CUMTCTF-寒假赛出题web1源码与构思

最新推荐文章于 2024-03-10 22:09:21 发布

flying_bird2019

最新推荐文章于 2024-03-10 22:09:21 发布

阅读量142

点赞数

本文链接：https://blog.csdn.net/flying_bird2019/article/details/113529667

版权

这道题的思路是借鉴飘零学长的博客
参考
在ezsqli revenge的思路下自己实现了代码，并且加入了一些新的构思，题解请看另一篇博客

connect.php

<?php
error_reporting(0);
 $server="localhost";//主机
 $db_username="web1";//你的数据库用户名
 $db_password="web1";//你的数据库密码

 $con2 = mysql_connect("localhost", "web1","web1");

 mysql_select_db('This_true',$con2);
 if(!$con2){
    die("can't connect".mysql_error());//如果链接失败输出错误
   }
 
 $con = mysql_connect($server,$db_username,$db_password);//链接数据库
 if(!$con){
  die("can't connect".mysql_error());//如果链接失败输出错误
 }
  
 mysql_select_db('web1',$con);

?>

index.html

<!doctype html>
<html lang="en">
 <head>
  <meta charset="UTF-8">
  <title>用户注册页面</title>
 </head>
 <body>
  <form action="signup.php" method="post">
   <p>用户名:<input type="text" name="name"></p>
   <p>密 码: <input type="text" name="password"></p>
   <p><input type="submit" name="submit" value="注册"></p>
  </form>
 </body>
</html>

login.html

<!doctype html>
<html lang="en">
 <head>
  <meta charset="UTF-8">
  <title>登陆</title>
 </head>
 <body>
  <form name="login" action="login.php" method="post">
    <p>用户名<input type=text name="name"></p>
    <p>密 码<input type=text name="password"></p>
    <p><input type="submit" name="submit" value="登录"></p>
   </form>
 </body>
</html>

login.php

<?PHP
 header("Content-Type: text/html; charset=utf8");
 error_reporting(0);
 if(!isset($_POST["submit"])){
  exit("错误执行");
 }//检测是否有submit操作 
 
 include('connect.php');//链接数据库
 $name = substr(mysql_real_escape_string($_POST['name']),0,30);//post获得用户名表单值
 $passowrd = mysql_real_escape_string($_POST['password']);//post获得用户密码单值


 $list=array(" ","or","select","and","union");
 $passowrd=str_ireplace($list,"",$passowrd);
 $count=20;
 $list2=array("delete","insert","update");
 while($count!=0){
    
    $passowrd=str_ireplace($list2,"",$passowrd);
    $count-=1;
 }

 if ($name && $passowrd){//如果用户名和密码都不为空
    $sql = "select * from web1.user where username = '$name' and password='$passowrd'";//检测数据库是否有对应的username和password的sql
    //echo $sql;
    $result = mysql_query($sql);//执行sql
    $rows=mysql_num_rows($result);//返回一个数值
    if($rows){//0 false 1 true
        $row = mysql_fetch_assoc($result);
        echo "hello,your password is ".$row['password'];
     //header("refresh:0;url=welcome.html");//如果成功跳转至welcome.html页面
     exit;
    }else{
    echo "用户名或密码错误";
    echo "
     <script>
       setTimeout(function(){window.location.href='login.html';},1000);
     </script>
 
    ";//如果错误使用js 1秒后跳转到登录页面重试;
    }
     
 
 }else{//如果用户名或密码有空
    echo "表单填写错误";
    echo "
      <script>
       setTimeout(function(){window.location.href='login.html';},1000);
      </script>";
 
      //如果错误使用js 1秒后跳转到登录页面重试;
 }
 
 mysql_close();//关闭数据库

?>

signup.php

<?php 
 header("Content-Type: text/html; charset=utf8");
 include('connect.php');//链接数据库
 error_reporting(0); 
 
 if(!isset($_POST['submit'])){
  exit("错误执行");
 }//判断是否有submit操作
 
 $name= mysql_real_escape_string($_POST['name']);//post获取表单里的name
 $password= mysql_real_escape_string($_POST['password']);//post获取表单里的password

//  $name=mysql_real_escape_string($name);
//  $password=mysql_real_escape_string($password);
 str_replace(' ','', $name);

 $q="insert into user(username,password) values ('$name','$password')";//向数据库插入表单传来的值的sql
 $reslut=mysql_query($q,$con);//执行sql
 if (!$reslut){
  echo "错误";//如果sql执行失败输出错误
 }else{
    // $sql="select username from user where password='$password'";        //从数据库表中选择name值；
    //         $res=mysql_query($sql);                              //执行从数据库返回的值；
    //         $data = mysql_fetch_array($res);

  echo "注册成功";//成功输出注册成功
  echo "hello, ".substr(mysql_real_escape_string($_POST['name']),0,30);
  echo "
  <script>

   setTimeout(function(){window.location.href='login.html';},5000);
  </script>";
  }
 mysql_close($con);//关闭数据库


?>