由于我不是Php程序员,我不得不问你,我必须挑战调查目前受到攻击的一些来源.它的一些本地新闻网站内有自定义cms.它的phg mysql在共享linux主机环境下.
admin在登录表单中输入凭据时注册,这些凭据在db中检查如下:
<?php
session_start();
include 'db.php';
$connection = mysql_connect($dbHost, $dbUser, $dbPass) or die(mysql_error());
mysql_select_db($dbName, $connection) or die(mysql_error());
$queryString = "SELECT * FROM `Admins` WHERE `username` = '$user_name' AND password='$password'";
$safeSelect = mysql_real_escape_string($queryString);
$query = "SELECT * FROM `Admins`
WHERE `username` = '$user_name' AND password='$password'";
$result = mysql_query($query, $connection) or die('error making query');
$affected_rows = mysql_num_rows($result);
if($affected_rows == 1) {
//add the user to our session variables
$_SESSION['username'] = $user_name;
header("Location: http://www.mysite.com/admin/index.php");
exit;
//print 'allowed';
}
else {
print 'access is not allowed !!!';
}
?>
Auth.php
<?php
session_start();
include 'db.php';
if (empty($_SESSION['username'])) {
die('to access these page you have to be registered user.
<a href="/admin/login.php">log in</a>');
}
?>
此会话var用于整个管理区域以识别注册用户.管理员用户编辑并创建新的内容,例如edit.php
<?php
session_start();
include '/admin/db.php';
include '/admin/auth.php';
ini_set("display_errors", 1);
error_reporting(E_ALL);
$dbcnx = mysql_connect('localhost', $dbUser, $dbPass);
mysql_select_db($dbName);
if (isset($_POST['submit'])):
// content will be updated with these
$id = $_POST['id'];
$cats = $_POST['cats'];
$newstext = $_POST['newstext'];
$sql = "UPDATE `News` SET
`NewsText`='$newstext',
`AID`='$aid',
`imgID`='$imgID'
WHERE `ID`='$id'";
if (mysql_query($sql)) {
echo('<p><b>content is succ. updated</b></p>');
} else {
die('<p>Error occured when updating content: ' .
mysql_error() . '</p>');
}
else: // Allow user to edit content using ID=$id
/* $aid = $_GET['aid']; */
if (isset($_GET['id'])) {
if (is_numeric($_GET['id']) == FALSE) {
echo "<h1>Page is not found</h1>";
session_destroy();
return;
}
$id = $_GET['id'];
}
$row = @mysql_query("SELECT `NewsText`, `Title`, `AID`, `imgID` FROM `News` WHERE `ID`='$id'");
if (!$row) {
die('<p>Db error: ' .
mysql_error() . '</p>');
}
$row = mysql_fetch_array($row);
$newstext = $row['NewsText'];
$text = $row ['Title'];
$authid = $row ['AID'];
$imgID = $row ['imgID'];
$newstext = htmlspecialchars($newstext);
//ommitting html form
?>
基本上我想问一下这里有一些安全问题.
找到解决方案 http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
直接蝙蝠,看起来这里有一个SQL注入问题.POST请求直接进入SQL查询,允许有特制POST请求的人在服务器上执行任何查询...
可能值得一看......
希望有所帮助