function strCheck($str) { if (inject_check($str)) { die('非法参数'); } //注入判断 $str = htmlspecialchars($str); return $str; }
function checkLogin() { if (empty($_POST['username'])) { $this->error("帐号错误"); } elseif (empty($_POST['password'])) { $this->error("密码必须!"); } elseif (empty($_POST['verify'])) { $this->error('验证码必须!'); } if (md5($_POST['verify']) != $_SESSION['verify']) { $this->error('验证码错误!'); } //生成认证条件 $map = array(); // 支持使用绑定帐号登录 $map['username'] = inject_check($_POST['username']); $map["status"] = array('gt', 0); import('ORG.Util.RBAC'); $authInfo = RBAC::authenticate($map); //使用用户名、密码和状态的方式进行认证 if (false === $authInfo) { $this->error('帐号不存在!'); } if (empty($authInfo)) { $this->error('帐号不存在或已禁用!'); } $pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms')); if ($pwdinfo != 0) { $this->error('密码错误!'); } $_SESSION[C('USER_AUTH_KEY')] = $authInfo['id']; $_SESSION['username'] = $_POST['username']; $_SESSION['cookietime'] = time(); $role = M('role_admin'); $authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id'); if ($authInfo['role_id'] == '1') { $_SESSION[C('ADMIN_AUTH_KEY')] = true; } //保存登录信息 $admin = M('admin'); $ip = get_client_ip(); $time = time(); $data = array(); $data['id'] = $authInfo['id']; $data['lastlogintime'] = $time; $data['lastloginip'] = $ip; $admin->save($data); // 缓存访问权限 RBAC::saveAccessList(); //保存cookie信息 import('ORG.Util.Cookie'); Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3); //dump($_SESSION); $this->index(); }
function str_check($str) { if (inject_check($str)) { echo $str; die('非法参数'); } //注入判断 $str = htmlspecialchars($str); //转换html return $str; }
public function index() { inject_check($_GET['aid']); $mood = M('mood'); $list = $mood->where('aid=' . intval($_GET['aid']))->find(); if ($list) { echo "{$list['mood1']},{$list['mood2']},{$list['mood3']},{$list['mood4']},{$list['mood5']},{$list['mood6']},{$list['mood7']},{$list['mood8']}"; } else { $data['aid'] = intval($_GET['aid']); $mood->add($data); echo "0,0,0,0,0,0,0,0"; } }
function ajax_arclist() { $prefix = !empty($_REQUEST['prefix']) ? (bool) $_REQUEST['prefix'] : true; //表过滤防止泄露信息,只允许的表 if (!in_array($_REQUEST['model'], array('article', 'type', 'ad', 'label', 'link'))) { exit; } if (!empty($_REQUEST['model'])) { if ($prefix == true) { $model = C('DB_PREFIX') . $_REQUEST['model']; } else { $model = $_REQUEST['model']; } } else { $model = C('DB_PREFIX') . 'article'; } $order = !empty($_REQUEST['order']) ? inject_check($_REQUEST['order']) : ''; $num = !empty($_REQUEST['num']) ? inject_check($_REQUEST['num']) : ''; $where = !empty($_REQUEST['where']) ? inject_check(urldecode($_REQUEST['where'])) : ''; //使where支持 条件判断,添加不等于的判断 $page = false; if (!empty($_REQUEST['page'])) { $page = (bool) $_REQUEST['page']; } $pagesize = !empty($_REQUEST['pagesize']) ? intval($_REQUEST['pagesize']) : '10'; //$query =!empty($_REQUEST['sql'])?$_REQUEST['sql']:'';//太危险不用 $field = ''; if (!empty($_REQUEST['field'])) { $f_t = explode(',', inject_check($_REQUEST['field'])); $f_t = array_map('urlencode', $f_t); $field = implode(',', $f_t); } $m = new Model($model, NULL); //如果使用了分页,缓存也不生效 if ($page) { import("ORG.Util.Page"); //这里改成你的Page类 $count = $m->where($where)->count(); $total_page = ceil($count / $pagesize); $p = new Page($count, $pagesize); //如果使用了分页,num将不起作用 $t = $m->field($field)->where($where)->limit($p->firstRow . ',' . $p->listRows)->order($order)->select(); //echo $m->getLastSql(); $ret = array('total_page' => $total_page, 'data' => $t); } //如果没有使用分页,并且没有 query if (!$page) { $ret = $m->field($field)->where($where)->order($order)->limit($num)->select(); } $this->ajaxReturn($ret, '返回信息', 1); }
public function index() { inject_check($_GET['aid']); inject_check($_GET['page']); $pl = M('pl'); $config = F('basic', '', './Web/Conf/'); $data['status'] = 1; $data['aid'] = intval($_GET['aid']); $list = $pl->where($data)->select(); if (!$list) { $this->display(TMPL_PATH . cookie('think_template') . '/pl_nopl.html', 'utf-8', 'text/xml'); exit; } $count = $pl->where($data)->count(); $this->assign('allnum', $count); $pagenum = 6; //每六条分页 $pages = ceil($count / $pagenum); //总页数 $prepage = ($_GET['page'] - 1) * $pagenum; $endpage = $_GET['page'] * $pagenum; $tempnum = $pagenum * $_GET['page']; $lastnum = $tempnum < $count ? $tempnum : $count; $plist = $pl->where($data)->order('ptime asc')->limit($prepage . ',' . $endpage)->select(); foreach ($plist as $k => $v) { if (!empty($v['recontent'])) { $v['recontent'] = '<font color=red><b>管理员回复:' . $v['recontent'] . '</b></font>'; } $pp[$k] = $v; $pp[$k]['num'] = $k + 1 + (intval($_GET['page']) - 1) * $pagenum; } //封装变量 $this->assign('nowpage', intval($_GET['page'])); //当前页 $this->assign('pages', $pages); //总页数 $this->assign('aid', intval($_GET['aid'])); //文章aid $this->assign('lastnum', $lastnum); //最后一条记录数 $this->assign('list', $pp); //模板输出 $this->display(TMPL_PATH . cookie('think_template') . '/pl_pl.html', 'utf-8', 'text/xml'); }
public function update() { if (empty($_POST)) { alert('请选择投票项!', 1); } inject_check($_POST['id']); if (Cookie::is_set('vote' . $_POST['id'])) { alert('您已投过票了!', 1); } //读取数据库 $vote = M('vote'); //if(C('TOKEN_ON') && !$vote->autoCheckToken($_POST)){$this->error(L('_TOKEN_ERROR_'));}//防止乱提交表单 $vo = $vote->where('id=' . intval($_POST['id']))->field('vote,overtime,starttime,stype')->find(); $strs = explode(PHP_EOL, trim($vo['vote'])); //业务处理 if (!$vo) { alert('投票不存在!', 3); } if ($vo['overtime'] != '' && cptime(date('Y-m-d H:i:s'), $vo['overtime'])) { alert('投票已结束!', U('votes/' . $_POST['id'])); } if (!cptime(date('Y-m-d H:i:s'), $vo['starttime'])) { alert('投票没有开始!', U('votes/' . $_POST['id'])); } $data['vote'] = $vo['vote']; if ($vo['stype'] == 0) { $_POST['vote'] = array($_POST['vote']); } foreach ($_POST['vote'] as $v) { $v = str_replace(PHP_EOL, "", $v); if (in_array($v, $strs)) { $s = explode("=", $v); if (count($s) == 2 && is_numeric($s[1])) { $data['vote'] = str_replace($v, $s[0] . "=" . (intval($s[1]) + 1), $data['vote']); } } } if ($vote->where('id=' . intval($_POST['id']))->save($data)) { Cookie::set('vote' . $_POST['id'], '1', 365 * 60 * 60 * 24); alert('投票成功!', U('votes/' . $_POST['id'])); } alert("操作失败!", U('votes/' . $_POST['id'])); }
public function index() { if (!isset($_GET['aid'])) { $this->error('非法操作'); } inject_check($_GET['aid']); inject_check($_GET['p']); $aid = intval($_GET['aid']); //读取数据库和缓存 ob_start(); //用于生成静态HTML $is_build = C('IS_BUILD_HTML'); //允许参数 $allow_param = array('p', 'keyword'); $static_file = './Html/' . cookie('think_template') . '/articles/' . $aid; $mid_str = ''; if (count($_REQUEST) > 1) { foreach ($_REQUEST as $k => $v) { if ($k != 'aid' && in_array($k, $allow_param)) { $mid_str .= '/' . $k . '/' . md5($v); } } } $static_file .= $mid_str . '.html'; $path = './ArticleAction.class.php'; $php_file = basename($path); parent::html_init($static_file, $php_file, $is_build); //以下是动态代码 $article = M('article'); $config = F('basic', '', './Web/Conf/'); $page_model = 'page/page_default.html'; //相关判断 $alist = $article->where('aid=' . $aid)->find(); if (!$alist) { alert('文章不存在或已删除!', __APP__); } if ($alist['islink'] == 1) { Header('Location:' . $alist['linkurl']); } if ($alist['status'] == 0) { alert('文章未审核!', __APP__); } //阅读权限 if ($config['isread'] == 1) { $uvail = explode(',', $_SESSION['dami_uservail']); if (!in_array($alist['typeid'], $uvail)) { alert('对不起您没有阅读改文章的权限!', __APP__); } } $this->assign('title', $alist['title']); parent::tree_dir($alist['typeid'], 'tree_list'); $type = M('type'); $list = $type->where('typeid=' . intval($alist['typeid']))->find(); if ($list) { $pid = get_first_father($list['typeid']); $cur_menu = get_field('type', 'typeid=' . $pid, 'drank'); $this->assign('cur_menu', $cur_menu); $this->assign('type', $list); } $a = M('type')->where('typeid=' . $alist['typeid'])->getField('page_path'); if ($a != '' && file_exists(TMPL_PATH . cookie('think_template') . '/' . $a)) { $page_model = $a; } //网站头部 R('Public/head'); R('Public/py_link'); //统计处理 if ($alist['status'] == 1) { $map['hits'] = $alist['hits'] + 1; $article->where('aid=' . $aid)->save($map); } //注销map unset($map); $alist['hits'] += 1; //关键字替换 $alist['content'] = $this->key($alist['content']); //鼠标轮滚图片 if ($config['mouseimg'] == 1) { $alist['content'] = $this->mouseimg($alist['content']); } //文章内分页处理 if ($alist['pagenum'] == 0) { //手动分页 $alist['content'] = $this->diypage($alist['content']); } else { //自动分页 $alist['content'] = $this->autopage($alist['pagenum'], $alist['content']); } //文章内投票 $this->vote($alist['voteid']); //心情投票 $url = __ROOT__; //用于心情js的根路径变量 $this->assign('url', $url); //文章上下篇 $map['status'] = 1; $map['typeid'] = $alist['typeid']; $map['aid'] = array('lt', $alist['aid']); $up = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find(); //dump($article->getLastsql()); if (!$up) { $lastpage = ''; $updown = '下一篇:<span>无</span>'; } else { $up['title'] = msubstr($up['title'], 0, 20, 'utf-8'); $lastpage = '<a href="' . U('articles/' . $up['aid']) . '" data-icon="arrow-l" data-iconpos="left">' . $up['title'] . '</a>'; $updown = '下一篇:<span><a href="' . U('articles/' . $up['aid']) . '" >' . $up['title'] . '</a></span>'; } $this->assign('lastpage', $lastpage); $map['aid'] = array('gt', $alist['aid']); $down = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find(); if (!$down) { $nextpage = ''; $updown .= ' 上一篇:<span>无</span>'; } else { $dowm['title'] = msubstr($down['title'], 0, 20, 'utf-8'); $nextpage = '<a href="' . U('articles/' . $down['aid']) . '" data-icon="arrow-r" data-iconpos="right">' . $down['title'] . '</a>'; $updown .= ' 上一篇:<span><a href="' . U('articles/' . $down['aid']) . '">' . $down['title'] . '</a></span>'; } $this->assign('nextpage', $nextpage); $this->assign('updown', $updown); //释放相关内存 unset($updown, $up, $down, $map, $lastpage, $nextpage); //相关文章 if ($alist['keywords'] != '') { $map['status'] = 1; $keywords = explode(",", $alist['keywords']); foreach ($keywords as $k => $v) { if ($k == 0) { $map['_string'] = "(keywords like '%{$v}%')"; } else { $map['_string'] = " OR (keywords like '%{$v}%')"; } } $klist = $article->where($map)->field('aid,title,imgurl,addtime')->limit(6)->select(); //封装变量 $this->assign('keylist', $klist); } $this->assign('article', $alist); //释放内存 unset($article, $alist, $klist, $map); //模板输出 $this->display(TMPL_PATH . cookie('think_template') . '/' . $page_model); if ($is_build == 1) { $c = ob_get_contents(); if (!file_exists(dirname($static_file))) { @mk_dir(dirname($static_file)); } file_put_contents($static_file, $c); } }
<?php require_once "../config.php"; require_once '../includes/function.php'; require_once '../includes/smarty.inc.php'; require_once '../includes/connect.php'; require_once '../includes/userShell.php'; $id = $_GET["id"]; $key_check = inject_check($id); $result1 = mysqli_query($con, "SELECT * FROM sd_setting"); //获取数据 while ($row1 = mysqli_fetch_assoc($result1)) { $tit = $row1['main_tit']; $share = $row1['share']; $theme = $row1['theme']; $url1 = $row1['zzurl']; $domain = $row1['kjurl']; $tjcode = $row1['tjcode']; } $err[0] = false; $err[1] = ""; if (file_exists("../content/themes/" . $theme . "/pages/config.json")) { $configFile = fopen("../content/themes/" . $theme . "/pages/config.json", "r"); $configContent = fread($configFile, filesize("../content/themes/" . $theme . "/pages/config.json")); fclose($configFile); $pages = json_decode($configContent, true); $idCheck[0] = false; foreach ($pages as $key => $value) { if ($value["id"] == $id) { $idCheck[0] = false; $idCheck[1] = $value["file"];
* * */ foreach ($_POST as $key => $value) { if (!is_array($value)) { inject_check($value); } } foreach ($_GET as $key => $value) { if (!is_array($value)) { inject_check($value); } } foreach ($_REQUEST as $key => $value) { if (!is_array($value)) { inject_check($value); } } function inject_check($Sql_Str) { //自动过滤Sql的注入语句。 $check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str); if ($check) { $result['code'] = 0; $result['info'] = "您提交的信息包含非法字符!"; print_r(json_encode($result)); exit; } else { return $Sql_Str; } }
$key1 = ""; $sskey = $_GET['sskey']; $tp = $_GET['type']; require_once "../config.php"; //引入配置文件 require_once 'function.php'; //引入函数库 require_once 'connect.php'; require_once "qiniu/rs.php"; date_default_timezone_set("Asia/Shanghai"); //设置时区 error_reporting(0); //设置错误级别0 $keyp = inject_check($tp); //检查sql注入 $keyp1 = inject_check($sskey); //检查sql注入 if ($keyp == "bad" || $keyp1 == "bad") { exit; } if ($tp == "open") { $ku = "sd_ss"; } else { if ($tp == "lock") { $ku = "sd_sskey"; } } $ju = "select * from " . $ku . " where sskey = '{$sskey}'"; $result = mysqli_query($con, $ju); //获取数据 while ($row = mysqli_fetch_assoc($result)) {
ob_start(); header("Content-Type: text/html; charset=utf-8"); include "../include/config.php"; function inject_check($Sql_Str) { //自动过滤Sql的注入语句。 $check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str); if ($check) { echo '<script language="JavaScript">alert("系统警告:\\n\\n请不要尝试在参数中包含非法字符尝试注入!");window.location.href="/";</script>'; exit; } else { return $Sql_Str; } } $AdminUser = inject_check($_REQUEST["AdminUser"]); $AdminPass = md5(inject_check($_REQUEST["AdminPass"])); $sql = "select * from admin where AdminUser='******' and AdminPass='******'"; $result = mysql_db_query($dbname, $sql); //mysql_select_db($dbname); //$result=mysql_query($sql); $rs = mysql_fetch_array($result); $fg = $rs["flag"]; $ip = $_SERVER["HTTP_VIA"] ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]; $ip = $ip ? $ip : $_SERVER["REMOTE_ADDR"]; $data = date("Y-m-d H:i:s"); if ($rs != NULL) { setcookie('ckey', "yes"); setcookie('AdminUser', $AdminUser); setcookie('fg', $fg); setcookie('ips', $ip); setcookie('dt', $data);
<?php require_once 'include.php'; $sql="select * from dw_article where articleid=".inject_check($_GET['id']); $rows=fetchOne($sql); $web_sql="select * from dw_config"; $web_config=fetchOne($web_sql); //print_r($web_config); //echo $key."=>".$value; [$web_config][$webtitle]; //foreach($web_configs as $web_config): ?> <!doctype html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title><?php echo $rows['title'];?></title></title> <link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css"> <script src="http://cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script> <!-- 最新的 Bootstrap 核心 JavaScript 文件 --> <script src="http://cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> </head> <body> <div class="container"> <!-- 这个是页头--> <?php require_once "head.php";?> <!--这个是导航--> <nav class="navbar navbar-default" style="margin:3px 0px; padding:0px;"> <div class="container-fluid"> <!-- Brand and toggle get grouped for better mobile display -->
<?php require_once "../config.php"; //基础配置文件 require_once '../includes/function.php'; //函数库 require_once '../includes/smarty.inc.php'; //smarty模板配置 require_once '../includes/connect.php'; require_once '../includes/userShell.php'; $key = $_GET["key"]; //GET到的KEY值 $key_check = inject_check($key); $result = mysqli_query($con, "SELECT * FROM sd_file\nWHERE key1='{$key}'"); while ($row = mysqli_fetch_assoc($result)) { $ming = $row['ming']; $zhuangtai = $row['cishuo']; $policyId = $row['policyid']; $uploadUser = $row['upuser']; $array = explode(".", $ming); //分割文件名 $filetype = end($array); //获取文件扩展名 } $results = mysqli_query($con, "SELECT * FROM sd_policy where id = {$policyId}"); while (@($row2 = mysqli_fetch_assoc($results))) { $serverUrl = $row2['p_url']; $fileSize = $row2['p_size']; $fileDir = $row2['p_dir']; $autoName = $row2['p_autoname']; $nameRule = $row2['p_namerule'];
<?php header("content-type:text/html;charset=utf-8"); error_reporting(E_ALL^E_NOTICE); echo '<link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">'; require_once("../include.php"); $act=$_GET['act']; if($act=="login"){ $username=inject_check($_POST['username']); $userpass=md5(inject_check(($_POST['userpass']))); $sql="select * from dw_user where username='******' and userpass='******'"; $row=fetchOne($sql); if($row){ session_start(); $_SESSION['username']=$row['username']; echo '<div class="alert alert-success" role="alert">登录成功!<a href="index.php">进入后台</a>!</div>'; } else { echo '<div class="alert alert-danger" role="alert">登录失败!<a href="login.php">重新登录</a>!</div>'; } } //添加分类 if($act=="addclass"){ addclass(); } //添加文章 if($act=="addarticle"){
function returnResponse($code, $desc) { echo json_encode(array("errorcode" => $code, "errmsg" => $desc)); exit; } if ($_SERVER['REQUEST_METHOD'] != "POST") { returnResponse(40002, "method is not correct"); } else { try { $content = file_get_contents('php://input'); $json = json_decode($content); $uid = $json->uid; $username = $json->username; $message = $json->message; $wallid = $json->wallid; if (inject_check($uid) || inject_check($message) || inject_check($wallid)) { returnResponse(40001, "system is busy 05"); } else { $Query = $_SGLOBAL['db']->query("SELECT uid,wallname,`check` FROM " . tname('wall') . " WHERE id = '{$WallId}' "); if ($Value = $_SGLOBAL['db']->fetch_array($Query)) { $apply = $Value['uid']; $check = $Value['check']; $WallTitle = $Value['wallname']; } $isfounder = ckfounder($uid); if ($check || $isfounder || $uid == 144 || $uid == $apply) { $pass = 1; } $setarr = array('uid' => $uid, 'pass' => 1, 'username' => $username, 'message' => $message, 'wallid' => $wallid, 'ip' => 'weixin', 'timeline' => $_SGLOBAL['timestamp'], 'fromdevice' => 'wechat'); //入库 $newwallid = inserttable('wallfield', $setarr, 1);
} } if ($inject_chk) { $i = 0; $Ary =& $_POST; foreach ($Ary as $AryKey[$i] => $a[$i]) { if (inject_check($a[$i])) { msgurlbox("", $web_error_url . "?category=input_error"); exit; } $i++; } $i = 0; $Ary =& $_GET; foreach ($Ary as $AryKey[$i] => $a[$i]) { if (inject_check($a[$i])) { msgurlbox("", $web_error_url . "?category=input_error"); exit; } $i++; } } //語系相關函式======================================================= function build_language_list($obj_id, $onchange, $empty, $select_value) { //建立語系下拉 $lg1 = explode(",", web_language_text()); $lg2 = explode(",", web_language_value()); if ($obj_id == "") { $obj_id = "language"; }
public function index() { inject_check($_GET['typeid']); inject_check($_GET['p']); //读取数据库&判断 $type = M('type'); $list = $type->where('typeid=' . intval($_GET['typeid']))->field('typename,fid,keywords,description,islink,url')->find(); if (!$list) { alert('栏目不存在!', __APP__); } if ($list['islink'] == 1) { Header('Location:' . turl($list['url'])); } //栏目基本信息封装 $this->assign('type', $list); //栏目导航 $config = F('basic', '', './Web/Conf/'); if ($config['listshowmode'] == 1) { $map['fid'] = $list['fid']; } else { $map['fid'] = $_GET['typeid']; } $map['islink'] = 0; $nav = $type->where($map)->field('typeid,typename')->select(); $this->assign('dh', $nav); //第一次释放内存 unset($list, $nav, $map); //网站头部 R('Public', 'head'); //查询数据库和缓存 $article = D('ArticleView'); //封装条件 $map['status'] = 1; //导入分页类 import('@.ORG.Page'); //准备工作 $data['fid'] = $_GET['typeid']; $tlist = $type->where($data)->field('typeid')->select(); foreach ($tlist as $v) { $arr[] = $v['typeid']; } $arr[] = $_GET['typeid']; $map['article.typeid'] = array('in', $arr); //分页处理 $count = $article->where($map)->count(); $p = new Page($count, $config['artlistnum']); $p->setConfig('prev', '上一页'); $p->setConfig('header', '篇文章'); $p->setConfig('first', '首 页'); $p->setConfig('last', '末 页'); $p->setConfig('next', '下一页'); $p->setConfig('theme', "%first%%upPage%%linkPage%%downPage%%end%\n\t\t<li><span><select name='select' onChange='javascript:window.location.href=(this.options[this.selectedIndex].value);'>%allPage%</select></span></li><li><span>共<font color='#CD4F07'><b>%totalRow%</b></font>篇文章" . $config['artlistnum'] . "篇/每页</span></li>"); //数据查询 $alist = $article->where($map)->order('addtime desc')->limit($p->firstRow . ',' . $p->listRows)->select(); //封装变量 $this->assign('page', $p->show()); $this->assign('list', $alist); //释放内存 unset($article, $type, $p, $tlist, $alist); //模板输出 $this->display(TMPL_PATH . $config['sitetpl'] . '/article_list.html'); }
if_get('/', function () { not_found(); }); if_post('/Login.json', function () { is_api(); $json = file_get_contents('php://input'); $jsonarray = json_decode($json, true); $username = $jsonarray["username"]; $password = $jsonarray["password"]; if (empty($username)) { die(ErrorCode::CODE("1004")); } if (empty($password)) { die(ErrorCode::CODE("1005")); } if (inject_check($username)) { die(ErrorCode::CODE("1006")); } $data = array("username" => $username, "password" => $password); $info = UserLogin($data); die($info); }); if_post("/Encrypt.json", function () { is_api(); $json = file_get_contents('php://input'); $jsonarray = json_decode($json, true); $userinfo = GetUserinfoJson($jsonarray['token']); $md5 = md5($userinfo['username'] . $userinfo['id'] . $userinfo['create_at'] . $userinfo['create_ip'] . $jsonarray['key']); $key = Crypt3Des::encrypt($jsonarray['pass'], $md5); $md5Key = MD5($key); $md5Key = base64_encode($md5Key . $md5Key . $md5Key);
public function search() { if (empty($_POST['k'])) { alert('请输入关键字!', 1); } inject_check($_GET['k']); inject_check($_GET['p']); //网站头部 R('Public', 'head'); //查询数据库准备 $config = F('basic', '', './Web/Conf/'); $article = M('article'); $map['status'] = 1; $keyword = $_POST['k']; $map['title'] = array('like', '%' . $keyword . '%'); //导入分页类 import('@.ORG.Page'); //分页相关配置 $count = $article->where($map)->count(); $p = new Page($count, 20); $p->setConfig('prev', '上一页'); $p->setConfig('header', '篇文章'); $p->setConfig('first', '首 页'); $p->setConfig('last', '末 页'); $p->setConfig('next', '下一页'); $p->setConfig('theme', "%first%%upPage%%linkPage%%downPage%%end%\n\t\t<li><span><select name='select' onChange='javascript:window.location.href=(this.options[this.selectedIndex].value);'>%allPage%</select></span></li><li><span>共<font color='#CD4F07'><b>%totalRow%</b></font>篇文章 20篇/每页</span></li>"); //查询数据库 $prefix = C('DB_PREFIX'); $list = $article->join('left join ' . $prefix . 'type on ' . $prefix . 'article.typeid=' . $prefix . 'type.typeid')->where($map)->field("aid,title,addtime," . $prefix . "article.typeid as typeid,typename")->limit($p->firstRow . ',' . $p->listRows)->order("addtime desc")->select(); //echo $article->getLastSql(); 验证sql //封装变量 $this->assign('list', $list); $this->assign('num', $count); $this->assign('page', $p->show()); $this->assign('keyword', $keyword); //模板输出 $this->display(TMPL_PATH . $config['sitetpl'] . '/search.html'); }
!$db && ($db = new DB($mysql['server'], $mysql['username'], $mysql['password'], $mysql['database'])); //hooker function_exists('lz_on_after_db') && lz_on_after_db(); //define directories !defined('LZ_LANGUAGE_DIR') && define('LZ_LANGUAGE_DIR', 'language/' . $config['template'] . '/'); !defined('LZ_CONTROLLER_DIR') && define('LZ_CONTROLLER_DIR', 'controller/'); !defined('LZ_VIEWER_DIR') && define('LZ_VIEWER_DIR', 'view/' . $config['template'] . '/'); !defined('LZ_VIEWER_EXT') && define('LZ_VIEWER_EXT', 'html'); $_header_type = LZ_MODULE != 'wap' ? 'html' : 'vnd.wap.wml'; //get system root path $_system_folder = dirname(__FILE__); $_system_folder = str_replace("\\", "/", $_system_folder); !defined('LZ_BASEPATH') && define('LZ_BASEPATH', $_system_folder . '/'); !defined('LZ_TOPPATH') && define('LZ_TOPPATH', preg_replace('/\\/lz_system\\/?$/', '/', $_system_folder)); //get main controller $p = inject_check($_GET['p']); $_page = $p ? $p : 'index'; $_page = preg_replace('/[^a-zA-Z0-9_]/', '', $_page); define('LZ_CONTROLLER', $_page); $_controller = $_page . '.php'; $_viewer = $_page . '.' . LZ_VIEWER_EXT; //auto load language file which has the same name as the main controller $_language_dir = LZ_LANGUAGE_DIR . LZ_LANGUAGE . '/'; $_preload['language'][] = $_page; //load files defined in $_preload foreach ($_preload as $_fpath => $_files) { if ($_fpath == 'controller') { continue; } foreach ($_files as $_fname) { $_filename = $_fpath . '/' . $_fname;
public function index() { if (!isset($_GET['aid'])) { alert('非法操作', __APP__); } inject_check($_GET['aid']); inject_check($_GET['p']); //读取数据库和缓存 $article = M('article'); $config = F('basic', '', './Web/Conf/'); //相关判断 $alist = $article->where('aid=' . intval($_GET['aid']))->find(); if (!$alist) { alert('文章不存在或已删除!', __APP__); } if ($alist['islink'] == 1) { Header('Location:' . $alist['linkurl']); } if ($alist['status'] == 0) { alert('文章未审核!', __APP__); } //网站头部 R('Public', 'head'); //统计处理 if ($alist['status'] == 1) { $map['hits'] = $alist['hits'] + 1; $article->where('aid=' . $_GET['aid'])->save($map); } //注销map unset($map); $alist['hits'] += 1; //关键字替换 $alist['content'] = $this->key($alist['content']); //鼠标轮滚图片 if ($config['mouseimg'] == 1) { $alist['content'] = $this->mouseimg($alist['content']); } //文章内分页处理 if ($alist['pagenum'] == 0) { //手动分页 $alist['content'] = $this->diypage($alist['content']); } else { //自动分页 $alist['content'] = $this->autopage($alist['pagenum'], $alist['content']); } //文章内投票 $this->vote($alist['voteid']); //心情投票 $url = __ROOT__; //用于心情js的根路径变量 $this->assign('url', $url); //文章上下篇 $map['status'] = 1; $map['typeid'] = $alist['typeid']; $map['addtime'] = array('lt', $alist['addtime']); $up = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find(); //dump($article->getLastsql()); if (!$up) { $updown = '上一篇:<span>无</span>'; } else { $up['title'] = msubstr($up['title'], 0, 20, 'gb2312'); $updown = '上一篇:<span><a href="' . U('articles/' . $up['aid']) . '">' . $up['title'] . '</a></span>'; } $map['addtime'] = array('gt', $alist['addtime']); $down = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find(); if (!$down) { $updown .= '下一篇:<span>无</span>'; } else { $dowm['title'] = msubstr($down['title'], 0, 20, 'gb2312'); $updown .= '下一篇:<span><a href="' . U('articles/' . $down['aid']) . '">' . $down['title'] . '</a></span>'; } $this->assign('updown', $updown); //释放相关内存 unset($updown, $up, $down, $map); //相关文章 $map['status'] = 1; $keywords = explode(",", $alist['keywords']); foreach ($keywords as $k => $v) { if ($k == 0) { $map['_string'] = "(keywords like '%{$v}%')"; } else { $map['_string'] = " OR (keywords like '%{$v}%')"; } } $klist = $article->where($map)->field('aid,title')->limit(6)->select(); //封装变量 $this->assign('keylist', $klist); $this->assign('article', $alist); //释放内存 unset($article, $alist, $klist, $map); //模板输出 $this->display(TMPL_PATH . $config['sitetpl'] . '/article_article.html'); }
* User: yzj * Date: 2015/12/10 * Time: 17:11 */ require_once "connect.php"; session_start(); if ($_GET['act'] == "check") { $xuehao = $_GET['xuehao']; $sql = "select * from user where xuehao='{$xuehao}'"; $query = mysql_query($sql); $cnt = mysql_num_rows($query); echo $cnt; } else { $xuehao = inject_check($_POST['xuehao']); $username = inject_check($_POST['username']); $nicheng = inject_check($_POST['nicheng']); $password = md5(inject_check($_POST['password'])); $sql = "insert into user (xuehao, username, nicheng, password) VALUES ('{$xuehao}','{$username}', '{$nicheng}', '{$password}' )"; $query = mysql_query($sql); //$cnt=mysql_num_rows($query,$conn); $user_id = mysql_insert_id(); if ($user_id) { echo "<script>alert('注册成功!');window.location.href='index.php'</script>"; } else { echo "error!"; } $_SESSION['username'] = $username; $_SESSION['nicheng'] = $nicheng; $_SESSION['xuehao'] = $xuehao; $_SESSION['user_id'] = $user_id; }
<?php $key1 = ""; $key1 = $_POST['key']; require_once "../config.php"; //引入配置文件 require_once 'function.php'; //引入函数库 require_once 'connect.php'; require_once "qiniu/rs.php"; date_default_timezone_set("Asia/Shanghai"); //设置时区 error_reporting(0); //设置错误级别0 $keyp = inject_check($key1); //检查sql注入 if ($keyp == "bad") { exit; } $ju = "SELECT * FROM sd_file where key1 ='{$key1}'"; $result = mysqli_query($con, $ju); //获取数据 while ($row = mysqli_fetch_assoc($result)) { $ming = $row['ming']; $policyId = $row['policyid']; } $results = mysqli_query($con, "SELECT * FROM sd_policy where id = {$policyId}"); while (@($row3 = mysqli_fetch_assoc($results))) { $policyType = $row3['p_type']; $serverUrl = $row3['p_server']; $fileDir = $row3['p_dir'];
function verify_id($id=null) { if (!$id) { exit('没有提交参数!'); } elseif (inject_check($id)) { exit('提交的参数非法!'); } elseif (!is_numeric($id)) { exit('提交的参数非法!'); } $id=intval($id); return $id; }
<?php if (isset($_GET['Submit'])) { // Retrieve data $id = inject_check($_GET['id']); $getid = "SELECT first_name, last_name FROM users WHERE user_id = {$id}"; $result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>'); $num = mysql_numrows($result); $i = 0; while ($i < $num) { $first = mysql_result($result, $i, "first_name"); $last = mysql_result($result, $i, "last_name"); $html .= '<pre>'; $html .= 'ID: ' . $id . '<br>First name: ' . $first . '<br>Surname: ' . $last; $html .= '</pre>'; $i++; } } function inject_check($str) { //防注入函数开始 $check = preg_match('/select|order|insert|update|eval|document|delete|injection|jection|link|\'|\\%|\\/\\*|\\*|\\.\\.\\/|\\.\\/|\\,|\\.|--|\\"|and|or|from|union|into|load_file|outfile|<script>/', $str); if ($check) { echo "<script>alert('Filtered!!!');window.history.go(-1);</script>"; exit; } else { return $str; } }
<?php require_once "config.php"; //基础配置文件 require_once 'includes/function.php'; //函数库 require_once 'includes/connect.php'; require_once 'includes/smarty.inc.php'; //smarty模板配置 require_once 'includes/userShell.php'; error_reporting(0); //设置错误级别0 $share_key = $_GET['k']; $share_c = inject_check($share_key); if ($share_c == "bad") { exit; } session_start(); $result = mysqli_query($con, "SELECT * FROM sd_setting"); //获取数据 while ($row = mysqli_fetch_assoc($result)) { $tit = $row['main_tit']; $theme = $row['theme']; $des = $row['desword']; $kw = $row['keyword']; $tjcode = $row['tjcode']; $share = $row['share']; $url = $row['zzurl']; } if ($share == "false") { echo '<script>document.location="views/error.php";</script>';
function qqupdate() { $username = remove_xss(inject_check($_POST['username'])); $userpwd = remove_xss($_POST['userpwd']); $qid = remove_xss($_POST['qid']); $icon = remove_xss($_POST['icon']); if ($username == '' || $userpwd == '' || $qid == '') { $this->error('请输入用户名和密码?'); exit; } $info = M('member')->where("username='******' and is_lock=0")->find(); if (!$info) { $this->error('用户不存在或已经禁止登陆!'); } else { if ($info['userpwd'] != md5($userpwd)) { $this->error('密码错误,绑定失败!'); } else { $_SESSION['dami_uid'] = $info['id']; $_SESSION['dami_username'] = $info['username']; $_SESSION['dami_usericon'] = $icon; $_SESSION['dami_uservail'] = get_field('member_group', 'group_id=' . $info['group_id'], 'group_vail'); if ($info['icon'] == '') { M('member')->where("username='******' and is_lock=0")->setField(array('qid', 'icon'), array($qid, $icon)); } else { M('member')->where("username='******' and is_lock=0")->setField('qid', $qid); } if (!empty($_REQUEST['lasturl'])) { $this->assign('jumpUrl', urldecode(htmlspecialchars($_REQUEST['lasturl']))); } else { $this->assign('jumpUrl', U('Member/main')); } $this->success('绑定成功,正在登陆~'); } } }
require_once 'function.php'; //引入函数库 require_once 'connect.php'; date_default_timezone_set("Asia/Shanghai"); //设置时区 error_reporting(0); //设置错误级别0 $pw = $_POST["password"]; $um = $_POST["username"]; if ($pw == "" || $um == "") { echo "bad.1.用户名或密码不能为空"; exit; } $re = inject_check($pw); //检查sql注入 $re1 = inject_check($um); //检查sql注入 if ($re == "bad" || $re1 == "bad") { exit; } $sql = "select * from sd_user where `username` = '{$um}'"; $query = mysqli_query($con, $sql); $us = is_array($row = mysqli_fetch_assoc($query)); $ps = $us ? md5($pw . "sdshare") == $row[pwd] : FALSE; if ($ps) { $_SESSION[id] = $row[id]; $_SESSION[user_shell] = md5($row[username] . $row[pwd] . "sdshare"); echo "ok.2.登陆成功"; } else { echo "bad.1.用户名或密码错误"; }
<?php require_once "../module/config.php"; if ($_POST["type"] != "login") { setcookie("root", "", time() + $t_diff - 86400); } elseif ($_POST["type"] == "login") { if (strtolower($_POST["chknum"]) == strtolower($_SESSION["string"])) { if (inject_check($_POST["u_id"]) || inject_check($_POST["u_password"])) { msgurlbox("登入帳號密碼錯誤!", "index.php"); exit; } //如果忘記密碼就把mysql裡的admin資料表u_password欄位改成202cb962ac59075b964b07152d234b70,即可用密碼123登入 $query = "select * from `admin` where `u_id`='" . $_POST["u_id"] . "' and `u_password`='" . $_POST["u_password"] . "'"; $result = mysql_query($query); $row = mysql_fetch_array($result); if ($row == "") { msgurlbox("登入帳號密碼錯誤!", "index.php"); exit; } else { $w = false; $ckvalue = $row["num"]; //記錄流水號 $ckvalue .= "|" . $row["u_id"]; //記錄帳號 $ckvalue .= "|" . urlencode($row["u_name"]); //記錄使用者 $time = date("Y-m-d H:i:s", time() + $t_diff); $ckvalue .= "|" . $time; //記錄登入時間 $query2 = "select * from admin_group where u_power=" . $row["u_power"] . ""; $result2 = mysql_query($query2);