萧哥哥 <?php
function pb_attack_filter($StrFiltKey,$StrFiltValue,$ArrFiltReq){
if(is_array($StrFiltValue))
{
$StrFiltValue=implode($StrFiltValue);
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
echo $ArrFiltReq;
echo $StrFiltValue;
die("illeage");
exit();
}
}
function pb_hack_check(){
$getfilter="*|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|ascii|load_file|substring|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$_PG=array_merge($_GET,$_POST);
foreach($_PG as $key=>$value){
pb_attack_filter($key,$value,$getfilter);
pb_attack_filter($key,$value,$postfilter);
}
}
function upload()
{
$uploaddir = "files/";
$type=array("jpg","gif","bmp","jpeg","png");
$imgName=$_FILES[*photofile*][*name*];
$ext=substr(strrchr($imgName, *.*), 1);
if(!in_array(ext,$type))
{
$text=implode(",",$type);
die("您只能上传以下类型文件: ",$text,"<br>");
}
$introduct=$_POST["introduct"];
$destfile=date("ymdhis").mt_rand(1000,9999).*.*.$ext;
$target = $uploaddir.$destfile;
if(file_exits($target))
{
unlink($target);
}
if (move_uploaded_file($_FILES[*photofile*][*tmp_name*],$uploadfile))
{
$sql= "insert into document(uid,filename,filepath,introduction)values($uid,*$imgName*,*$target*,*$introduct*)";
mysql_query($sql);
echo "上传成功";
}
}
function downfile($id)
{
$uid=inval($_SESSION[*uid*]);
$sql="select * from document where uid=$uid and id=$id";
$result=mysql_query($sql);
$filename="";
while($row = mysql_fetch_array($resul))
{
$filename=$row["filename"];
$filepath=$row["filepath"];
}
if(isset($filename)&&isset($filepath))
{
$file = fopen($filepath);
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length: ".filesize($filepath));
Header("Content-Disposition: attachment; filename=" . $filename);
echo fread($file,filesize($file_dir . $filename));
fclose($file);
exit();
}
}
pb_hack_check();
if(!isset($_SESSION[*uid*]))
{
echo "<script>location.href=*login.php*;</script>";
}
if(isset($_GET["action"]))
{
switch($_GET["action"])
{
case "upfile":
upload();
break;
case "downfile":
if(isset($_GET["id"]))
downfile($_GET["id"]);
break;
}
}
?>
function pb_attack_filter($StrFiltKey,$StrFiltValue,$ArrFiltReq){
if(is_array($StrFiltValue))
{
$StrFiltValue=implode($StrFiltValue);
}
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
echo $ArrFiltReq;
echo $StrFiltValue;
die("illeage");
exit();
}
}
function pb_hack_check(){
$getfilter="*|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|ascii|load_file|substring|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$_PG=array_merge($_GET,$_POST);
foreach($_PG as $key=>$value){
pb_attack_filter($key,$value,$getfilter);
pb_attack_filter($key,$value,$postfilter);
}
}
function upload()
{
$uploaddir = "files/";
$type=array("jpg","gif","bmp","jpeg","png");
$imgName=$_FILES[*photofile*][*name*];
$ext=substr(strrchr($imgName, *.*), 1);
if(!in_array(ext,$type))
{
$text=implode(",",$type);
die("您只能上传以下类型文件: ",$text,"<br>");
}
$introduct=$_POST["introduct"];
$destfile=date("ymdhis").mt_rand(1000,9999).*.*.$ext;
$target = $uploaddir.$destfile;
if(file_exits($target))
{
unlink($target);
}
if (move_uploaded_file($_FILES[*photofile*][*tmp_name*],$uploadfile))
{
$sql= "insert into document(uid,filename,filepath,introduction)values($uid,*$imgName*,*$target*,*$introduct*)";
mysql_query($sql);
echo "上传成功";
}
}
function downfile($id)
{
$uid=inval($_SESSION[*uid*]);
$sql="select * from document where uid=$uid and id=$id";
$result=mysql_query($sql);
$filename="";
while($row = mysql_fetch_array($resul))
{
$filename=$row["filename"];
$filepath=$row["filepath"];
}
if(isset($filename)&&isset($filepath))
{
$file = fopen($filepath);
Header("Content-type: application/octet-stream");
Header("Accept-Ranges: bytes");
Header("Accept-Length: ".filesize($filepath));
Header("Content-Disposition: attachment; filename=" . $filename);
echo fread($file,filesize($file_dir . $filename));
fclose($file);
exit();
}
}
pb_hack_check();
if(!isset($_SESSION[*uid*]))
{
echo "<script>location.href=*login.php*;</script>";
}
if(isset($_GET["action"]))
{
switch($_GET["action"])
{
case "upfile":
upload();
break;
case "downfile":
if(isset($_GET["id"]))
downfile($_GET["id"]);
break;
}
}
?>
