首先,我是PHP和编码的新手。
我目前正在创建一个网络应用程序,它故意容易向学生讲授基于Web的漏洞。 Web应用程序由每个级别包含不同漏洞的级别组成。
在当前级别,我正在尝试设置一个cookie名称" Authenticated"值为" 0"当用户成功登录该级别时。当他们到达页面时,他们会收到一个PHP错误,他们没有通过身份验证。我希望他们能够拦截页面请求,将值更改为" 1",然后作为此更改值的结果,接收包含下一级别密码的PHP回显。
这是我的主页(level6.php):
<?php
session_start();
if(!isset($_SESSION['user'])){
header("Location:../level5/login6.php");
}
include("authentication.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset='utf-8'>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="../css/wargames.css">
<script src="http://code.jquery.com/jquery-latest.min.js"
type="text/javascript"></script>
<script src="js/script.js"></script>
<title>Generic Web App Title</title>
<div id="logodiv"><img src="../images/test.png" width="50%"></div>
<div id='cssmenu'>
<ul>
<li><a href='#'>Cryptography</a></li>
<li><a href='#'>Directory Traversal</a></li>
<li><a href='#'>SQL Injection</a></li>
<li><a href='#'>Malicious Redirects</a></li>
<li><a href='#'>Burp Suite</a></li>
<li><a href='#'>nmap</a></li>
<li><a href='#'>John the Ripper</a></li>
<li><a href='#'>Information Gathering</a></li>
<li><a href='#'>Reporting</a></li>
</ul>
</div>
</head>
<body background="../images/background.jpg">
<br />
<div id='announcements' style="margin: 0 auto;"><h3 align='center'>Welcome
to Level 6!</h3></b>
<hr>
<span><?php echo $error; ?></span>
</div>
<br />
<div id="pagefoot">
<div id='footer' align='center'>####
<br />
####
</div>
</div>
</body>
</script>
</html>`
这是PHP在后台进行的(authentication.php):
<?php
$error=''; //
$cookie_name="Authenticated";
$cookie_value="0";
setcookie($cookie_name, $cookie_value);
if($cookie_value = "0") {
$error = "You are not authorized to view this page!";
}
else {
if($cookie_value = "1") {
$error = "Success! The password for the next level is...";
}
}
?>
感谢您的帮助。
编辑:这是我的登录代码。用户将转到登录页面。登录页面是基本的,包含此代码...
<?php
session_start();
$error=''; //
if(isset($_POST['submit'])){
if(empty($_POST['user']) || empty($_POST['pass'])){
$error = "Username or Password is Invalid";
}
else
{
//Define $user and $pass
$user=$_POST['user'];
$pass=$_POST['pass'];
//Establish Connection with server by passing server_name, user_id
and pass as a parameter
$sqli = mysqli_connect("localhost", "", "");
//Select Database
$db = mysqli_select_db($sqli, "");
//sql query to fetech information of registered user and finds user
match.
$query = mysqli_query($sqli, "SELECT * FROM members WHERE id=6 AND
password='$pass' AND username='$user'");
$rows = mysqli_num_rows($query);
if($rows == 1){
$_SESSION['user'] = md5($pass);
header("Location: ../level6/level6.php"); //Redirect to
protected page
}
else
{
$error = "Username or Password is Invalid";
}
mysqli_close($sqli); //Close Conenction
}
}
?>
然后登录代码将对用户进行身份验证并将其带到上面的页面。
答案 0 :(得分:0)
<强> authentication.php
<?php
$error='';
//Here fetch (GET) the data from the database for cookie_value and assign to
//$cookie_value variable.
$cookie_name = "Authenticated";
$cookie_value = $_GET["cookie_value"]; //Here Get The Value of cookie from DB
if( $cookie_name == 'Authenticated' && $cookie_value == "0") {
// Do what you want if cookie_value is `0`. or set the cookie. or redirect to another page if unauthorized user.
//setcookie($cookie_name, $cookie_value, time() + (86400 * 30), "/"); // 86400 = 1 day
$error = "You are not authorized to view this page!";
}
else {
if( $cookie_name == 'Authenticated' && $cookie_value == "1") {
$error = "Success! The password for the next level is...";
}
}
?>
注意:
=运算符用于分配value。= =运算符用于仅比较values而不是datatype = = =运算符用于比较values以及datatype。答案 1 :(得分:0)
它一直在发生,因为你已经设置了cookie值= 0,无论你设置多少次,页面都会将其重置为0.需要将其更改为$ cookie_value = $ _GET变量
答案 2 :(得分:0)
我再次看了一遍,试试这个:
<div class="parent">
<span class="child1"> Content 1</span>
<span class="child2"> Content 2</span>
<span class="child3"> Content 3 Content 3 Content 3</span>
</div>