<?php

include "./config.php";
login_chk();
dbconnect();
if (preg_match('/prob|_|\\.|\\(\\)/i', $_GET[pw])) {
    exit("No Hack ~_~");
}
if (preg_match('/or|and|substr\\(|=/i', $_GET[pw])) {
    exit("HeHe");
}
$query = "select id from prob_golem where id='guest' and pw='{$_GET[pw]}'";
echo "<hr>query : <strong>{$query}</strong><hr><br>";
$result = @mysql_fetch_array(mysql_query($query));
if ($result['id']) {
    echo "<h2>Hello {$result[id]}</h2>";
}
$_GET[pw] = addslashes($_GET[pw]);
$query = "select pw from prob_golem where id='admin' and pw='{$_GET[pw]}'";
$result = @mysql_fetch_array(mysql_query($query));
if ($result['pw'] && $result['pw'] == $_GET['pw']) {
    solve("golem");
}
highlight_file(__FILE__);
Example #2
0
include_once "mainfile.php";
include_once XOOPS_ROOT_PATH . "/language/{$xoopsConfig['language']}/modinfo.php";
include_once XOOPS_ROOT_PATH . "/xoops_version.php";
include_once XOOPS_ROOT_PATH . "/language/{$xoopsConfig['language']}/main.php";
include_once XOOPS_ROOT_PATH . "/common/default_language.php";
include_once XOOPS_ROOT_PATH . "/common/class/xoopsModule.php";
include_once XOOPS_ROOT_PATH . "/common/class/xoopsDB.php";
include_once XOOPS_ROOT_PATH . "/common/class/textsanitizer.php";
$xoopsModule = new xoopsModule();
$xoopsDB = new xoopsDB();
$xoopsModuleConfig = get_xoopsModulesConfig();
if (empty($xoopsModuleConfig)) {
    $xoopsModuleConfig = mkXoopsModuleConfig($modversion);
}
if ($_REQUEST['op'] == "login_chk") {
    login_chk($_POST['login_id'], $_POST['login_pass']);
    header("location:" . XOOPS_URL . "/index.php");
} elseif ($_REQUEST['op'] == "logout") {
    logout();
}
$module_login = isAdmin() ? "<a href='" . XOOPS_URL . "/admin/index.php'>後台管理</a> | <a href='" . XOOPS_URL . "/common/setup.php'>偏好設定</a>" : login_form();
$module_title = empty($xoopsModuleConfig['fp_title']) ? $modversion['name'] : $xoopsModuleConfig['fp_title'];
$module_url = XOOPS_URL;
//判斷是否為管理員
function isAdmin()
{
    if ($_SESSION['login_id'] == ADMIN_ID and $_SESSION['login_pass'] == ADMIN_PASSWD) {
        return true;
    }
    return false;
}