Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- isset($_SESSION["admin"])&&$_SESSION["admin"]==true //this can pass
- $conn = new PDO('mysql:host=localhost;port=3306;dbname=xxx' , 'xxx' , 'xxxx');
- $conn->setAttribute(PDO::ATTR_ORACLE_NULLS, true);
- <form class="login" action="index.php" method="post">
- <span>account:</span><input type="text" name="username" /><br /><br />
- <span>password:</span><input type="password" name="password"/><br /><br />
- <span>verificationCode:</span><input type="text" name="code" /><img id="code" src="create_code.php" alt="another" style="cursor: pointer; vertical-align:middle;" onClick="create_code()"/><br /><br />
- <input type="submit" style="margin-left:35%" value="logon" /><input type="reset" value="" /> </div>
- </form>
- <?php
- session_start();
- if(!isset($_GET['log_out']) && ($_POST['code'] != $_SESSION['code']))
- {
- echo "wrong verificationCode!<br />" . "<meta http-equiv='refresh' content='2;url=index.html'>";
- }
- if(!isset($_GET['log_out']))
- {
- $user = $_POST['username'];
- $pwd = $_POST['password'];
- if($user!=null & $pwd!=null)
- {
- try
- {
- $conn=new PDO('mysql:host=x.x.x.x;port=3306;dbname=hpc',$user,$pwd);
- }
- catch(PDOException $e)
- {
- echo "faile<br />".$e->getMessage()."<meta http-equiv='refresh' content='1;url=index.html'>";
- }
- if($conn)
- {
- $_SESSION["admin"]=true;
- $stas = $conn->getAttribute(PDO::ATTR_CONNECTION_STATUS);
- .....
- echo "<script language='javascript' type='text/javascript'>";
- echo "window.location.href='http://xx.xx.xx.xx/repair_device.php'";
- echo "</script>";
- .....
- }
- }
- }
- ?>
- <?php
- session_start();
- //create pic
- header("Content-type: image/png");
- .....
- $_SESSION['code'] = $verifyCode; //stor verification code in session
- ......
- ?>
- <!DOCTYPE html>
- <html>
- <head>
- ......
- </head>
- <body>
- <?php
- session_start();
- // $conn = new PDO('mysql:host=localhost;port=3306;dbname=xxx' , 'xxx' , 'xxxx');
- //$conn->setAttribute(PDO::ATTR_ORACLE_NULLS, true);
- $admin=false;
- if(isset($_SESSION["admin"])&&$_SESSION["admin"]==true)
- {
- alert("testInDR");
- $sql = "select * from hpc_repairdevice order by datetime desc";
- ......
- $sel=$conn->query($sql);
- ......
- }
- ?>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement