算是信息安全课程的作业吧,我们组选择了制作一个CTF的平台,不过本人html的功底确实不怎么好,只好把IDF实验室的界面照搬过来了。。。
只有两天时间,加上只有我一个人在做,所以只实现了基本功能,代码聚合度不高,很多代码都重复写了,没时间优化,也没做安全方面的保护,暂时凑合着看吧。。。
首先是数据库,这个是最核心的东西,不过本人数据库比较菜,所以没有进行很好的设计,将就着看吧
先是创建4张表,表结构如下:
doit表:
用来存储用户答题状况,userID对应用户表中用户帐号,questionID对应问题表中问题帐号,ishit表示是否提示过,errNum表示错误次数,isget表示用户是否回答出这个问题
question表:
这张表就不用解释了吧,看名字就知道了
rank表:
这张表用来存储用户得分情况,questionnum表示用户总分,getNum表示用户答对题数
users表:
这张表也不用讲了,看名字吧。。
OK,表完成了,开始上代码
create_code.php:
<?php
session_start();
//生成验证码图片
header("Content-type: image/png");
// 全数字
$str = "1,2,3,4,5,6,7,8,9,a,b,c,d,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z"; //要显示的字符,可自己进行增删
$list = explode(",", $str);
$cmax = count($list) - 1;
$verifyCode = '';
for ( $i=0; $i < 5; $i++ ){
$randnum = mt_rand(0, $cmax);
$verifyCode .= $list[$randnum]; //取出字符,组合成为我们要的验证码字符
}
$_SESSION[code] = $verifyCode; //将字符放入SESSION中
$im = imagecreate(100,35); //生成图片
$black = imagecolorallocate($im, 0,0,0); //此条及以下三条为设置的颜色
$white = imagecolorallocate($im, 255,255,255);
$gray = imagecolorallocate($im, 200,200,200);
$red = imagecolorallocate($im, 255, 0, 0);
imagefill($im,0,0,$white); //给图片填充颜色
//将验证码绘入图片
imagestring($im, 9, 20, 8, $verifyCode, $black); //将验证码写入到图片中
for($i=0;$i<50;$i++) //加入干扰象素
{
imagesetpixel($im, rand(0,100) , rand(0,35) , $black); //加入点状干扰素
imagesetpixel($im,rand(0,100),rand(0,35),$red);
imagesetpixel($im, rand(0,100) , rand(0,35) , $gray);
//imagearc($im, rand(0,100), rand(0,35), 20, 20, 75, 170, $black); //加入弧线状干扰素
//imageline($im, rand(0,100), rand(0,35), rand(0,100), rand(0,35), $red); //加入线条状干扰素
}
imagepng($im);
imagedestroy($im);
?>
<?
if($_SESSION[userID]==null){
echo "<div class='userlogin'>
求注册,求登录!
<div class='message'>
<a style='border-right:1px solid #F5F2F2' href='regist.php'>注 册</a>
<a href='login.php'>登 录</a>
</div>
</div>";
}
else{
$q = "SELECT userName,questionnum,getNum,loglast FROM users,rank where users.userID=rank.userID and users.userID=".$_SESSION[userID];
$rs = mysql_query($q, $dbh);
if(!$rs){
echo "<div class='userlogin'>
求注册,求登录!
<div class='message'>
<a style='border-right:1px solid #F5F2F2' href='regist.php'>注 册</a>
<a href='login.php'>登 录</a>
</div>
</div>";
}
while($row = mysql_fetch_assoc($rs)) {
echo "<div class='userinfo'>
<div class='personalDetails'>
<img src='jsandcss/100.jpg' class='headicon'> <ul class='jiben'>
<li>昵称:$row[userName]</li>
<li>得分:$row[questionnum](<a>共解$row[getNum]题</a>)</li>
</ul>
</div>
<div class='message'>
<a style='border-right:1px solid #F5F2F2' href='#' target='_blank'>编 辑</a>
<a href='#'>消 息</a>
</div>
<div style='text-align:center;'>
<p>上次访问:$row[loglast]</p>
</div>
</div>";
}
}
?>
提示和回答的js:
<script>
function tips(){
$.post("echo.php", { ID: "<? echo "$id"?>", type: "tips" },
function (data){
alert(data);}
);
}
function posts(){
var anwser=document.getElementById("anwser").value;
$.post("echo.php", { ID: "<? echo "$id"?>", anwser: anwser },
function (data){
alert(data);window.location.reload();}
);
}
</script>
echo.php
<?php
session_start();
if($_SESSION[userID]==null){
echo "请先登录!";
}
else{
$ID=$_POST[ID];
$dbh = @mysql_connect("localhost:3306"," "," ");
mysql_query("set names 'utf8'",$dbh);
if(!$dbh){die("error");}
@mysql_select_db(" ", $dbh);
$type = $_POST['type'];
if($type=="tips"){
$q = "SELECT hit FROM question where questionID=".$ID;
$rs = mysql_query($q, $dbh);
while($row = mysql_fetch_assoc($rs)) {
echo "$row[hit]";
}
$q = "UPDATE doit SET ishit=1 where userID='$_SESSION[userID]' and questionID='$ID'";
$rs = mysql_query($q, $dbh);
}
else{
$answer = $_POST['anwser'];
$q = "SELECT answer FROM question where questionID=".$ID;
$rs = mysql_query($q, $dbh);
$answerreal;
while($row = mysql_fetch_assoc($rs)) {
$answerreal=$row[answer];
}
if("hctf{".$answerreal."}"==$answer){
$q = "SELECT number FROM question where questionID=".$ID;
$rs = mysql_query($q, $dbh);
$number;
while($row = mysql_fetch_assoc($rs)) {
$number=$row[number];
}
$q = "SELECT number FROM question where questionID='$ID'";
$rs = mysql_query($q, $dbh);
$number;
while($row = mysql_fetch_assoc($rs)) {
$number=$row[number];
}
$q = "select ishit,errNum FROM doit where userID='$_SESSION[userID]' and questionID='$ID'";
$rs = mysql_query($q);
$ishit;
$errNum;
while($row = mysql_fetch_assoc($rs)) {
$ishit=$row[ishit];
$errNum=$row[errNum];
}
$q = "update doit set isget='1' where userID='$_SESSION[userID]' and questionID='$ID'";
$rs = mysql_query($q);
$q = "select questionnum,getNum FROM rank where userID='$_SESSION[userID]'";
$rs = mysql_query($q);
$questionnum=0.0;
$getNum;
while($row = mysql_fetch_assoc($rs)) {
$questionnum=$row[questionnum];
$getNum=$row[getNum];
}
$getNum++;
if($ishit) $number/=2.0;
$number/=100.0;
$questionnum+=$number*(100.0-3.0*$errNum);
$q = "update rank set questionnum='$questionnum',getNum='$getNum' where userID='$_SESSION[userID]'";
$rs = mysql_query($q);
echo "恭喜你,答对了!";
}
else{
$q = "select errNum FROM doit where userID='$_SESSION[userID]' and questionID='$ID'";
$rs = mysql_query($q);
$errNum;
while($row = mysql_fetch_assoc($rs)) {
$errNum=$row[errNum];
}
$errNum++;
$q = "update doit set errNum='$errNum' where userID='$_SESSION[userID]' and questionID='$ID'";
$rs = mysql_query($q);
echo "sorry,答错了!";
}
}
}
?>
差不多上完了关键代码,上几张效果图向IDF致敬:
差不多了,基本上可以用了,不过还有很多模块没实现,到时候再说吧