源码如下:(admin/login.php)


01 <? 
02 session_start(); 
03 include "../include/databaseConfig.inc.php"; 
04 $admin = $_POST[admin]; 
05 $pass = md5($_POST[pass]); 
06 $codes = $_POST[codes]; 
07 if($_GET[action])...{ //这里开始错误! 
08 /*  这里注释掉了我们就不管了。
09 if($result=$db->Execute("select * from x_admin where a_admin=".$admin.""))...{  
10 if($rs=mysql_fetch_object($result))...{ 
11 if($rs->a_pws==$pass)...{ 
12 if($codes!=$_SESSION[code])...{ 
13 unset($_SESSION[code]); 
14 echo "<script>alert(验证码错误!);location.href=Login.php;</script>"; 
15 } 
16 else...{ 
17 $_SESSION[kgj_admin]=$admin; 
18 $result = $DB->query("UPDATE x_admin SET ip = $_SERVER[REMOTE_ADDR] WHERE id =$rs->id"); 
19 header("location:index.php"); 
20 } 
21 } 
22 else 
23 ...{ 
24 echo "<script>alert(密码错误!);location.href=Login.php;</script>"; 
25 } 
26 } 
27 else...{ 
28 echo "<script>alert(帐号错误!);location.href=Login.php;</script>"; 
29 } 
30 }*/ 
31 $sql="select * from xx_admin where adminuser=$admin"; 
32 $result=$db->Execute($sql); 
33 //print_r ($result); 
34 if($admin==$result->fields[adminuser])...{ 
35 if($pass==$result->fields[adminpass])...{ 
36 $_SESSION[kgj_admin]=$admin; 
37 header("location:index.php"); 
38 }else...{ 
39 echo "<script>alert(密码错误)</script>"; 
40 } 
41 }else...{ 
42 echo "<script>alert(帐号错误)</script>"; 
43 } 
44 $_SESSION[kgj_admin]=$admin; //这里致命了!其他不解释了!
45 //header("location:index.php"); 
46 } 
47 while(($authnum=rand()%10000)<1000); 
48 ?>

测试很简单随便输入帐号密码登录一边然后在直接访问后台管理页面index.php就OK了

不过也没测试的站点把。小程序只是给我们研究下的!