PHP代码被报告为恶意软件

时间:2017-09-11 19:01:10

标签: php login malware malware-detection

我一直在localhost的网站上工作,并且刚刚尝试将其上传到免费的网络服务器,因此我可以获得一些测试人员,因为某些原因我的代码被报告为恶意软件并且被阻止我的防病毒软件,这意味着除了ERR_CONNECTION_RESET之外我访问它时看不到任何内容。你们有没有想过为什么这个代码被检测为恶意软件?

的login.php

<?php
include('classes/db.php');

if (db::maintenance()) {
  die('This site is currently going under maintenance, please check back again shortly.');
}

if (isset($_POST['submit'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];

  if (db::query('SELECT username FROM users WHERE username=:username', array(':username'=>$username))) {
    if (password_verify($password, db::query('SELECT password FROM users WHERE username=:username', array(':username'=>$username))[0]['password'])) {
      echo "Logged in!";
      $cstrong = True;
      $token = bin2hex(openssl_random_pseudo_bytes(64, $cstrong));
      $user_id = db::query('SELECT id FROM users WHERE username=:username', array(':username'=>$username))[0]['id'];
      db::query('INSERT INTO login_tokens VALUES (NULL, :token, :user_id)', array(':token'=>sha1($token), ':user_id'=>$user_id));
      setcookie("SNID", $token, time() + 60 * 60 * 24 * 7, '/', NULL, NULL, TRUE);
      setcookie('SNID_', '1', time() + 60 + 60 * 24 * 3, '/', NULL, NULL, TRUE);
      header('Location: index.php');
    } else {
      echo "Incorrect password";
    }
  } else {
    echo "User not registered!";
  }
}

?>

 <h1>Login to your account</h1>

<form action="login.php" method="post">
  <input type="text" name="username" value="" placeholder="Username"><p />
  <input type="password" name="password" value="" placeholder="Password"><p />
  <input type="submit" name="submit" placeholder="Login"><p />
</form>

db.php中 (我已将连接更改为虚假数据,并在将其上传到主机时将其更改为正确的数据。)

<?php
class db {
  private static function connect () {
    $conn = new PDO('mysql:host=localhost;dbname=users;,charset=utf8', 'root', '');
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    return $conn;
  }

  public static function query ($sql, $params = array()) {
    $statement = self::connect()->prepare($sql);
    $statement->execute($params);

    if (explode(' ', $sql)[0] == 'SELECT') {
     $result = $statement->fetchAll();
     return $result;
    }
  }

  public static function notify ($userid) {
    $notifications = db::query('SELECT forum_members.forum_id, notifications.user_id, notifications.post_id, notifications.forum_id, notifications.post_body, notifications.creation, notifications.type FROM forum_members, notifications WHERE (notifications.forum_id=forum_members.forum_id OR notifications.forum_id=0) AND notifications.user_id=forum_members.user_id ORDER BY notifications.post_id DESC');
    return $notifications;
  }

  public static function maintenance () {
    return false;
  }
}
 ?>

1 个答案:

答案 0 :(得分:0)

您使用哪种类型的地址进入网站? PHP源代码不会显示给浏览器,因此PHP不是问题所在。 如果你输入一个主机名(例如..... 2cc.brad .... net)那么它将自动被检测为初学者安全的“恶意软件”,如果你从localhost / 127.0.0.1访问它它应该没问题,但是如果你从标记为恶意软件的主机上访问它,那么就是白天。