今天我写了个验证码登录,希望大家看看我的验证码有什么错误?
源码:<?php
/*
Admin登陆
*/
include("conn.php");
session_start();
if($_POST[cehck]){
if($_POST[cehck]==$_SESSION[check_pc]){
md5("admin".ALL_PS);
if($_POST[submit]){
$username=$_POST['username'];
$sql="select * from user_list where username='$username'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
$ps=$us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;
if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
$_SESSION[times]=mktime();//登陆的时间
echo "<center><b><font color=red>登陆成功</font></b>";
}else{
echo "验证码及用户密码错误";
}}
}
}?><h1></h1>
<h2 align="center">管理员登陆</h2>
<center><form action="" method="post" name="myformn" onsubmit="return chekpost()">
管理员:<input type="text" name="username"/><br/>
密 码:<input type="password"size="21" name="password"/><br>
验证码: <input type="text" size="10" name="cehck"/><img src="che.php"><br>
<input type="submit" name="submit" value="提交"/>
<input type="reset" name="rest" value="重置"/
</form>
源码:<?php
/*
Admin登陆
*/
include("conn.php");
session_start();
if($_POST[cehck]){
if($_POST[cehck]==$_SESSION[check_pc]){
md5("admin".ALL_PS);
if($_POST[submit]){
$username=$_POST['username'];
$sql="select * from user_list where username='$username'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
$ps=$us ? md5($_POST[password].ALL_PS)==$row[password] : FALSE;
if($ps){
$_SESSION[uid]=$row[uid];
$_SESSION[user_shell]=md5($row[username].$row[password].ALL_PS);
$_SESSION[times]=mktime();//登陆的时间
echo "<center><b><font color=red>登陆成功</font></b>";
}else{
echo "验证码及用户密码错误";
}}
}
}?><h1></h1>
<h2 align="center">管理员登陆</h2>
<center><form action="" method="post" name="myformn" onsubmit="return chekpost()">
管理员:<input type="text" name="username"/><br/>
密 码:<input type="password"size="21" name="password"/><br>
验证码: <input type="text" size="10" name="cehck"/><img src="che.php"><br>
<input type="submit" name="submit" value="提交"/>
<input type="reset" name="rest" value="重置"/
</form>
有啥错?我想是你的SQL没有值吧
你是sql直接带入查询了
可以构造 sql注入。
给你添加一个 sql.php吧
function lib_replace_end_tag($str)
{
if (empty($str)) return false;
$str = htmlspecialchars($str);
$str = str_replace( '/', "", $str);
$str = str_replace("\\", "", $str);
$str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
$str = str_replace("<SCRIPT>", "", $str);
$str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str);
$str = str_replace("</script>", "", $str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("<br />",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("css","'",$str);
$str=str_replace("CSS","'",$str);
return $str;
}
1.养成好的习惯,数组的键名要加引号。
if($_POST["cehck"]==$_SESSION["check_pc"]){
2.注重效率
$sql="select * from user_list where username='$username'";
$query=mysql_query($sql);
$us=is_array($row=mysql_fetch_array($query));
改为
$sql="select * from user_list where username='$username' limit 1";
$query=mysql_query($sql);
$num = mysql_num_rows($query);
效率至少提高一倍
可以考虑使用 addslashes 或者 mysql_real_escape_string