//2011-11-28 星期一 //程序员思想: www.2cto.com <? session_start(); $admin = $_POST['admin']; $pass = md5($_POST['pass']); $codes = $_POST['codes']; if($_GET['action'])...{ if($result=$db->Execute("select * from x_admin where a_admin='".$admin."'"))...{ if($rs=mysql_fetch_object($result))...{ if($rs->a_pws==$pass)...{ //略 else...{ echo "<script>alert('帐号错误!');location.href='Login.php';</script>"; } }*/ $sql="select * from xx_admin where adminuser='$admin'"; $result=$db->Execute($sql); //print_r ($result); if($admin==$result->fields[adminuser])...{ if($pass==$result->fields[adminpass])...{ $_SESSION['kgj_admin']=$admin; header("location:index.php"); }else...{ echo "<script>alert('密码错误')</script>"; } }else...{ echo "<script>alert('帐号错误')</script>"; } $_SESSION['kgj_admin']=$admin; //header("location:index.php"); } while(($authnum=rand()%10000)<1000); ?> //我们的思想: 随便输入帐号密码登录,然后访问后台。
摘自 http://hi.baidu.com/micropoor
查看更多关于Php安全新闻早8点(2011-11-28 星期一) - 网站安全的详细内容...