PHP5 ergernis
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
<?
require("admin/config.php");
$tnr = md5($HTTP_POST_VARS["technr"]);
$pnc = md5($HTTP_POST_VARS["pincode"]) ;
$sql = "SELECT * FROM casvos WHERE technr=['$tnr'] and pincode=['$pnc'] ORDER BY id DESC";
$res = mysql_query($sql);
if (mysql_num_rows($res) >= 1)
{
while ($row = mysql_fetch_array($res))
{
echo"
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">
<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4.0\">
<meta name=\"ProgId\" content=\"FrontPage.Editor.Document\">
<title>Cas-Vos Technics</title>
</head>
<frameset framespacing=\"0\" border=\"0\" frameborder=\"0\" rows=\"64,*\">
<frame name=\"banner\" scrolling=\"no\" noresize target=\"contents\" src=\"frame1.htm\">
<frameset cols=\"150,*\">
<frame name=\"contents\" target=\"main\" scrolling=\"no\" src=\"frame2.htm\">
<frame name=\"main\" scrolling=\"yes\" src=\"main.htm\">
</frameset>
<noframes>
<body>
<p>This page uses frames, but your browser doesn't support them.</p>
</body>
</noframes>
</frameset>
</html>";
}
}
else
{
echo "
<font color=\"#000080\" face=\"Palatino Linotype\" size=\"3\">U dient eerst in te
loggen alvorens u door kunt gaan.</font>
<form method=\"POST\" action=\"index.php\" target=\"_self\">
<table border=\"0\" cellspacing=\"1\" width=\"100%\">
<tr>
<td width=\"6%\"><font color=\"#000080\" size=\"3\" face=\"Palatino Linotype\">Technr:</font></td>
<td width=\"94%\"><font size=\"3\" face=\"Palatino Linotype\"><input type=\"text\" name=\"technr\" size=\"3\" style=\"background-color: #EFEFEF; color: #000080; border: 1 dashed #C0C0C0\"></font></td>
</tr>
<tr>
<td width=\"6%\"><font color=\"#000080\" size=\"3\" face=\"Palatino Linotype\">Pin:</font></td>
<td width=\"94%\"><font size=\"3\" face=\"Palatino Linotype\"><input type=\"password\" name=\"pincode\" size=\"3\" style=\"background-color: #EFEFEF; color: #000080; border: 1 dashed #C0C0C0\"></font></td>
</tr>
</table>
<p><input type=\"submit\" value=\"Inloggen\" name=\"login\" style=\"color: #000080; font-family: Palatino Linotype; font-size: 12pt; background-color: #FFFFFF; border: 0 solid #FFFFFF\"></p>
</form>";
}
?>
require("admin/config.php");
$tnr = md5($HTTP_POST_VARS["technr"]);
$pnc = md5($HTTP_POST_VARS["pincode"]) ;
$sql = "SELECT * FROM casvos WHERE technr=['$tnr'] and pincode=['$pnc'] ORDER BY id DESC";
$res = mysql_query($sql);
if (mysql_num_rows($res) >= 1)
{
while ($row = mysql_fetch_array($res))
{
echo"
<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-1252\">
<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4.0\">
<meta name=\"ProgId\" content=\"FrontPage.Editor.Document\">
<title>Cas-Vos Technics</title>
</head>
<frameset framespacing=\"0\" border=\"0\" frameborder=\"0\" rows=\"64,*\">
<frame name=\"banner\" scrolling=\"no\" noresize target=\"contents\" src=\"frame1.htm\">
<frameset cols=\"150,*\">
<frame name=\"contents\" target=\"main\" scrolling=\"no\" src=\"frame2.htm\">
<frame name=\"main\" scrolling=\"yes\" src=\"main.htm\">
</frameset>
<noframes>
<body>
<p>This page uses frames, but your browser doesn't support them.</p>
</body>
</noframes>
</frameset>
</html>";
}
}
else
{
echo "
<font color=\"#000080\" face=\"Palatino Linotype\" size=\"3\">U dient eerst in te
loggen alvorens u door kunt gaan.</font>
<form method=\"POST\" action=\"index.php\" target=\"_self\">
<table border=\"0\" cellspacing=\"1\" width=\"100%\">
<tr>
<td width=\"6%\"><font color=\"#000080\" size=\"3\" face=\"Palatino Linotype\">Technr:</font></td>
<td width=\"94%\"><font size=\"3\" face=\"Palatino Linotype\"><input type=\"text\" name=\"technr\" size=\"3\" style=\"background-color: #EFEFEF; color: #000080; border: 1 dashed #C0C0C0\"></font></td>
</tr>
<tr>
<td width=\"6%\"><font color=\"#000080\" size=\"3\" face=\"Palatino Linotype\">Pin:</font></td>
<td width=\"94%\"><font size=\"3\" face=\"Palatino Linotype\"><input type=\"password\" name=\"pincode\" size=\"3\" style=\"background-color: #EFEFEF; color: #000080; border: 1 dashed #C0C0C0\"></font></td>
</tr>
</table>
<p><input type=\"submit\" value=\"Inloggen\" name=\"login\" style=\"color: #000080; font-family: Palatino Linotype; font-size: 12pt; background-color: #FFFFFF; border: 0 solid #FFFFFF\"></p>
</form>";
}
?>
http://84.195.5.37:8080/gebruikers/casvos/index.php
waar komen die [ en ] vandaan?
en vars buiten quotes...
dus:
technr='".$tnr."' AND pincode='".$pnc."'
btw. $HTTP_POST_VARS["technr"] is erg oud en dubbele quotes daar lijken me zinloos, dit kan beter met:
$_POST['technr'];
[Nice 1]
<meta name=\"GENERATOR\" content=\"Microsoft FrontPage 4.0\">
[/Nice 1]
Gewijzigd op 01/01/1970 01:00:00 door Bo az
Nu doet hij het nog steeds niet hoor, wat scheelt er met die mysql_num_rows(): ?
Met:
Lees de foutmelding, zoek desnoods met Google, en als het echt niet lukt, wees niet bang om te vragen. Maar meestal zijn die foutmeldingen, en dat is ook de foutmelding die verantwoordelijk is voor jouw fout, vrij simpel op te lossen.
Gewijzigd op 01/01/1970 01:00:00 door Jelmer -