◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。
微信好友删除怎么找回好友和聊天记录(三种方法)
PHP Code复制内容到剪贴板
function login(
$lusername
,$lpassword
,$key,$lifetime
=0){
global
$set_username
,$set_password
,$set_loginauth
,$set_loginkey
;if(emptyempty(
$lusername
)||emptyempty($lpassword
)) {
printerror(
"EmptyLoginUser"
,"index.php"
);
}
//验证码
if(!
$set_loginkey
){
if($key
<>getcvar(
'checkkey'
)||emptyempty($key))
{
printerror(
"FailLoginKey"
,"index.php"
);
}
}
if(md5(
$lusername
)<>md5(
$set_username
)||md5($lpassword
)<>
$set_password
){
printerror(
"ErrorUser"
,"index.php"
);
}
//认证码
if(
$set_loginauth
&$set_loginauth
!=$_POST['loginauth'
])
{
printerror(
"ErrorLoginAuth"
,"index.php"
);
}
$logintime
=time();
$rnd
=make_password(12);
//生成随机字符
$s1
=esetcookie(
"bakusername"
,$lusername
,0);
$s2
=esetcookie(
"bakrnd",$rnd,0);//随机字符
$s3
=esetcookie(
"baklogintime"
,$logintime
,0);
Ebak_SCookieRnd(
$lusername
,$rnd);//if(!$s1||!$s2)
{
printerror(
"NotOpenCookie"
,"index.php"
);
}
printerror(
"LoginSuccess"
,"admin.php"
);
}
再看看make_password函数
PHP Code复制内容到剪贴板
function
make_password(
$pw_length
){
$low_ascii_bound
=50;
$upper_ascii_bound
=122;
$notuse=array(58,59,60,61,62,63,64,73,79,91,92,93,94,95,96,108,111);
while($i<
$pw_length
){
mt_srand((double)microtime()*1000000);
$randnum
=mt_rand(
$low_ascii_bound
,$upper_ascii_bound
);
if
(!in_array(
$randnum,$notuse))
{
$password1
=$password1
.chr($randnum);
$i
++;
}
}
return
$password1
;}
这个函数只是生成随机数,再看看Ebak_SCookieRnd函数
PHP Code复制内容到剪贴板
function
Ebak_SCookieRnd(
$username
,$rnd){
global
$set_loginrnd
;//$set_loginrnd为config.php里面的验证随机码
$ckpass
=md5(md5(
$rnd.$set_loginrnd
).'-'.$rnd.'-'.$username
.'-');//没有把密码加进去,于是漏洞产生了
esetcookie(
"loginebakckpass"
,$ckpass,0);
延伸阅读
- 搜索
- 标签列表
-