|
|
|
ช่วยดูหน้า Login หน่อยครับ โดนแฮคบ่อยจัง ควรแก้หรือเพิ่มเติมตรงไหนครับ |
|
|
|
|
|
|
|
Code (PHP)
<?php if (!isset($_SESSION)) { session_start(); }
if(!empty($_SESSION['watauserid'])){
header("Location: index.php");
exit();
}?>
<?php require_once('../Connections/conn.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
if($_POST['username']!=""){
$username= $_POST['username'];
$password =md5($_POST['password']);
mysql_select_db($database_conn, $conn);
$query_checklogin = "SELECT * FROM wata_user WHERE wata_user.username ='".$username."' AND wata_user.pass='".$password."' AND wata_user.user_status = 1";
$checklogin = mysql_query($query_checklogin, $conn) or die(mysql_error());
$row_checklogin = mysql_fetch_assoc($checklogin);
$totalRows_checklogin = mysql_num_rows($checklogin);
mysql_select_db($database_conn, $conn);
$query_user = "SELECT * FROM wata_user";
$user = mysql_query($query_user, $conn) or die(mysql_error());
$row_user = mysql_fetch_assoc($user);
$totalRows_user = mysql_num_rows($user);
if($totalRows_checklogin>0)
{
$_SESSION['watauserid']= $row_checklogin['userid'];
$_SESSION['wataname']= $row_checklogin['name'];
$_SESSION['watausertype']= $row_checklogin['usertype'];
/*
if($_POST['remember']=='1')
{
setcookie('cookie_remember_me', 1, time()+604800);
setcookie('cookie_username', $_POST['username'], time()+604800);
setcookie('cookie_userpassword', $_POST['userpassword'], time()+604800);
}
else
{
setcookie('cookie_remember_me', 1, time()-604800);
setcookie('cookie_username', $_POST['username'], time()-604800);
setcookie('cookie_userpassword', $_POST['userpassword'], time()-604800);
}
*/
echo '<META HTTP-EQUIV="Refresh" CONTENT="0;URL=index.php">';
exit();
} else{
echo" <script>
alert('Username และ/หรือ Password ไม่ถูกต้อง')
</script>";
echo '<META HTTP-EQUIV="Refresh" CONTENT="0;URL=products_new_th.php">';
}
mysql_free_result($checklogin);
mysql_free_result($user);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>Login - Wata Admin</title>
<!--[if lt IE 9]>
<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<link href="css/zice.style.css" rel="stylesheet" type="text/css" />
<link href="css/icon.css" rel="stylesheet" type="text/css" />
<link rel="stylesheet" type="text/css" href="components/tipsy/tipsy.css" media="all"/>
<style type="text/css">
html {
background-image: none;
}
#versionBar {
background-color:#212121;
position:fixed;
width:100%;
height:35px;
bottom:0;
left:0;
text-align:center;
line-height:35px;
}
.copyright{
text-align:center; font-size:10px; color:#CCC;
}
.copyright a{
color:#A31F1A; text-decoration:none
}
</style>
</head>
<body >
<div id="alertMessage" class="error"></div>
<div id="successLogin"></div>
<div class="text_success"><img src="images/loadder/loader_green.gif" alt="ziceAdmin" /><span>Please wait</span></div>
<div id="login" >
<div class="inner">
<div class="logo" ><img src="images/logo/logo_loginw.png" alt="ziceAdmin" height="44" /></div>
<div class="userbox"></div>
<div class="formLogin">
<form action="products_new_th.php" method="post" name="formLogin" id="formLogin">
<div class="tip">
<input name="username" type="text" id="username_id" title="Username" />
</div>
<div class="tip">
<input name="password" type="password" id="password" title="Password" />
</div>
<div style="padding:20px 0px 0px 0px ;">
<?php /*?><div style="float:left; padding:0px 0px 2px 0px ;">
<input name="remember" type="checkbox" class="on_off_checkbox" id="on_off" value="1" />
<span class="f_help">Remember me</span>
</div><?php */?>
<div style="float:right;padding:2px 0px ;">
<div>
<ul class="uibutton-group">
<li> <button class="uibutton normal" type="submit" id="but_login">Login</button></li>
</ul>
</div>
</div>
</div>
</form>
</div>
</div>
<div class="clear"></div>
<div class="shadow"></div>
</div>
<!--Login div-->
<div class="clear"></div>
<div id="versionBar" >
<div class="copyright" > © Copyright 2012 All Rights Reserved <span class="tip"><a href="http://www.-.co.th/" title="-.co.th" >-.co.th</a> </span> </div>
<!-- // copyright-->
</div>
<!-- Link JScript-->
<script type="text/javascript" src="js/jquery.min.js"></script>
<script type="text/javascript" src="components/effect/jquery-jrumble.js"></script>
<script type="text/javascript" src="components/ui/jquery.ui.min.js"></script>
<script type="text/javascript" src="components/tipsy/jquery.tipsy.js"></script>
<script type="text/javascript" src="components/checkboxes/iphone.check.js"></script>
<script type="text/javascript" src="js/login.js"></script>
</body>
</html>
Tag : PHP
|
|
|
|
|
|
Date :
2017-05-30 11:44:42 |
By :
patipath417 |
View :
926 |
Reply :
3 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ใช้พวก Captcha เป็นการป้องกันพวก Spam Login ครับ
ใช้ reCAPTCHA กับ php ป้องกัน Spam bot ด้วยการยืนยันตัวบุคคล (PHP)
|
|
|
|
|
Date :
2017-05-30 14:40:43 |
By :
mr.win |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
คงไม่ได้โดนจากล็อคอิน หน้าแสดงข้อมูลก็โดนแฮ็คได้
Http://test.com?id=1
ตัวรับ
<?php
$sql="select * from table where Id=$_get[id]"
แบบนี้ก็โดน
|
|
|
|
|
Date :
2017-05-30 19:40:35 |
By :
Chaidhanan |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Load balance : Server 04
|