• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

PHP tokenField函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了PHP中tokenField函数的典型用法代码示例。如果您正苦于以下问题:PHP tokenField函数的具体用法?PHP tokenField怎么用?PHP tokenField使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了tokenField函数的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。

示例1: dvwaDatabaseConnect

$page['source_button'] = 'sqli';
dvwaDatabaseConnect();
$vulnerabilityFile = '';
switch ($_COOKIE['security']) {
    case 'low':
        $vulnerabilityFile = 'low.php';
        break;
    case 'medium':
        $vulnerabilityFile = 'medium.php';
        break;
    case 'high':
    default:
        $vulnerabilityFile = 'high.php';
        break;
}
// Anti-CSRF
if ($vulnerabilityFile == 'high.php') {
    generateTokens();
}
require_once DVWA_WEB_PAGE_TO_ROOT . "vulnerabilities/sqli/source/{$vulnerabilityFile}";
$magicQuotesWarningHtml = '';
// Check if Magic Quotes are on or off
if (ini_get('magic_quotes_gpc') == true) {
    $magicQuotesWarningHtml = "<div class=\"warning\">Magic Quotes are on, you will not be able to inject SQL.</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Vulnerability: SQL Injection</h1>\r\n\r\n\t{$magicQuotesWarningHtml}\r\n\r\n\t<div class=\"vulnerable_code_area\">\r\n\t\t<form action=\"#\" method=\"GET\">\r\n\t\t\t<p>\r\n\t\t\t\tUser ID:\r\n\t\t\t\t<input type=\"text\" size=\"15\" name=\"id\">\r\n\t\t\t\t<input type=\"submit\" name=\"Submit\" value=\"Submit\">\r\n\t\t\t</p>";
if ($vulnerabilityFile == 'high.php') {
    $page['body'] .= "\t\t\t" . tokenField();
}
$page['body'] .= "\r\n\t\t</form>\r\n\t\t{$html}\r\n\t</div>\r\n\r\n\t<h2>More Information</h2>\r\n\t<ul>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://www.securiteam.com/securityreviews/5DP0N1P76E.html') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://en.wikipedia.org/wiki/SQL_injection') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('https://www.owasp.org/index.php/SQL_Injection') . "</li>\r\n\t\t<li>" . dvwaExternalLinkUrlGet('http://bobby-tables.com/') . "</li>\r\n\t</ul>\r\n</div>\r\n";
dvwaHtmlEcho($page);
开发者ID:securityigi,项目名称:DVWA,代码行数:31,代码来源:index.php


示例2: mysql_real_escape_string

    $pass = mysql_real_escape_string($pass);
    $pass = md5($pass);
    $query = "SELECT table_schema, table_name, create_time\r\n\t\t\t\tFROM information_schema.tables\r\n\t\t\t\tWHERE table_schema='{$_DVWA['db_database']}' AND table_name='users'\r\n\t\t\t\tLIMIT 1";
    $result = @mysql_query($query);
    if (mysql_num_rows($result) != 1) {
        dvwaMessagePush("First time using DVWA.<br />Need to run 'setup.php'.");
        dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php');
    }
    $query = "SELECT * FROM `users` WHERE user='{$user}' AND password='{$pass}';";
    $result = @mysql_query($query) or die('<pre>' . mysql_error() . '.<br />Try <a href="setup.php">installing again</a>.</pre>');
    if ($result && mysql_num_rows($result) == 1) {
        // Login Successful...
        dvwaMessagePush("You have logged in as '{$user}'");
        dvwaLogin($user);
        dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'index.php');
    }
    // Login failed
    dvwaMessagePush('Login failed');
    dvwaRedirect('login.php');
}
$messagesHtml = messagesPopAllToHtml();
Header('Cache-Control: no-cache, must-revalidate');
// HTTP/1.1
Header('Content-Type: text/html;charset=utf-8');
// TODO- proper XHTML headers...
Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT');
// Date in the past
// Anti-CSRF
generateSessionToken();
echo "\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\r\n\t<head>\r\n\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />\r\n\r\n\t\t<title>Login :: Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</title>\r\n\r\n\t\t<link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/login.css\" />\r\n\r\n\t</head>\r\n\r\n\t<body>\r\n\r\n\t<div id=\"wrapper\">\r\n\r\n\t<div id=\"header\">\r\n\r\n\t<br />\r\n\r\n\t<p><img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/login_logo.png\" /></p>\r\n\r\n\t<br />\r\n\r\n\t</div> <!--<div id=\"header\">-->\r\n\r\n\t<div id=\"content\">\r\n\r\n\t<form action=\"login.php\" method=\"post\">\r\n\r\n\t<fieldset>\r\n\r\n\t\t\t<label for=\"user\">Username</label> <input type=\"text\" class=\"loginInput\" size=\"20\" name=\"username\"><br />\r\n\r\n\r\n\t\t\t<label for=\"pass\">Password</label> <input type=\"password\" class=\"loginInput\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"><br />\r\n\r\n\t\t\t<br />\r\n\r\n\t\t\t<p class=\"submit\"><input type=\"submit\" value=\"Login\" name=\"Login\"></p>\r\n\r\n\t</fieldset>\r\n\r\n\t" . tokenField() . "\r\n\r\n\t</form>\r\n\r\n\t<br />\r\n\r\n\t{$messagesHtml}\r\n\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\t<br />\r\n\r\n\t<!-- <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/RandomStorm.png\" /> -->\r\n\t</div > <!--<div id=\"content\">-->\r\n\r\n\t<div id=\"footer\">\r\n\r\n\t<p>" . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/', 'Damn Vulnerable Web Application (DVWA)') . " is a RandomStorm OpenSource project.</p>\r\n\r\n\t</div> <!--<div id=\"footer\"> -->\r\n\r\n\t</div> <!--<div id=\"wrapper\"> -->\r\n\r\n\t</body>\r\n\r\n</html>";
开发者ID:cinno,项目名称:DVWA,代码行数:30,代码来源:login.php


示例3: dvwaPhpIdsEnabledSet

            dvwaPhpIdsEnabledSet(false);
            dvwaMessagePush("PHPIDS is now disabled");
            break;
    }
    dvwaPageReload();
}
$securityOptionsHtml = '';
$securityLevelHtml = '';
foreach (array('low', 'medium', 'high', 'impossible') as $securityLevel) {
    $selected = '';
    if ($securityLevel == dvwaSecurityLevelGet()) {
        $selected = ' selected="selected"';
        $securityLevelHtml = "<p>Security level is currently: <em>{$securityLevel}</em>.<p>";
    }
    $securityOptionsHtml .= "<option value=\"{$securityLevel}\"{$selected}>" . ucfirst($securityLevel) . "</option>";
}
$phpIdsHtml = 'PHPIDS is currently: ';
if (dvwaPhpIdsIsEnabled()) {
    $phpIdsHtml .= '<em>enabled</em>. [<a href="?phpids=off">Disable PHPIDS</a>]';
} else {
    $phpIdsHtml .= '<em>disabled</em>. [<a href="?phpids=on">Enable PHPIDS</a>]';
}
// Anti-CSRF
generateSessionToken();
// Able to write to the PHPIDS log file?
$WarningHtml = '';
if (!is_writable($PHPIDSPath)) {
    $WarningHtml .= "<div class=\"warning\"><em>Cannot write to the PHPIDS log file</em>: {$PHPIDSPath}</div>";
}
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>DVWA Security <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/lock.png\" /></h1>\r\n\t<br />\r\n\r\n\t<h2>Security Level</h2>\r\n\r\n\t{$securityHtml}\r\n\r\n\t<form action=\"#\" method=\"POST\">\r\n\t\t{$securityLevelHtml}\r\n\t\t<p>You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:</p>\r\n\t\t<ol>\r\n\t\t\t<li> Low - This security level is completely vulnerable and <em>has no security measures at all</em>. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.</li>\r\n\t\t\t<li> Medium - This setting is mainly to give an example to the user of <em>bad security practices</em>, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.</li>\r\n\t\t\t<li> High - This option is an extension to the medium difficulty, with a mixture of <em>harder or alternative bad practices</em> to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.</li>\r\n\t\t\t<li> Impossible - This level should be <em>secure against all vulnerabilities</em>. It is used to compare the vulnerable source code to the secure source code.<br />\r\n\t\t\t\tPriority to DVWA v1.9, this level was known as 'high'.</li>\r\n\t\t</ol>\r\n\t\t<select name=\"security\">\r\n\t\t\t{$securityOptionsHtml}\r\n\t\t</select>\r\n\t\t<input type=\"submit\" value=\"Submit\" name=\"seclev_submit\">\r\n\t\t" . tokenField() . "\r\n\t</form>\r\n\r\n\t<br />\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>PHPIDS</h2>\r\n\t{$WarningHtml}\r\n\t<p>" . dvwaExternalLinkUrlGet('https://github.com/PHPIDS/PHPIDS', 'PHPIDS') . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.</p>\r\n\t<p>PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.</p>\r\n\t<p>You can enable PHPIDS across this site for the duration of your session.</p>\r\n\r\n\t<p>{$phpIdsHtml}</p>\r\n\t[<a href=\"?test=%22><script>eval(window.name)</script>\">Simulate attack</a>] -\r\n\t[<a href=\"ids_log.php\">View IDS log</a>]\r\n</div>";
dvwaHtmlEcho($page);
开发者ID:cinno,项目名称:DVWA,代码行数:31,代码来源:security.php


示例4: define

<?php

define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
$page = dvwaPageNewGrab();
$page['title'] = 'Setup' . $page['title_separator'] . $page['title'];
$page['page_id'] = 'setup';
if (isset($_POST['create_db'])) {
    // Anti-CSRF
    checkToken($_REQUEST['user_token'], $_SESSION['session_token'], 'setup.php');
    if ($DBMS == 'MySQL') {
        include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';
    } elseif ($DBMS == 'PGSQL') {
        // include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/PGSQL.php';
        dvwaMessagePush('PostgreSQL is not yet fully supported.');
        dvwaPageReload();
    } else {
        dvwaMessagePush('ERROR: Invalid database selected. Please review the config file syntax.');
        dvwaPageReload();
    }
}
// Anti-CSRF
generateSessionToken();
$page['body'] .= "\n<div class=\"body_padded\">\n\t<h1>Database Setup <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/spanner.png\" /></h1>\n\n\t<p>Click on the 'Create / Reset Database' button below to create or reset your database.<br />\n\tIf you get an error make sure you have the correct user credentials in: <em>" . realpath(getcwd() . DIRECTORY_SEPARATOR . "config" . DIRECTORY_SEPARATOR . "config.inc.php") . "</em></p>\n\n\t<p>If the database already exists, <em>it will be cleared and the data will be reset</em>.<br />\n\tYou can also use this to reset the administrator credentials (\"<em>admin</em> // <em>password</em>\") at any stage.</p>\n\t<hr />\n\t<br />\n\n\t<h2>Setup Check</h2>\n\n\t{$DVWAOS}<br />\n\tBackend database: <em>{$DBMS}</em><br />\n\tPHP version: <em>" . phpversion() . "</em><br />\n\t<br />\n\t{$SERVER_NAME}<br />\n\t<br />\n\t{$phpDisplayErrors}<br />\n\t{$phpSafeMode}<br/ >\n\t{$phpURLInclude}<br/ >\n\t{$phpURLFopen}<br />\n\t{$phpMagicQuotes}<br />\n\t{$phpGD}<br />\n\t{$phpMySQL}<br />\n\t{$phpPDO}<br />\n\t<br />\n\t{$MYSQL_USER}<br />\n\t{$MYSQL_PASS}<br />\n\t{$MYSQL_DB}<br />\n\t{$MYSQL_SERVER}<br />\n\t<br />\n\t{$DVWARecaptcha}<br />\n\t<br />\n\t{$DVWAUploadsWrite}<br />\n\t{$DVWAPHPWrite}<br />\n\t<br />\n\t<i><span class=\"failure\">Status in red</span>, indicate there will be an issue when trying to complete some modules.</i><br />\n\t<br /><br /><br />\n\n\t<!-- Create db button -->\n\t<form action=\"#\" method=\"post\">\n\t\t<input name=\"create_db\" type=\"submit\" value=\"Create / Reset Database\">\n\t\t" . tokenField() . "\n\t</form>\n\t<br />\n\t<hr />\n</div>";
dvwaHtmlEcho($page);
开发者ID:0x27,项目名称:opencart,代码行数:26,代码来源:setup.php


示例5: define

<?php

define('DVWA_WEB_PAGE_TO_ROOT', '');
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php';
dvwaPageStartup(array('phpids'));
$page = dvwaPageNewGrab();
$page['title'] .= $page['title_separator'] . 'Setup';
$page['page_id'] = 'setup';
if (isset($_POST['create_db'])) {
    // Anti-CSRF
    checkTokens($_POST['token'], "setup.php");
    if ($DBMS == 'MySQL') {
        include_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/DBMS/MySQL.php';
    } elseif ($DBMS == 'PGSQL') {
        // include_once DVWA_WEB_PAGE_TO_ROOT.'dvwa/includes/DBMS/PGSQL.php';
        dvwaMessagePush('PostgreSQL is not yet fully supported.');
        dvwaPageReload();
    } else {
        dvwaMessagePush('ERROR: Invalid database selected. Please review the config file syntax.');
        dvwaPageReload();
    }
}
// Anti-CSRF
generateTokens();
$page['body'] .= "\r\n<div class=\"body_padded\">\r\n\t<h1>Database Setup <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/spanner.png\" /></h1>\r\n\r\n\t<p>Click on the 'Create / Reset Database' button below to create or reset your database.</br>\r\n\tIf you get an error make sure you have the correct user credentials in: <em>" . realpath(getcwd()) . "/config/config.inc.php</em></p>\r\n\r\n\t<p>If the database already exists, <em>it will be cleared and the data will be reset</em>.<br />\r\n\tYou can also use this to reset the administrator credentials (\"<em>admin</em> // <em>password</em>\") at any stage.</p>\r\n\t<hr />\r\n\t<br />\r\n\r\n\t<h2>Setup Check</h2>\r\n\r\n\t{$DVWAOS}<br />\r\n\tBackend Database: <em>" . $DBMS . "</em><br />\r\n\t<br />\r\n\tPHP Version: v<em>" . phpversion() . "</em><br />\r\n\t{$phpSafeMode}<br/ >\r\n\t{$phpDisplayErrors}<br />\r\n\t{$phpURLInclude}<br/ >\r\n\t{$phpURLFopen}<br />\r\n\t{$phpMagicQuotes}<br />\r\n\t<br />\r\n\t{$DVWARecaptcha}<br />\r\n\t<br />\r\n\t{$DVWAUploadsWrite}<br />\r\n\t{$DVWAPHPWrite}<br />\r\n\t<br />\r\n\t<i>Status with \"(*)\" indicate there could be possible issue(s) with a certain modules.</i><br />\r\n\t<br /><br /><br />\r\n\r\n\t<!-- Create db button -->\r\n\t<form action=\"#\" method=\"post\">\r\n\t\t<input name=\"create_db\" type=\"submit\" value=\"Create / Reset Database\">\r\n\t\t" . tokenField() . "\r\n\t</form>\r\n</div>\r\n";
dvwaHtmlEcho($page);
开发者ID:securityigi,项目名称:DVWA,代码行数:26,代码来源:setup.php



注:本文中的tokenField函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
PHP token_generate函数代码示例发布时间:2022-05-23
下一篇:
PHP token函数代码示例发布时间:2022-05-23
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap