zzcms8.2 admin 登录验证不通过修复 审计
sort命令
zzcms8.2 admin 登录验证不通过修复 审计
login.php
<?php include("../inc/config.php");define ("checkadminlogin","1");//当关网站时,如果是管理员登录时使链接正常打开?><html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><title></title><link href="style.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/test/zzcms8.2/js/jquery.js"></script><script>
$(function(){
$("#getcode_math").click(function(){
$(this).attr("src",'/test/zzcms8.2/one/code_math.php?' + Math.random());});});</script></head><body><p> </p><p> </p><table width="330" height="88" border="0" align="center" cellpadding="5" cellspacing="0"><tr> <td height="60" class="border" style="background:url('/test/zzcms8.2/image/zzcms-color.gif') 25px 0px no-repeat;background-color:#FFFFFF"> </td></tr><tr> <td align="right" class="border"> <form action="logincheck.php" method="post" name="form1" target="_top"><table width="100%" border="0" cellspacing="0" cellpadding="3"><tr> <td width="19%" height="25" align="right">管理员:</td><td width="81%"><input name="admin" type="text" id="admin" size="25" maxlength="255" style="width:200px;height:22px"></td></tr><tr> <td height="25" align="right">密码:</td><td height="25"><input name="pass" type="password" id="pass3" size="25" maxlength="255" style="width:200px;height:22px"></td></tr><tr> <td height="25" align="right" valign="bottom">答案:</td><td height="25" valign="bottom"><table width="100%" border="0" cellspacing="0" cellpadding="0"><tr> <td><input name="yzm" type="text" id="yzm" value="" size="10" maxlength="50" style="width:60px"/><img src="../one/code_math.php" id="getcode_math" title="看不清,点击换一张" align="absmiddle"> </td></tr></table></td></tr><tr> <td height="25"> </td><td height="25"><input type="submit" name="Submit" id="chk_math" value="登 录"></td></tr><tr align="right"> <td height="25" colspan="2"><?php echo zzcmsver ?> </td></tr></table></form></td></tr></table></body></html>
code_math.php
<?php if(!isset($_SESSION)){session_start();} getCode(100, 20);function getCode($w, $h) {$im = imagecreate($w, $h);//imagecolorallocate($im, 14, 114, 180); // background color$black1 = imagecolorallocate($im, 0, 0, 0);$white = imagecolorallocate($im, 255, 255, 255);$num1 = rand(1, 20);$num2 = rand(1, 20);$_SESSION['yzm_math'] = $num1 + $num2;$gray = imagecolorallocate($im, 118, 151, 199);$black = imagecolorallocate($im, mt_rand(0, 100), mt_rand(0, 100), mt_rand(0, 100));//画背景imagefilledrectangle($im, 0, 0, 100, 24, $black);//在画布上随机生成大量点,起干扰作用;for ($i = 0; $i < 80; $i++) {imagesetpixel($im, rand(0, $w), rand(0, $h), $gray);}imagestring($im, 5, 5, 4, $num1, $white);imagestring($im, 5, 30, 3, "+", $white);imagestring($im, 5, 45, 4, $num2, $white);imagestring($im, 5, 70, 3, "=", $white);imagestring($im, 5, 80, 2, "?", $white);header("Content-type: image/png");imagepng($im);imagedestroy($im);}session_write_close();?>
原因服务器没有保存session
php.ini session的存储位置
mkdir /tmp/www
sudo chmod -R 777 www
只有黑色
修改类型
sort
sort将文件的每一行作为一个单位,相互比较,比较原则是从首字符向后,依次按ASCII码值进行比较,最后将他们按升序输出。
[root@zhoucentos log]# cat seq
banana
apple
pear
orange
[root@zhoucentos log]# sort seq
apple
banana
orange
pear
sort的-u 选项它的作用很简单,就是在输出行中去除重复行。
[root@zhoucentos log]# cat seq
banana
apple
pear
orange
apple
pear
[root@zhoucentos log]# sort -u seq
apple
banana
orange
pear
sort的-n选项,你有没有遇到过10比2小的情况。我反正遇到过。出现这种情况是由于排序程序将这些数字按字符来排序了,排序程序会先比较1和2,显然1小,所以就将10放在2前面喽。这也是sort的一贯作风。
[root@zhoucentos log]# cat number
1
3
2
5
78
11
4
[root@zhoucentos log]# sort number
1
11
2
3
4
5
78
[root@zhoucentos log]# sort -n number
1
2
3
4
5
11
78
https://www.cnblogs.com/fulucky/p/8022718.html