我如何绕过MySQL Triger

时间:2019-03-13 23:01:42

标签: php mysql

我建立了一个小型网站只是为了娱乐文件共享,每个帐户每天限制为20个文件, 所有成员数据存储在MySQL表中。 用户名,密码和下载号。 当有人单击下载时,一个函数将触发并将+1存储在表中。便开始下载。

在我看到服务器上的日志文件之后,我认为一切正常,并且发现有人下载了文件而没有触发该功能并且没有在数据库内部留下任何历史记录!

那怎么可能!以及我该如何做才能阻止此错误!

代码如下:

    if (isset($_GET['download']) && !empty($_GET['download'])){

                if (!(isset($_GET['username']) && !empty($_GET['username']))){
                    echo 'Only a member of this website can download this file. However, no username was specified in this download. Sorry for inconvenience.'; 
                    die;
                }

                $dl_username = $this->decrypt($_GET['username']);

                if (gator::getUser($dl_username) == false){
                    echo 'Only a member of this website can download this file. However, the username provided does not exist in the database. Sorry for inconvenience.';   
                    die;
                }

                $dl_user = gator::getUser($dl_username);
                if ($dl_user['downloads'] > 20){
                    echo 'Cannot download more files for today! You have crossed the limit of downloading 20 files.';
                    die;
                }
                gator::updateUser($dl_user['username'], array('downloads' => $dl_user['downloads'] + 1));

                $filename = $this->filterInput($this->decrypt($_GET['download']));

                if (in_array($filename, gatorconf::get('restricted_files'))) die;

                if (!file_exists($_SESSION['cwd'].DS.$filename)) die;

                // Set headers
                header("Cache-Control: public");
                header("Content-Description: File Transfer");
                header("Content-Disposition: attachment; filename=\"$filename\"");
                header("Content-Type: application/octet-stream");
                header("Content-Transfer-Encoding: binary");
// output file
            set_time_limit(0);
            $file = @fopen($_SESSION['cwd'].DS.$filename,"rb");
            while(!feof($file))
            {
                print(@fread($file, 1024*8));
                ob_flush();
                flush();
            }

            gator::writeLog('download - '.$filename);
            echo 'Downloaded';


            die;
        }

编辑:有两个日志文件,一个用于记录成员在网站上的操作的操作,另一个用于记录我的Apache服务器上的操作,甚至记录非用户的所有连接。

>

下面是文件链接的示例:“没有人可以使用热链接”

https://www.example.com/?download=MLB%20820-2186%20schematic%20diagram.pdf&username=Linda

0 个答案:

没有答案