我的文件中的安全问题在哪里

时间:2013-02-10 06:23:13

标签: php

每次我将此图像查看器上传到我的网站时,我都会被黑客入侵,即每次上传此内容时,有人会破解我的网站任何更改密码。黑客总是上传php shell。但没有办法上传文件。

include "./config.php";

@ $db = mysql_pconnect($mysql['host'], $mysql['user'], $mysql['pass']) or die(mysql_error());

if ($_GET['id'])
{
    $id = $_GET['id'];
}
else
{
    header( 'Location: http://404.html' ) ;
    exit;
}

$id = mysql_real_escape_string($id, $db);

//IT"S NOT WORKING!
if (!$db)
{
    die("error");
}
mysql_select_db($mysql['db']) or die(mysql_error());

$query = "SELECT * FROM `images` WHERE id='" . $id . "'";

$result = mysql_query($query) or die(mysql_error());

if (!$result)
{
    die("MySQL Select error");
}

$num_results = mysql_num_rows($result);
if ($num_results ==0)
{
header( 'Location: http:///404.html' );
exit;
}
else{
    $row = mysql_fetch_array($result);
    $downloads = $row['downloads'] + 1;

    $lastuse = time();

     $ss = mysql_query("select downloads from `images` where id='".$id."'") or die(mysql_error());
     $rr = mysql_fetch_array($ss);

    $query = "update `images` set downloads=downloads+1, lastuse='" . $lastuse . "' where id='".$id."'";
    $result = mysql_query($query);
    if (!$result)
    {
        die("MySQL update error");
    }


    //get current stats
    $query = "SELECT * FROM `stat_cache` WHERE 1";

    $result = mysql_query($query);

    if (!$result)
    {
        die("MySQL Select error");
    }
    $stat = mysql_fetch_array($result);


    //downloads update
    $downloads = $stat['downloads'] + 1;
    $query = "UPDATE `stat_cache` SET downloads='" . $downloads . "' WHERE 1";
    $result = mysql_query($query);
    if (!$result)
    {
        die("MySQL Update error");
    }
}
//Lets create the image, now.
if(!file_exists('./images/' . $id)) {
header( 'Location: http:///404.html' ) ;
    exit;
}
header('Content-type: image/jpeg');

$fp = fopen('./images/' . $id, 'r');

$contents = fread($fp, $maxfilesize);
fclose($fp);

echo $contents;

任何人都可以告诉我这里的安全问题在哪里?

0 个答案:

没有答案