本人用PHP做了个网站,因为是初学,所以安全方面的东西都不懂。网站的后台页面代码都很简单,基本上都是从网上找的,后台功能也只有增删改,现在最怕的就是怕别人注入啊挂马之类的。这是网站网址 http://www.7tshare.com 如果哪位高手能发现有什么漏洞之类的,请一定要告诉我怎么防范啊。还有如果能顺利的进入到后台,请千万不要改里面的数据啊,我添加的很辛苦的。如果发现有什么能完善的地方,小弟万分感谢!
调试欢乐多
session_start();
//注销登录
if($_GET['action'] == "logout"){
unset($_SESSION['userid']);
unset($_SESSION['username']);
header("Location:login.html");
exit;
}//登录
if(!isset($_POST['submit'])){
exit('非法访问!');
}
$ad_user = htmlspecialchars($_POST['ad_user']);
$ad_pass = MD5($_POST['ad_pass']);//数据库连接
include('conn.php');//检测用户名及密码是否正确
$check_query = mysql_query("select adminid from Admin where ad_user='$ad_user' and ad_pass='$ad_pass' limit 1");
if($result = mysql_fetch_array($check_query)){
//登录成功
$_SESSION['username'] = $ad_user;
$_SESSION['userid'] = $result['adminid'];
header("Location:index.php");
die('Could not connect: ' . mysql_error());
exit;
} else {
header("Location:login.html");
}mysql_close($con)
?>
这是看有没登录<?php
session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html"; charset="utf-8" />
<title></title>
<link href="css/admin_dig.css" rel="stylesheet" type="text/css" />
<link href="css/common.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if(!isset($_SESSION['userid'])){
header("Location:login.html");
exit();
}
?>后台就这些需要验证的
安全方面得加强。
user:7tshbrf_bdmin_liujibndhfng007pass:b94d604b5dd13f6b9970db8f4870db58date:2011-11-27 12:33:[email protected]_db
bdmin
bdminid,bd_usfr,bd_pbss,bd_dbtfFilm
FilmID,fi_nbmf,fi_f_nbmf,fi_bgf,fi_doun,fi_dbtf,fi_lbng,fi_sub,fi_rfs,fi_sizf,fi_timf,fi_dirf,fi_dbst,fi_intro,fi_pid_100_80,fi_pid_380_320,fi_pid_400_480,fi_sdr_1,fi_sdr_2,fi_sdr_3,fi_dow_rmvb,fi_dow_720,fi_dow_1080,fi_dow_sizf,fi_indfx_show,fi_dbtf
Gbmf
GbmfID,gb_nbmf,gb_f_nbmf,gb_dbtf,gb_lbng,gb_sizf,gb_dom,gb_bgf,gb_intro,gb_pid_100_80,gb_pid_380_320,gb_pid_400_480,gb_sdr_1,gb_sdr_2,gb_sdr_3,gb_dow,gb_dow_dvdpbtdh,gb_dow_spfbkpbtdh,gb_indfx_show,gb_dbtf
Musid
MusidID,mu_nbmf,mu_sing,mu_lbng,mu_bgf,mu_sizf,mu_dbtf,mu_timf,mu_pid_85_85,mu_dow,mu_indfx_show,mu_dbtf