trueman.php 0000644 0001750 0000144 00000005035 12350073222 012762 0 ustar jonathan users
web
");
}
if($_SESSION[trueman_count]>=60)
{
exit("Access Denied");
}
if($_POST[id] && $_POST[pw])
{
$_POST[id]=addslashes($_POST[id]);
$_POST[pw]=addslashes($_POST[pw]);
$_SESSION[trueman_count]++;
foreach($_POST as $check)
{
if(eregi(",|sql|inf|uuid|def|data|set|coe|uns|&|~|sys|dev|mic|make|fou|ex|yea|wee|quar|per|now|salt|unc|des|enc|dec|code|:|\([a-z]| |\*|<|>|[0-9]|union|\(\)|[a-z]\)|\^|-|\/|limit|by|group|order|like|!|\||sum|round|ceil|@|length|select|\(\(|not|pi|pro|hex|ascii|ord|left|con|ben|pad|right|mid|locate|ins|pos|reverse|floor|ver|add|com|div|mod|mul|pow|scale|sqrt|bc|abs|ceil|trun|pow|test|least|int|trim|case|sleep|if|count|avg|max|min|day|date|sign|rand|md5|sha|pass|oct|exp|ln|log|crc|rad|sin|cos|tan|asin|acos|atan|cot|\.|bet|in|out|_|name|user|sche|table|sec|time|bin|fie|low|up|load|into|spe|index|rep|row|col|mem|admin|ing|as|show|in|reg|off",$check)) exit("Access Denied
");
}
$id=mb_convert_encoding($_POST[id],"utf-8","euc-kr");
$pw=md5("$_POST[pw]");
$q=@mysql_fetch_array(mysql_query("select * from members where id=('$id') and pw=('$pw')"));
if($q) $result="true";
else $result="false";
if($q[id]=="admin" && $q[pw]==md5("$_POST[pw]"))
{
echo("Admin page");
}
}
?>
Source