<?php
session_start();
require_once '../library/db.php';
$userNumber = dowith_sql(isset($_POST["STU_NUM"]) ? $_POST["STU_NUM"] : '');
$password = dowith_sql(isset($_POST["STU_PSW"]) ? $_POST["STU_PSW"] : '');
unset($_POST["STU_NUM"]);
isset($_POST["STU_PSW"]);
//接受用户输入开始验证
if ($userNumber != NULL && $password != NULL) {
$db = new DB();
$sql = "SELECT * FROM admin WHERE USER_NUM = '{$userNumber}' AND USER_PSW = '{$password}'";
$db->query("{$sql}");
$userInfo = $db->getrow();
if ($userInfo) {
$_SESSION['adminID'] = $userInfo["ID"];
//添加session供全局验证
$ip = $_SERVER['REMOTE_ADDR'];
if ($userInfo["LOG_IP"]) {
//记录IP
$userUpdate["LOG_IP"] = $userInfo["LOG_IP"] . ';' . $ip;
} else {
$userUpdate["LOG_IP"] = $ip;
}
if (!$userInfo["LOG_TIMES"]) {
$userUpdate["LOG_TIMES"] = 1;
} else {
$userUpdate["LOG_TIMES"] = $userInfo["LOG_TIMES"] + 1;
}
$db->update("admin", $userUpdate, "ID='{$userInfo['ID']}'");
header("Location: user.php?action=1 ");
$_POST['version'] = strip_tags(dowith_sql($_POST['version']));
$sql = "insert into version_log(app,version,admin,edittime) values('a',\"{$_POST['version']}\",\"{$_SESSION['admin_name']}\",{$time})";
$r1 = $db->query($sql);
$sql = "update version set version=\"{$_POST['version']}\" where app=\"a\"";
$r2 = $db->query($sql);
$res = copy(ROOT_PATH . "download/21cake_" . $a . ".apk", ROOT_PATH . "download/21cake.apk");
if ($res) {
echo "<script type='text/javascript'>alert('文件上传成功!');window.location='app_upload.php?act=list';</script>";
} else {
echo "<script type='text/javascript'>alert('文件上传失败!');</script>";
}
}
}
} elseif ($_POST['app'] == 'i') {
$time = time() + 8 * 3600;
$_POST['version'] = strip_tags(dowith_sql($_POST['version']));
$sql = "insert into version_log(app,version,admin,edittime) values('i',\"{$_POST['version']}\",\"{$_SESSION['admin_name']}\",{$time})";
$r1 = $db->query($sql);
$sql = "update version set version=\"{$_POST['version']}\" where app=\"i\"";
$r2 = $db->query($sql);
echo "<script type='text/javascript'>window.location='app_upload.php?act=list';</script>";
}
} elseif ($_GET['act'] == 'list') {
$sql = "select * from version_log order by edittime desc";
$list = $db->getAll($sql);
foreach ($list as $key => $val) {
$list[$key]['edittime'] = date("Y-m-d H:i:s", $val['edittime']);
}
$action_link = array("text" => "上传文件", "href" => "app_upload.php?act=add");
$smarty->assign('action_link', $action_link);
$smarty->assign('ur_here', "app上传");
<?php
function dowith_sql($str)
{
$refuse_str = "exec|and|or|select|update|from|where|order|by|*|delete||insert|into|values|create|table|\n\ndatabase|set|char|asc|cast|declare|<script|script|iframe|3bomb|c.js|;";
//定义防注入的字符
$arr = explode("|", $refuse_str);
//将$refuse_str中的值单独取出
for ($i = 0; $i < count($arr); $i++) {
$replace = "[" . $arr[$i] . "]";
$str = str_replace($arr[$i], $replace, $str);
//在变量$str中搜索字符串$arr[$i],并将其替换为字符串[$replace]
}
return $str;
}
foreach ($_GET as $key => $value) {
$_GET[$key] = dowith_sql($value);
//将$value中的特征码处理传个$_GET[$key]
}
foreach ($_POST as $key => $value) {
$_POST[$key] = dowith_sql($value);
}
?>