目录
介绍:
展示:
登陆页面:
注册页面:
主页:
编辑发布动态模块:
更换头像模块:
源代码:
blog.php
blogconn.php
conn.php
headpic.php
index.html
login.php
register.html
register.php
style1.css
upload.php
welcome.php
介绍:
此项目采用html+css+php+mysql开发
做这个开发的目的一是练习我的web开发能力,二来相当于一个小靶场,可以自己进行一些漏洞试验,自己做一下攻防。
之后会更新对这个靶站做的一些攻击和修复,包括sql注入、文件上传、XSS、验证码业务逻辑错误。
展示:
登陆页面:
简单的登陆表单,采用post方式进行数据传输,对输入的用户名和密码进行sql查询,查询成功会跳转到welcome.php页面
注册页面:
简单的注册功能,往数据库里插入数据
主页:
发布动态模块:
这也是我第一次做这个功能,我想的是为每个用户创建一个数据表,把发布的动态的内容插入到用户的数据表里,然后在主页进行数据查询并展示。
发布成功效果:
更换头像模块:
进行文件上传,头像的路径会被存储到数据库中,并根据用户名查询和展示头像
更换头像展示:
源代码:
blog.php
*{
margin:0px;
padding:0px;
}
#background{
position: absolute;width: 100%;height: 300px;
margin-bottom: 0px;height: 500px;
background-image: linear-gradient(rgb(151, 192, 254),white);
}
#headpic{
position: absolute;top: 10px;right:50px;
height: 60px;width: auto;
border-radius: 50%;
border: 5px white solid;
}
a{
float:right;margin-top: 20px;
list-style: none;
display: table-cell;
width: 80px;
height: 30px;
text-align: center;
border-radius: 40%;
margin-left: 50px;
margin-right: 50px;
color:rgb(23, 35, 199) ;
}
form{
height: 500px;
text-align: center;
margin-top: 5%;
}
#buttorn1{
position:absolute;bottom: -120px;left:48%;
}
session_start();
header("Content-type:text/html;charset=utf-8");
$username=$_SESSION['user'];
$dbtable=substr($username,0,8).'blog';
include('./blogconn.php');//链接数据库
$sql22="create table $dbtable(id int auto_increment primary key, blog varchar(300) not null);";
$result=mysqli_query($conn2,$sql22);
$conn2->query($sql22);
$blog=$_POST['blog'];
if(isset($blog)){
$blogsql="insert into $dbtable(id,blog) values(null,'$blog');";
$result=mysqli_query($conn2,$blogsql);
}
mysqli_close($conn);//关闭数据库
?>
session_start();
$username=$_SESSION['user'];
include('./conn.php');
$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息
$result = mysqli_query($conn,$sql);//执行sql
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$str='';
print_r($str);
?>
欢迎您!
用户:
session_start();
if($_SESSION['user']==""){
echo "";
}else{
echo $_SESSION['user'];
}
?>
blogconn.php
session_start();
header("Content-type:text/html;charset=utf-8");
$username=$_SESSION['user'];
$dbtable=substr($username,0,8).'blog';
$dbhost = "127.0.0.1";
$dbuser = 'root';
$dbname = "sqlinject"; //数据库名称
$dbpass = ""; //数据库密码
$conn2=mysqli_connect($dbhost,$dbuser,$dbpass);
if(!$conn=mysqli_connect($dbhost,$dbuser,$dbpass)){
die("连接失败:".mysqli_connect_error());
}
$connt=mysqli_select_db($conn2,$dbname);
//echo "";
?>
conn.php
$dbhost = "127.0.0.1";
$dbuser = 'root';
$dbname = "sqlinject"; //数据库名称
$dbtable='flag';
$dbpass = ""; //数据库密码
$conn=mysqli_connect($dbhost,$dbuser,$dbpass);
if(!$conn=mysqli_connect($dbhost,$dbuser,$dbpass)){
die("连接失败:".mysqli_connect_error());
}
$connt=mysqli_select_db($conn,$dbname);
//echo "";
?>
headpic.php
*{
margin:0px;
padding:0px;
}
#background{
position: absolute;width: 100%;height: 300px;
margin-bottom: 0px;height: 500px;
background-image: linear-gradient(rgb(151, 192, 254),white);
}
#headpic{
position: absolute;top: 10px;right:50px;
height: 60px;width: auto;
border-radius: 50%;
border: 5px white solid;
}
a{
float:right;margin-top: 20px;
list-style: none;
display: table-cell;
width: 80px;
height: 30px;
text-align: center;
border-radius: 40%;
margin-left: 50px;
margin-right: 50px;
color:rgb(23, 35, 199) ;
}
function checkFile() {
var file = document.getElementsByName('file')[0].value;
if (file == null || file == "") {
alert("请选择要上传的文件!");
return false;
}
//定义允许上传的文件类型
var allow_ext = ".jpg|.png|";
//提取上传文件的类型
var ext_name = file.substring(file.lastIndexOf("."));
//判断上传文件类型是否允许上传
if (allow_ext.indexOf(ext_name) == -1) {
var errMsg = "该文件不允许上传,请上传" + allow_ext + "类型的文件,当前文件类型为:" + ext_name;
alert(errMsg);
return false;
}
}
error_reporting(0);
session_start();
$username=$_SESSION['user'];
include('./conn.php');
$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息
$result = mysqli_query($conn,$sql);//执行sql
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$str='';
print_r($str);
?>
欢迎您!
用户:
session_start();
if($_SESSION['user']==""){
echo "";
}else{
echo $_SESSION['user'];
}
?>
index.html
login.php
session_start();
header("Content-type:text/html;charset=utf-8");
include('./conn.php');//链接数据库
$username = addslashes($_POST['username']);//post获得用户名表单值
$passowrd = $_POST['password'];//post获得用户密码单值
$_SESSION['user'] = $_POST['username'];
if ($username && $passowrd){//如果用户名和密码都不为空
$sql = "select * from flag where username = ('$username') and password='$passowrd'";//检测数据库是否有对应的username和password的sql
$result = mysqli_query($conn,$sql);//执行sql
$rows=mysqli_num_rows($result);//返回一个数值
if($rows){//0 false 1 true
session_start(); //创建session
header("refresh:0;url=./welcome.php");//如果成功跳转至welcome.html页面
exit;
}else{
echo "";
}
}
mysqli_close($conn);//关闭数据库
?>
register.html
register.php
session_start();
header("Content-type:text/html;charset=utf-8");
include('./conn.php');//链接数据库
$username = addslashes($_POST['username']);
$password = $_POST['password'];
if($username&&$password)
{
mysqli_query($conn,"insert into flag(id,username,password,pic) values(null,('$username'),'$password','./headpic/headpic.png');");
echo "注册成功,即将跳转至登录页面";
header("refresh:1.5;url=./index.html");
exit;
}
mysqli_close($conn);
?>
style1.css
body{
margin:0;padding: 0;
}
form{
position: absolute;
top:100px;left:500px;
}
.buttorn1 {
position: relative;top:100px;left:-320px;
width: 100px;
height: 30px;
background-color: #93b518;
margin-top: 20px;
margin-left: 75px;
border-radius: 3px;
font-size: 18px;
font-family: 微软雅黑;
color: white;
}
upload.php
session_start();
header("Content-Type:text/html;charset=utf-8");
include('./conn.php');
// 附件的存储位置、附件的名字
$path='./headpic/'.$_FILES['file']['name'];
echo '文件路径'.$path."
";
$username = $_SESSION['user'];
// 拼接成该文件在服务器上的名称
if($_FILES['file']['error']>0) {
die("出错了!".$_FILES['file']['error']);
}
if(move_uploaded_file($_FILES['file']['tmp_name'],$path)){
//echo "
"."Upload Success!";
mysqli_query($conn,"update flag set pic='$path' where username='$username';");
echo "恭喜您,上传成功!"."
3秒后将自动跳转到主页!";
header("refresh:3;url=./welcome.php");
}else{
//echo "
"."Upload Failed!".$_FILES['photo']['error'];
echo "对不起,上传头像失败了!";
header("refresh:2;url=./welcome.php");
}
?>
welcome.php
*{
margin:0px;
padding:0px;
}
#background{
position: absolute;width: 100%;height: 300px;
margin-bottom: 0px;height: 500px;
background-image: linear-gradient(rgb(151, 192, 254),white);
}
#headpic{
position: absolute;top: 10px;right:50px;
height: 60px;width: auto;
border-radius: 50%;
border: 5px white solid;
}
a{
float:right;margin-top: 20px;
list-style: none;
display: table-cell;
width: 80px;
height: 30px;
text-align: center;
border-radius: 40%;
margin-left: 50px;
margin-right: 50px;
color:rgb(23, 35, 199) ;
}
.blog{
height: 200px;width: 500px;margin: 50px;text-align: center;padding: 10px;background-image: linear-gradient(rgb(151, 192, 254),white);;
border-radius: 10%;
}
error_reporting(0);
session_start();
$username=$_SESSION['user'];
include('./conn.php');
$sql = "select pic from flag where username = '$username'";//根据用户名查找头像信息
$result = mysqli_query($conn,$sql);//执行sql
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$str='';
print_r($str);
?>
欢迎您!
用户:
session_start();
if($_SESSION['user']==""){
echo "";
}else{
echo $_SESSION['user'];
}
include('./blogconn.php');//链接数据库
$sql3="select count(id) from $dbtable;";
$result=mysqli_query($conn2,$sql3);
$row = mysqli_fetch_array($result, MYSQLI_BOTH);
$num=$row[0];
$i=1;
for($i=1;$i<=$num;$i++){
$sql4="select blog from $dbtable where id=$i";
$result4=mysqli_query($conn2,$sql4);
$row4 = mysqli_fetch_array($result4, MYSQLI_BOTH);
$blogdiv='
print_r($blogdiv);
}
?>
相关阅读
发表评论