20155331 "Cyber Confrontation" EXP8 Web Foundation Practice

20155331 "Cyber confrontation" Exp8 the basics of Web-based practice answer what is a form

Forms are primarily responsible for data collection functions in Web pages. A form has three basic components: the form label, which contains the URL of the CGI program used to process the form data and how the data is submitted to the server. form fields, including text boxes, password boxes, hidden fields, multiline text boxes, check boxes, radio boxes, drop-down selection boxes, file upload boxes, and so on. form buttons, including the Submit button, reset button, and General button, to transfer data to CGI scripts on the server or to cancel input, and to use form buttons to control other processing tasks that define the processing script

Browser can parse what language to run

Browser can parse run HTML, xml,javascript and other scripting language, for JS script, will call JS script engine to handle

What dynamic languages are supported by webserver

More commonly used ASP language, PHP language and JSP language, such as JavaScript, JSP, PHP and so on.

Experimental experience

This experiment feels more difficult than before, especially my own programming ability is not particularly good, the code becomes a big problem. However, although the experimental process compared to the hard, but the results are relatively satisfactory, hard work for a long time to do out the expected effect, or a sense of accomplishment.

Experimental procedure 1. Web front-end HTML

Enter the command sudo apt-get install apache2

Input command apachectl start start APAHCE

Open failed

It then looks at the port occupancy and kills the port and tries to open it again.

Open successfully.

Enter LOCALHOST:80 in the browser and you can see that our Apache is working properly.

Use cd/var/www/html to enter the Apache directory and create a simple HTML file containing the form

Open in Browser:

2.Web Front End: Javascipt

On the original 5331.html basis, you can add a piece of JavaScript code to complete the user whether to fill out the mailbox and password judgment. L as follows:

3.MySQL Foundation

Enter/etc/init.d/mysql start to start the MySQL service:

Enter Mysql-u root-p access with root access,

Use Show databases to view basic information:

Now, change the password.

Enter the following command to change the password

Use MySQL;

Select User, password, host from user;

UPDATE user SET Password=password ("20155331") WHERE user= ' root ';

Flush privileges;

Quit

Then log back in to MySQL

To create a database and a new table:

Create Database Dzdd;

Use DZDD;

Use the CREATE table dzddtable; Create a data table; Use show tables; View the existing data table:
CREATE TABLE hgytable (userid varchar), username varchar, password varchar (UP), enabled VARCHAR (5))

To add content to a table:
INSERT into dzddtable values (' dzdd ', ' 5331 ');

With the data sheet on the inside to write the data, and then check to see if it is stored in.

Web back end: PHP Web page

PHP is a common open source scripting language. It can execute Dynamic Web pages more quickly than CGI or Perl. PHP is a dynamic page compared to other programming languages, PHP is to embed the program into the HTML document execution, execution efficiency than the full HTML markup of the CGI is much higher; PHP can also execute compiled code, compile can achieve encryption and optimize the code to run, so that the code runs faster.

Create a new PHP test file vi/var/www/html/dzdd.php test file

Open localhost:80/dzdd.php directly from the browser,

You can see that the test was successful

Php+mysql Implement login Web page writing

Enter Vim dzdd.html under the/var/www/html folder to write the login Web page

In the 5331.html code of the previously compiled login webpage, change the Action property of form from # to dzdd.php, that is, jump to hgy.php after login, and then enter localhost:80/5331.html in the browser to access your login page

SQL injection

In the User name input box, enter ' or 1=1#, the password will be successful login, the reason is that the resultant SQL query statement is a SELECT * from the users where username= ' or 1=1# ' and Password=md5 ("), #相 When the comment, will be the following comments out, and 1=1 is always true, so this condition is definitely established, so can successfully login:

In PHP first change the statement if ($result = $mysqli->query ($query _str)) to if ($result = $mysqli->multi_query ($query _str)), and then enter ' in the User name box ' Insert INTO Users Valu (' 7 ', ' 15331 ', ' 20155331 ', "TRUE"), #在数据库中可以直接插入一个伪造的用户名, password, next time you can log in to the website with a forged username password (before logging on if ($result = $mysqli->query ($query _str)) The statement is changed back).

20155331 "Cyber Confrontation" EXP8 Web Foundation Practice