| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 1179 人关注过本帖
标题:[求助]一个非常郁闷的事
取消只看楼主 加入收藏
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
 问题点数:0 回复次数:6 
[求助]一个非常郁闷的事
我做的网站一直有个隐形人,说他是隐形人就是他能跳过我任何的判断语句,比如网站上看图片要收费,他就可以随便看。在我的消费记录表中,显示ID为空,这说明他的身份是游客,我就想不明白,他怎样跳过我的限制呢??
或者用其他方法,声明一下,我的网站以前被人入侵过,不过现在应该干净了。
搜索更多相关主题的帖子: 记录表 网站 
2007-03-03 15:54
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 

我的判断代码是这样的,大家看看有什么漏洞不????先谢过了。
<%if session("U_id")="" and session("C_id")="" then
response.write("<script>alert('对不起,您还没有登陆!');location.href='login1.asp';</script>")
%>
<%else%>
<%
if session("leixing")=0 then
set rs1=server.createobject("adodb.recordset")
sql1="select U_id,User_his,W_id,W_point from User_com where U_id='"&session("U_id")&"' and W_id='"&id&"'"
rs1.open sql1,conn,1,3
if rs1("User_his")<rs1("W_point") then
response.write("<script>alert('您的余额不足,请充值!');location.href='about/member.asp';</script>")
response.End
else
rs1("User_his")=rs1("User_his")-rs1("W_point")
rs1.update
rs1.close
set rs1=nothing
end if
else if session("leixing")=1 then
set rs2=server.createobject("adodb.recordset")
sql2="select C_id,Company_glodhis,W_id,W_point from Com_work where C_id='"&session("C_id")&"' and W_id='"&id&"'"
rs2.open sql2,conn,1,3
if rs2("Company_glodhis")<rs2("W_point") then
response.write("<script>alert('您的素材余额不足,请充值!');location.href='about/member0.asp';</script>")
response.End
else
rs2("Company_glodhis")=rs2("Company_glodhis")-rs2("W_point")
rs2.update
rs2.close
set rs2=nothing
end if
end if
end if
%>
<%end if%>

2007-03-05 15:27
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 
回复:(tang688)[em02]如果你肯定他不是会员,那多半...
他的IP我是看的到的。。。
2007-03-05 15:28
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 
回复:(yms123)login1.asp页面的代码发上来看看。

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" >
<title>游客登陆界面</title>
<script language="javascript">
<!--
function checkform()
{
if(document.login.name.value==""){
alert("请输入用户名!");
document.login.name.focus();
return false;
}
if(document.login.password.value==""){
alert("请输入密码!");
document.login.password.focus();
return false;
}
if(document.login.Checkcode.value==""){
alert("验证码不能为空!");
document.login.Checkcode.focus();
return false;
}
}
//-->
</script>
<style type="text/css">
<!--
td{color:#FFFFFF}
-->
</style>
<%
Dim num1
Dim rndnum
Randomize
Do While Len(rndnum)<4
num1=CStr(Chr((57-48)*rnd+48))
rndnum=rndnum&num1
Loop
session("Checkcode")=rndnum
%>
<link href="css/index.css" rel="stylesheet" type="text/css"></head>
<body bgcolor="#000000">
<p>&nbsp;</p>
<table width="900" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td height="108" colspan="2"><!--#include file="top.asp"--></td>
</tr>
<tr>
<td height="388">&nbsp;</td>
<td width="743" align="center" valign="top"><p>&nbsp;</p>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td align="right"><table style="border-style:dotted; border-color:#666666; border-width:thin" width="90%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#333333">
<tr>
<td height="18" class="xiaobiao"><font size=2>尽快加入作品交易会员----</font></td>
</tr>
<tr>
<td height="18"><span class="whitexiaobiao">即可点击下载</span>由全国设计师提供的包含(效果图、尺寸图、矢量图、工艺制作说明)的成套成衣作品。</td>
</tr>
<tr>
<td height=1>&nbsp;</td>
</tr>
<tr>
<td height="18">超过<span class="hot">10,000,000</span>幅最新最全欧美、日韩服装款式、设计手稿、时尚杂志、时装秀、橱窗照片等各类图库<span class="xiaobiao">免费提供</span></td>
</tr>
<tr>
<td height="18">纵览全球最新流行款式,打造热卖爆款。</td>
</tr>
<tr>
<td height="18" align="left">                           <span class="xiaobiao"> ·<a href="index.asp" target="_parent">返回首页</a>  </span></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/member0.asp">查看资费标准</a></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/payment.asp" class="xiaobiao">联系我们 进行充值</a></td>
</tr>
<tr>
<td height="18" class="black">&nbsp;</td>
</tr>
<tr>
<td height="18" align="center" class="whitexiaobiao">中国服装站欢迎您的加盟!</td>
</tr>
<tr>
<td height="18">&nbsp;</td>
</tr>
</table></td>
</tr>
</table>
<br>
<br>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td width="26%" align="center"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="183" height="305" bgcolor="#CCFF00"><a href="guanggao.asp"><img src="images/guanggaogeishejishide.jpg" width="180" height="300" border="0"></a></td>
</tr>
</table></td>
<td width="74%" align="center"><form action ="checkname.asp" method="post" name="login" onSubmit="return checkform();">
<br>
<br>
<br>
<%if session("U_id")="" and session("C_id")="" then%>
<table width="80%" border="1" cellspacing="0" cellpadding="0" bordercolor="#663366">
<tr>
<td height="30" colspan="3" align="center" valign="middle" class="whitexiaobiao">! 注册即可上传作品 ! </td>
</tr>
<tr>
<td height="58" colspan="3" align="center"><font size="+3"><strong>用 户 登 陆</strong></font></td>
</tr>
<tr>
<td width="20%" height="33" align="right">账 号:</td>
<td width="41%"><input name="name" type="text" class="brown"></td>
<td width="39%" align="center"> <a href="/company/reg_item.asp">厂商注册</a> <a href="/person/person_tiaokuan.asp">设计师注册</a></td>
</tr>
<tr>
<td height="33" align="right" width="20%">密 码:</td>
<td><input name="password" type="password" class="brown"></td>
<td rowspan="2" align="center"><input type="submit" name="Submit" value="登陆">&nbsp;
<a href="zhaohuimima.asp"><input type="button" name="Submit2" value="忘密"></a></td>
</tr>
<tr>
<td height="33" width="20%" align="right">验证码:</td>
<td bgcolor="#ECE9D8"><input name="Checkcode" type="text" class="brown" size="10"><font color=#000000><strong><%=session("Checkcode")%></strong></font></td>
</tr>
<tr>
<td height="46" colspan="3" align="center"><input type="radio" name="r1" value="0" checked="checked">
设计师 <input type="radio" name="r1" value="1">
厂商 </td>
</tr>
</table>
<%else if session("U_id")<>"" then%>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("User_id")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="person/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="person/person_exit.asp">退出登陆</a></td>
</tr>
</table>
<% else if session("C_id")<>"" then %>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("user")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="company/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="company/company_exit.asp">退出登陆</a></td>
</tr>
</table>

<% end if %>
<% end if %>
<% end if %>

<br>
<br>
<br>
<br>
<br>
<br>
</form></td>
</tr>
</table>
<br> </td>
</tr>
<tr>
<td height="121" colspan="2"><!--#include file="bottom.asp"--></td>
</tr>
</table>


</body>
</html>
应该不会和这个页面有关系吧??

2007-03-05 17:30
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" >
<title>游客登陆界面</title>
<script language="javascript">
<!--
function checkform()
{
if(document.login.name.value==""){
alert("请输入用户名!");
document.login.name.focus();
return false;
}
if(document.login.password.value==""){
alert("请输入密码!");
document.login.password.focus();
return false;
}
if(document.login.Checkcode.value==""){
alert("验证码不能为空!");
document.login.Checkcode.focus();
return false;
}
}
//-->
</script>
<style type="text/css">
<!--
td{color:#FFFFFF}
-->
</style>
<%
Dim num1
Dim rndnum
Randomize
Do While Len(rndnum)<4
num1=CStr(Chr((57-48)*rnd+48))
rndnum=rndnum&num1
Loop
session("Checkcode")=rndnum
%>
<link href="css/index.css" rel="stylesheet" type="text/css"></head>
<body bgcolor="#000000">
<p>&nbsp;</p>
<table width="900" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td height="108" colspan="2"><!--#include file="top.asp"--></td>
</tr>
<tr>
<td height="388">&nbsp;</td>
<td width="743" align="center" valign="top"><p>&nbsp;</p>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td align="right"><table style="border-style:dotted; border-color:#666666; border-width:thin" width="90%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#333333">
<tr>
<td height="18" class="xiaobiao"><font size=2>尽快加入作品交易会员----</font></td>
</tr>
<tr>
<td height="18"><span class="whitexiaobiao">即可点击下载</span>由全国设计师提供的包含(效果图、尺寸图、矢量图、工艺制作说明)的成套成衣作品。</td>
</tr>
<tr>
<td height=1>&nbsp;</td>
</tr>
<tr>
<td height="18">超过<span class="hot">10,000,000</span>幅最新最全欧美、日韩服装款式、设计手稿、时尚杂志、时装秀、橱窗照片等各类图库<span class="xiaobiao">免费提供</span></td>
</tr>
<tr>
<td height="18">纵览全球最新流行款式,打造热卖爆款。</td>
</tr>
<tr>
<td height="18" align="left">                           <span class="xiaobiao"> ·<a href="index.asp" target="_parent">返回首页</a>  </span></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/member0.asp">查看资费标准</a></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/payment.asp" class="xiaobiao">联系我们 进行充值</a></td>
</tr>
<tr>
<td height="18" class="black">&nbsp;</td>
</tr>
<tr>
<td height="18" align="center" class="whitexiaobiao">中国服装站欢迎您的加盟!</td>
</tr>
<tr>
<td height="18">&nbsp;</td>
</tr>
</table></td>
</tr>
</table>
<br>
<br>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td width="26%" align="center"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="183" height="305" bgcolor="#CCFF00"><a href="guanggao.asp"><img src="images/guanggaogeishejishide.jpg" width="180" height="300" border="0"></a></td>
</tr>
</table></td>
<td width="74%" align="center"><form action ="checkname.asp" method="post" name="login" onSubmit="return checkform();">
<br>
<br>
<br>
<%if session("U_id")="" and session("C_id")="" then%>
<table width="80%" border="1" cellspacing="0" cellpadding="0" bordercolor="#663366">
<tr>
<td height="30" colspan="3" align="center" valign="middle" class="whitexiaobiao">! 注册即可上传作品 ! </td>
</tr>
<tr>
<td height="58" colspan="3" align="center"><font size="+3"><strong>用 户 登 陆</strong></font></td>
</tr>
<tr>
<td width="20%" height="33" align="right">账 号:</td>
<td width="41%"><input name="name" type="text" class="brown"></td>
<td width="39%" align="center"> <a href="/company/reg_item.asp">厂商注册</a> <a href="/person/person_tiaokuan.asp">设计师注册</a></td>
</tr>
<tr>
<td height="33" align="right" width="20%">密 码:</td>
<td><input name="password" type="password" class="brown"></td>
<td rowspan="2" align="center"><input type="submit" name="Submit" value="登陆">&nbsp;
<a href="zhaohuimima.asp"><input type="button" name="Submit2" value="忘密"></a></td>
</tr>
<tr>
<td height="33" width="20%" align="right">验证码:</td>
<td bgcolor="#ECE9D8"><input name="Checkcode" type="text" class="brown" size="10"><font color=#000000><strong><%=session("Checkcode")%></strong></font></td>
</tr>
<tr>
<td height="46" colspan="3" align="center"><input type="radio" name="r1" value="0" checked="checked">
设计师 <input type="radio" name="r1" value="1">
厂商 </td>
</tr>
</table>
<%else if session("U_id")<>"" then%>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("User_id")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="person/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="person/person_exit.asp">退出登陆</a></td>
</tr>
</table>
<% else if session("C_id")<>"" then %>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("user")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="company/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="company/company_exit.asp">退出登陆</a></td>
</tr>
</table>

<% end if %>
<% end if %>
<% end if %>

<br>
<br>
<br>
<br>
<br>
<br>
</form></td>
</tr>
</table>
<br> </td>
</tr>
<tr>
<td height="121" colspan="2"><!--#include file="bottom.asp"--></td>
</tr>
</table>


</body>
</html>
谢谢了,大侠!!!

2007-03-05 17:30
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 
回复:(yms123)login1.asp页面的代码发上来看看。

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" >
<title>游客登陆界面</title>
<script language="javascript">
<!--
function checkform()
{
if(document.login.name.value==""){
alert("请输入用户名!");
document.login.name.focus();
return false;
}
if(document.login.password.value==""){
alert("请输入密码!");
document.login.password.focus();
return false;
}
if(document.login.Checkcode.value==""){
alert("验证码不能为空!");
document.login.Checkcode.focus();
return false;
}
}
//-->
</script>
<style type="text/css">
<!--
td{color:#FFFFFF}
-->
</style>
<%
Dim num1
Dim rndnum
Randomize
Do While Len(rndnum)<4
num1=CStr(Chr((57-48)*rnd+48))
rndnum=rndnum&num1
Loop
session("Checkcode")=rndnum
%>
<link href="css/index.css" rel="stylesheet" type="text/css"></head>
<body bgcolor="#000000">
<p>&nbsp;</p>
<table width="900" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td height="108" colspan="2"><!--#include file="top.asp"--></td>
</tr>
<tr>
<td height="388">&nbsp;</td>
<td width="743" align="center" valign="top"><p>&nbsp;</p>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td align="right"><table style="border-style:dotted; border-color:#666666; border-width:thin" width="90%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#333333">
<tr>
<td height="18" class="xiaobiao"><font size=2>尽快加入作品交易会员----</font></td>
</tr>
<tr>
<td height="18"><span class="whitexiaobiao">即可点击下载</span>由全国设计师提供的包含(效果图、尺寸图、矢量图、工艺制作说明)的成套成衣作品。</td>
</tr>
<tr>
<td height=1>&nbsp;</td>
</tr>
<tr>
<td height="18">超过<span class="hot">10,000,000</span>幅最新最全欧美、日韩服装款式、设计手稿、时尚杂志、时装秀、橱窗照片等各类图库<span class="xiaobiao">免费提供</span></td>
</tr>
<tr>
<td height="18">纵览全球最新流行款式,打造热卖爆款。</td>
</tr>
<tr>
<td height="18" align="left">                           <span class="xiaobiao"> ·<a href="index.asp" target="_parent">返回首页</a>  </span></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/member0.asp">查看资费标准</a></td>
</tr>
<tr>
<td height="3" class="xiaobiao"></td>
</tr>
<tr>
<td height="18" class="xiaobiao">                         ·<a href="../about/payment.asp" class="xiaobiao">联系我们 进行充值</a></td>
</tr>
<tr>
<td height="18" class="black">&nbsp;</td>
</tr>
<tr>
<td height="18" align="center" class="whitexiaobiao">中国服装站欢迎您的加盟!</td>
</tr>
<tr>
<td height="18">&nbsp;</td>
</tr>
</table></td>
</tr>
</table>
<br>
<br>
<table width="900" border="0" align="center" cellspacing="0">
<tr>
<td width="26%" align="center"><table width="181" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="183" height="305" bgcolor="#CCFF00"><a href="guanggao.asp"><img src="images/guanggaogeishejishide.jpg" width="180" height="300" border="0"></a></td>
</tr>
</table></td>
<td width="74%" align="center"><form action ="checkname.asp" method="post" name="login" onSubmit="return checkform();">
<br>
<br>
<br>
<%if session("U_id")="" and session("C_id")="" then%>
<table width="80%" border="1" cellspacing="0" cellpadding="0" bordercolor="#663366">
<tr>
<td height="30" colspan="3" align="center" valign="middle" class="whitexiaobiao">! 注册即可上传作品 ! </td>
</tr>
<tr>
<td height="58" colspan="3" align="center"><font size="+3"><strong>用 户 登 陆</strong></font></td>
</tr>
<tr>
<td width="20%" height="33" align="right">账 号:</td>
<td width="41%"><input name="name" type="text" class="brown"></td>
<td width="39%" align="center"> <a href="/company/reg_item.asp">厂商注册</a> <a href="/person/person_tiaokuan.asp">设计师注册</a></td>
</tr>
<tr>
<td height="33" align="right" width="20%">密 码:</td>
<td><input name="password" type="password" class="brown"></td>
<td rowspan="2" align="center"><input type="submit" name="Submit" value="登陆">&nbsp;
<a href="zhaohuimima.asp"><input type="button" name="Submit2" value="忘密"></a></td>
</tr>
<tr>
<td height="33" width="20%" align="right">验证码:</td>
<td bgcolor="#ECE9D8"><input name="Checkcode" type="text" class="brown" size="10"><font color=#000000><strong><%=session("Checkcode")%></strong></font></td>
</tr>
<tr>
<td height="46" colspan="3" align="center"><input type="radio" name="r1" value="0" checked="checked">
设计师 <input type="radio" name="r1" value="1">
厂商 </td>
</tr>
</table>
<%else if session("U_id")<>"" then%>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("User_id")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="person/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="person/person_exit.asp">退出登陆</a></td>
</tr>
</table>
<% else if session("C_id")<>"" then %>
<table width="175" border="1" bordercolor="#333333" style="table-layout: fixed;WORD-BREAK: break-all; WORD-WRAP: break-word">
<tr>
<td height="40" class="whitexi">&nbsp;欢迎您,<%=session("user")%>用户</td>
</tr>
<tr>
<td class="whitexi"><a href="company/default.asp">我的首页</a>&nbsp;&nbsp;&nbsp;&nbsp;
<a href="company/company_exit.asp">退出登陆</a></td>
</tr>
</table>

<% end if %>
<% end if %>
<% end if %>

<br>
<br>
<br>
<br>
<br>
<br>
</form></td>
</tr>
</table>
<br> </td>
</tr>
<tr>
<td height="121" colspan="2"><!--#include file="bottom.asp"--></td>
</tr>
</table>


</body>
</html>
不会和这个有关系吧

2007-03-06 09:18
caor1987
Rank: 1
等 级:新手上路
帖 子:228
专家分:0
注 册:2006-10-15
收藏
得分:0 
客户端我也有验证的代码啊~
他不会也能跳过吧?
我现在都不知道是怎样跳过的,知道了我就有方法屏蔽他了。
2007-03-07 14:18
快速回复:[求助]一个非常郁闷的事
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.031766 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved