function seltime() { //查文本日期 $mysqli = sqli(); $query = "select rel_time from show_content order by id desc"; $sqlld = $mysqli->query($query); if ($sqlld->num_rows > 0) { while ($row = $sqlld->fetch_array()) { $cont_time[] = $row; } } else { echo "无法查出日期!"; } return $cont_time; $sqlld->free(); $mysqli->close(); }
<?php include 'sqld.php'; session_start(); date_default_timezone_set('PRC'); $Name = $_POST['exampleInputName2']; $Pass = $_POST['exampleInputPass2']; $mysqli = sqli(); if (empty($Name)) { echo "<script type='text/javascript'>\n\n\t\twindow.alert('用户名不能为空');\n\t\t\n\t\twindow.location.href='index.php';\n\n\t\t</script>"; exit; } elseif (empty($Pass)) { echo "<script type='text/javascript'>\n\n\t\twindow.alert('密码不能为空');\n\t\t\n\t\twindow.location.href='index.php';\n\n\t\t</script>"; exit; } else { $query = "select * from user where username='******'"; $sqlld = $mysqli->query($query); if ($sqlld->num_rows > 0) { //echo "用户名存在"; $row = $sqlld->fetch_array(); if ($row[2] == md5($Pass)) { $_SESSION['ID'] = $row[0]; $LoginDATE = date('Y-m-d H:i:s'); $query_1 = "update user set login_date='{$LoginDATE}',login_state='1' where id='{$row['0']}'"; $sqli_1 = $mysqli->query($query_1); echo "<script type='text/javascript'>\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\twindow.location.href='index.php';\n\n\t\t\t\t\t\t\t\t</script>"; } else { echo "<script type='text/javascript'>\n\n\t\t\t\t\t\t\t\twindow.alert('密码不正确');\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\twindow.location.href='index.php';\n\n\t\t\t\t\t\t\t\t</script>"; } } else { echo "<script type='text/javascript'>\n\n\t\t\t\t\t\t\twindow.alert('用户名不存在');\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\twindow.location.href='index.php';\n\n\t\t\t\t\t\t\t</script>";
function scan() { print "\n Options:\n"; print " sqli - SQL Injection\n"; print " xss - Cross Site Scripting\n"; print " lfi - Local File Inclusion\n"; print " rfi - Remote File Inclusion\n"; print " all - F**k shit up\n"; print " What: "; $choice = fopen("php://stdin", "r"); $what = fgets($choice); print "\n File: "; $choicef = fopen("php://stdin", "r"); $whatf = fgets($choicef); $whatf = trim($whatf); if (file_exists('out/' . $whatf)) { if (trim($what) == 'sqli' || trim($what) == 'all' || trim($what) == 'sqli&xss') { print "\n\n - Testing SQL Injection for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { sqli(urldecode($link)); } } if (trim($what) == 'xss' || trim($what) == 'all' || trim($what) == 'sqli&xss') { print "\n\n - Testing Cross Site Scripting for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { xss(urldecode($link)); } } if (trim($what) == 'lfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) { print "\n\n - Testing Local File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { lfi(urldecode($link)); } } if (trim($what) == 'rfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) { print "\n\n - Testing Remote File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n"; $urls = file('out/' . $whatf); foreach ($urls as $link) { rfi(urldecode($link)); } } } else { print "\nFile doesnt exist!\n"; } }
function terminalEngine($content, $openid) { global $terminal, $welcome; $mysql = new SaeMysql(); $result = $mysql->getData("SELECT * FROM python WHERE FromUserName='******'"); if (!$result[0]['state']) { if ($terminal[$content]) { changeStatu($openid, $terminal[$content]); return $welcome[$terminal[$content] - 1]; } } elseif ($content == 'quit') { $mysql->runSql("UPDATE python SET state=0 WHERE FromUserName='******'"); return '已退出终端...'; } else { switch ($result[0]['state']) { case 1: //python $data = python($content); break; case 2: //mysql $data = mysqlc($content); break; case 3: //sqli $data = sqli($content); break; default: # code... break; } return $data; } }