*<?php session_start(); header(‘Content-Type:text/html;charset=utf-8′); //登录验证 include_once’xyconn.php’; if(strtolower($_POST["checkcode"])==strtolower($_SESSION["randval"])){ unset($_SESSION["randval"]);//释放session中的变量 }else{ $errs=] HdhCmsTest2cto测试数据 验证码输入有误!]; unset($_SESSION["randval"]); } if(isset($_POST["m_name"]) && isset($_POST["m_pwd"]) && isset($_POST["checkcode"])){ $m_name=$_POST["m_name"]; $m_pwd=md5($_POST["m_pwd"]); $sql=]select * from manage_user where m_name=’].$m_name.]‘ and m_pwd=’].$m_pwd.]‘]; //问题大了 $result=mysql_query($sql); if(!mysql_num_rows($result)==0){ $_SESSION["m_name"] = $m_name; }else{ $errs=$errs.]帐号和密码有误!]; } } if($errs){ echo $errs; echo [<a href=’index.php’>请返回重新登陆!</a>]; exit; }else{ echo [<script language=’javascript’>]; echo [alert(‘恭喜您,登陆成功!’);]; echo [location=’xycms.php’;]; echo [</script>]; }?> HdhCmsTest2cto测试数据提供修复 加强验证 作者:暗月式(戈雅 渗透 小组)HdhCmsTestmoonhack.org
查看更多关于XYCMS后台登录漏洞及修复 - 网站安全 - 自学php的详细内容...