网站被黑的用户名、附加信息和密码已更改问题？

发布于 2024-10-30 17:50:43 字数 3842 浏览 3 评论 0原文

我想知道什么可以让用户破解我的网站，他们更改了我的用户名、个人信息和密码。有人可以给我一些关于它可能是什么的建议吗？我正在使用 PHP MySQL 和 HTMLPURIFIER。

这是登录脚本。

<?php
if (isset($_POST['submitted'])) { // start of submit conditional.
    require_once (MYSQL);

    // Validate the username or email address:
    if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
        $e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
    } else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
        $e = FALSE;
        echo '<p>Your username or email address cannot exceed 255 characters!</p>';
    } else {    
        $e = FALSE;
        echo '<p>You forgot to enter your username or email address!</p>';
    }

    // Validate the password:
    if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
        $p = mysqli_real_escape_string($dbc, $_POST['pass']);
    } else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
        $p = FALSE;
        echo '<p>Your password cannot exceed 255 characters!</p>';
    } else {
        $p = FALSE;
        echo '<p>You forgot to enter your password!</p>';
    }

    if(($e != FALSE) && ($p != FALSE)) { // check pass
        $pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
        $ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc));

        while($row = mysqli_fetch_array($ph)){ 
            $password = $row['password'];
            $salt = $row['salt'];
        }

        if(!empty($salt)) {
            $sha512 = hash('sha512', $p . $salt);
        }

        if(!empty($password) == !empty($sha512)){
            $user_pass = TRUE;
        } else {
            $user_pass = FALSE;
        }
    }


    if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
        // Query the database:
        $q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";        
        $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));


        if (@mysqli_num_rows($r) == 1) { // A match was made.

            // Register the values & redirect:
            $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
            // check if user is logged in then update the old login date
            $u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL"; 
            // save the info to the database
            $r = mysqli_query ($dbc, $u);
            mysqli_free_result($r);
            mysqli_close($dbc);

            $url = BASE_URL . 'home/index.php'; // Define the URL:
            header("Location: $url");
            exit(); // Quit the script.

        } else { // No match was made.
            echo '<p>Either your username, email address or password entered do not match those on file or you have not yet activated your account.</p>';
        }

    } else { // If everything wasn't OK.
        echo '<p>Please try again.</p>';
    }

    mysqli_close($dbc);

} // end of submit conditional.
?>

原文

I was wondering what could of allowed a user to hack my site, they changed my username, personal info and password. Can someone give me some suggestions on what it could have been. I'm using PHP MySQL and HTMLPURIFIER.

Here is the login script.

<?php
if (isset($_POST['submitted'])) { // start of submit conditional.
    require_once (MYSQL);

    // Validate the username or email address:
    if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
        $e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
    } else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
        $e = FALSE;
        echo '<p>Your username or email address cannot exceed 255 characters!</p>';
    } else {    
        $e = FALSE;
        echo '<p>You forgot to enter your username or email address!</p>';
    }

    // Validate the password:
    if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
        $p = mysqli_real_escape_string($dbc, $_POST['pass']);
    } else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
        $p = FALSE;
        echo '<p>Your password cannot exceed 255 characters!</p>';
    } else {
        $p = FALSE;
        echo '<p>You forgot to enter your password!</p>';
    }

    if(($e != FALSE) && ($p != FALSE)) { // check pass
        $pass_salt = "SELECT users.password, users.salt FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.active IS NULL";
        $ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc));

        while($row = mysqli_fetch_array($ph)){ 
            $password = $row['password'];
            $salt = $row['salt'];
        }

        if(!empty($salt)) {
            $sha512 = hash('sha512', $p . $salt);
        }

        if(!empty($password) == !empty($sha512)){
            $user_pass = TRUE;
        } else {
            $user_pass = FALSE;
        }
    }


    if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
        // Query the database:
        $q = "SELECT users.user_id, users.first_name, users.user_level FROM users JOIN contact_info ON contact_info.user_id = users.user_id WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL";        
        $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));


        if (@mysqli_num_rows($r) == 1) { // A match was made.

            // Register the values & redirect:
            $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
            // check if user is logged in then update the old login date
            $u = "UPDATE users JOIN contact_info ON contact_info.user_id = users.user_id SET users.last_login = NOW(), users.deletion = 0, users.deletion_date = NULL WHERE (contact_info.email = '" . $e . "' OR users.username = '" . $e . "') AND users.password = '" . $sha512 . "' AND users.active IS NULL"; 
            // save the info to the database
            $r = mysqli_query ($dbc, $u);
            mysqli_free_result($r);
            mysqli_close($dbc);

            $url = BASE_URL . 'home/index.php'; // Define the URL:
            header("Location: $url");
            exit(); // Quit the script.

        } else { // No match was made.
            echo '<p>Either your username, email address or password entered do not match those on file or you have not yet activated your account.</p>';
        }

    } else { // If everything wasn't OK.
        echo '<p>Please try again.</p>';
    }

    mysqli_close($dbc);

} // end of submit conditional.
?>

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

讽刺将军 2024-11-06 17:50:43

您应该了解 SQL 注入。这就是我首先想到的（注意到 MySql 的使用）。为了防止这种情况，您必须使用mysql_real_escape_string()（不同的mysql_escape_string()，它被视为已弃用）来清理用户输入。尽管有这个解决方案，我建议您使用 PDO 或 Mysqli （我通常不鼓励使用这个），以便通过使用来修复 SQL 注入问题准备好的语句。

那么您可能应该意识到 XSS（跨站点脚本）可能会在您的代码中“注入”某种恶意 Javascript 脚本。您可以使用 htmlspecialchars() 稍微修复此问题，使 HTML 标记（例如

另请查看PHP 漏洞列表。

为了使您的代码更具可读性和“正确”，我建议您将 strlen($_POST['login']) >= 256 更改为 <代码>strlen($_POST['login'])>; 255 是相同的，但让读者立即明白真正的限制不是 256 而是 255。