예제 #1
0
function login_check($post)
{
    $MaxSlen = 30;
    //限制登陆验证输入项最多20个字符
    if (!get_magic_quotes_gpc()) {
        $post = addslashes($post);
        // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
    }
    $post = LenLimit($post, $MaxSlen);
    $post = preg_replace("/ +/", "", trim(str_replace(" ", "", $post)));
    $post = cleanHex($post);
    if (strpos($post, "=") || strpos($post, "'") || strpos($post, "\\") || strpos($post, "*") || strpos($post, "#")) {
        return false;
    } else {
        return true;
    }
}
예제 #2
0
파일: secure.php 프로젝트: vaseidong/test
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>代码安全</title>
</head>

<body>
<?php 
session_start();
if ($_POST['submit'] == "go") {
    //check token
    if ($_POST['token'] == $_SESSION['token']) {
        //strip_tags
        $name = strip_tags($_POST['name']);
        $name = substr($name, 0, 40);
        //clean out any potential hexadecimal characters
        $name = cleanHex($name);
        //continue processing....
    } else {
        //stop all processing! remote form posting attempt!
    }
}
$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;
function cleanHex($input)
{
    $clean = preg_replace("![\\][xX]([A-Fa-f0-9]{1,3})!", "", $input);
    return $clean;
}
?>
<form action="<?php 
echo $_SERVER['PHP_SELF'];