随风分类信息程序 v1.4 COOKIES 欺骗

admin/index.php：

<? require_once("../conn.php");?>
<?
$user=cstr($_POST["user"]);
$pass=cstr($_POST["pass"]);
if($_GET["post"]=="action"){

$sql=mysql_query("select * from config where s_user='".$user."' and s_pass='".$pass."'");
$rs=mysql_fetch_array($sql);
if($rs["id"]==""){
echo "<script>alert('用户名或密码错误，请从新输入！ (默认密码是:123456)');window.location.href='index.php';</script>";
exit;
}else{
setcookie("admin","windows250523691",time()+3600);
echo "<script>window.location.href='admin.php';</script>";
exit;
}
}

文章目录