百度和GG告诉我太少人用了 所以放出来

 

问题出在后台登录验证

 

private function _admin_login()

        {

                if((!empty($_REQUEST['api']) || $_REQUEST['api'] == $this->p_site['connect']) || $_COOKIE['api'] == $this->p_site['connect']){

                        setcookie ("api", $this->p_site['connect'], time() + 31536000, "/");

                        return;

                }

                if(empty($_COOKIE['user']['username']) || empty($_COOKIE['user']['level']) || empty($_COOKIE['user']['password']))

                {

                        exec_script('window.top.location.href="'.SITEPATH.'"');return;//什么年代了还COOKIES

                }

                $user_obj = self::load_model('Q_User');       

                $result = $user_obj->select(array('username' => $_COOKIE['user']['username'], 'password' => $_COOKIE['user']['password'], 'level' => $_COOKIE['user']['level']));

                  //上面是验证COOKIES里的帐号密码和用户权限

                if(!$result)

                {

                        exec_script('window.top.location.href="'.SITEPATH.'"');return;

                }       

        }

       

//问题不在上面 问题是exec_script.......

function exec_script($str) { echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>'.$str.'</script>'; }

补充下：7楼宝宝说了下 感概有道理

 

说明下怎么意思  首先

 

 

        if(empty($_COOKIE['user']['username']) || empty($_COOKIE['user']['level']) || empty($_COOKIE['user']['password']))

 

                {exec_script('window.top.location.href="'.SITEPATH.'"');return;//什么年代了还COOKIES 这里可以构建COOKIES去绕过 不管数值对和不对

 

至于怎么构建 火狐浏览器有COOKIES EDIT插件 不会用的话 百度搜索老兵COOKIES欺骗浏览器 估计能找到

 

然后程序是验证COOKIES里的帐号密码 权限有没有存在

 

 

$user_obj = self::load_model('Q_User');      

                $result = $user_obj->select(array('username' => $_COOKIE['user']['username'], 'password' => $_COOKIE['user']['password'], 'level' => $_COOKIE['user']['level'])); 如果不存在 那么

 

 

if(!$result)

                {

                        exec_script('window.top.location.href="'.SITEPATH.'"');return; 跳转回去登录界面

 

问题在于  exec_script 这个自定义函数

 

function exec_script($str) { echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><script>'.$str.'</script>'; } 这里是输出脚本 但聪明的你一定知道关闭浏览器脚本去绕过 就是不执行这个动态脚本

 

from：http://t00ls.net/viewthread.php?tid=19810&extra=page%3D1%26amp%3Borderby%3Ddateline%26amp%3Bfilter%3D2592000