$_POST['version']}\",\"{$_SESSION['admin_name']}\",{$time})";
                $r1 = $db->query($sql);
                $sql = "update version set version=\"{$_POST['version']}\" where app=\"a\"";
                $r2 = $db->query($sql);
                $res = copy(ROOT_PATH . "download/21cake_" . $a . ".apk", ROOT_PATH . "download/21cake.apk");
                if ($res) {
                    echo "<script type='text/javascript'>alert('文件上传成功!');window.location='app_upload.php?act=list';</script>";
                } else {
                    echo "<script type='text/javascript'>alert('文件上传失败!');</script>";
                }
            }
        }
    } elseif ($_POST['app'] == 'i') {
        $time = time() + 8 * 3600;
        $_POST['version'] = strip_tags(dowith_sql($_POST['version']));
        $sql = "insert into version_log(app,version,admin,edittime) values('i',\"{$_POST['version']}\",\"{$_SESSION['admin_name']}\",{$time})";
        $r1 = $db->query($sql);
        $sql = "update version set version=\"{$_POST['version']}\" where app=\"i\"";
        $r2 = $db->query($sql);
        echo "<script type='text/javascript'>window.location='app_upload.php?act=list';</script>";
    }
} elseif ($_GET['act'] == 'list') {
    $sql = "select * from version_log order by edittime desc";
    $list = $db->getAll($sql);
    foreach ($list as $key => $val) {
        $list[$key]['edittime'] = date("Y-m-d H:i:s", $val['edittime']);
    }
    $action_link = array("text" => "上传文件", "href" => "app_upload.php?act=add");
    $smarty->assign('action_link', $action_link);
    $smarty->assign('ur_here', "app上传");
Example #3
0
<?php

function dowith_sql($str)
{
    $refuse_str = "exec|and|or|select|update|from|where|order|by|*|delete||insert|into|values|create|table|\n\ndatabase|set|char|asc|cast|declare|<script|script|iframe|3bomb|c.js|;";
    //定义防注入的字符
    $arr = explode("|", $refuse_str);
    //将$refuse_str中的值单独取出
    for ($i = 0; $i < count($arr); $i++) {
        $replace = "[" . $arr[$i] . "]";
        $str = str_replace($arr[$i], $replace, $str);
        //在变量$str中搜索字符串$arr[$i],并将其替换为字符串[$replace]
    }
    return $str;
}
foreach ($_GET as $key => $value) {
    $_GET[$key] = dowith_sql($value);
    //将$value中的特征码处理传个$_GET[$key]
}
foreach ($_POST as $key => $value) {
    $_POST[$key] = dowith_sql($value);
}
?>