trueman.php0000644000175000001440000000503512350073222012762 0ustar jonathanusers web
"); } if($_SESSION[trueman_count]>=60) { exit("Access Denied"); } if($_POST[id] && $_POST[pw]) { $_POST[id]=addslashes($_POST[id]); $_POST[pw]=addslashes($_POST[pw]); $_SESSION[trueman_count]++; foreach($_POST as $check) { if(eregi(",|sql|inf|uuid|def|data|set|coe|uns|&|~|sys|dev|mic|make|fou|ex|yea|wee|quar|per|now|salt|unc|des|enc|dec|code|:|\([a-z]| |\*|<|>|[0-9]|union|\(\)|[a-z]\)|\^|-|\/|limit|by|group|order|like|!|\||sum|round|ceil|@|length|select|\(\(|not|pi|pro|hex|ascii|ord|left|con|ben|pad|right|mid|locate|ins|pos|reverse|floor|ver|add|com|div|mod|mul|pow|scale|sqrt|bc|abs|ceil|trun|pow|test|least|int|trim|case|sleep|if|count|avg|max|min|day|date|sign|rand|md5|sha|pass|oct|exp|ln|log|crc|rad|sin|cos|tan|asin|acos|atan|cot|\.|bet|in|out|_|name|user|sche|table|sec|time|bin|fie|low|up|load|into|spe|index|rep|row|col|mem|admin|ing|as|show|in|reg|off",$check)) exit("

Access Denied

"); } $id=mb_convert_encoding($_POST[id],"utf-8","euc-kr"); $pw=md5("$_POST[pw]"); $q=@mysql_fetch_array(mysql_query("select * from members where id=('$id') and pw=('$pw')")); if($q) $result="true"; else $result="false"; if($q[id]=="admin" && $q[pw]==md5("$_POST[pw]")) { echo("Admin page"); } } ?>


(/60)		 ID
PW


Source