مطلوب طريقة إغلاق ثغرة
SQL Injection
وهذا هو كود الصفحة بالكامل
ما المطلوب تغيره حتى يتم إغلاق الثغرة
كود PHP:
<?php require_once('../Connections/alriyadh.php'); ?><?phpif (!function_exists("GetSQLValueString")) {function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue;}}?><?php// *** Validate request to login to this site.if (!isset($_SESSION)) { session_start();}
$loginFormAction = $_SERVER['PHP_SELF'];if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck'];}
if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "Error.php"; $MM_redirecttoReferrer = true; mysql_select_db($database_alriyadh, $alriyadh); $LoginRS__query=sprintf("SELECT name, pass FROM users WHERE name=%s AND pass=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $alriyadh) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && true) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); }}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>دخول لوحة التحكم</title><link rel="stylesheet" type="text/css" href="../login/style.css" /><script type="text/javascript" src="../login/jquery-latest.min.js"></script><script src="../login/modernizr-latest.js"></script><script type="text/javascript" src="../login/placeholder.js"></script></head>
<body>
<div class="container"></div><form ACTION="<?php echo $loginFormAction; ?>" METHOD="POST" id="slick-login"><label for="username">username</label><input type="text" name="username" class="placeholder" placeholder="اسم المستخدم"><label for="password">password</label><input type="password" name="password" class="placeholder" placeholder="كلمة السر"><input type="submit" value="دخــول"></form></body></html>
رد مع اقتباس
