Pet*_*lor 0 php mysql security login
我有以下登录脚本,我认为是安全的.但是,有人不断访问网站的管理部分并更改内容.
if(isset($_POST['submit'])) {
$error = false;
$user_login = stripslashes(strip_tags(htmlentities($_POST['user_login'])));
$pass_login = stripslashes(strip_tags(htmlentities($_POST['pass_login'])));
if(!empty($user_login) && !empty($pass_login)) {
$check_details=mysql_query("SELECT * FROM `admin` WHERE email='".$user_login."' AND password='".md5($pass_login)."'");
$status=mysql_num_rows($check_details);
if($status >= "1") {
$error = false;
$_SESSION['wmmadmin_loggedin'] = "1";
$_SESSION['wmmadmin_email'] = "".$user_login."";
header("Location: ./index.php");
}
if(!$status || $status == "0") {
$error = true;
echo "<div id=\"error\"><strong>Error!</strong><br />Login details were incorrect.</div>\n";
}
}
if(empty($user_login) || empty($pass_login)) {
$error = true;
echo "<div id=\"error\"><strong>Error!</strong><br />Enter your username and password.</div>\n";
}
}
在每个脚本的顶部都有一个函数调用:
function checkloggedin() {
if($_SESSION['wmmadmin_loggedin'] == "0" || $_SESSION['wmmadmin_loggedin'] !== "1" || $_SESSION['wmmadmin_email'] == "") {
header("Location: login.php");
exit;
}
}
我错过了什么吗?我需要阻止这些黑客!
谢谢皮特
MvG*_*MvG 11
有人可以发送以下内容user_login:
user_login="nobody' OR 1 OR email='nobody"
这将导致查询
… WHERE email='nobody' OR 1 OR email='nobody' AND password='…'
这被解释为
… WHERE email='nobody' OR 1 OR (email='nobody' AND password='…')
因为中间部分是真的(1对MySQL来说是真的),一切都是真的,并且授予访问权限.这是一种经典的SQL注入攻击.