1 <?php  2 //including the Mysql connect parameters.  3 include("../sql-connections/sql-connect.php");  4 error_reporting(0);  5       6 function check_input($value)  7     {  8     if(!empty($value))  9         { 10         // truncation (see comments) 11         $value = http://www.mamicode.com/substr($value,0,20); 12         } 13  14         // Stripslashes if magic quotes enabled 15         if (get_magic_quotes_gpc()) 16             { 17             $value =http://www.mamicode.com/ stripslashes($value); 18             } 19  20         // Quote if not a number 21         if (!ctype_digit($value)) 22             { 23             $value = http://www.mamicode.com/"‘" . mysql_real_escape_string($value) . "‘"; 24             } 25          26     else 27         { 28         $value =http://www.mamicode.com/ intval($value); 29         } 30     return $value; 31     } 32  33  34  35     $uagent = $_SERVER[‘HTTP_USER_AGENT‘];   #$_SERVER[‘HTTP_USER_AGENT‘]的意思是当前请求的 User_Agent: 头部的内容。 更多$_SERVER详解：http://www.cnblogs.com/xishaonian/p/6160893.html 36     $IP = $_SERVER[‘REMOTE_ADDR‘]; #当前用户的IP 37     echo "<br>"; 38     echo ‘Your IP ADDRESS is: ‘ .$IP; 39     echo "<br>"; 40     //echo ‘Your User Agent is: ‘ .$uagent; 41 // take the variables 42 if(isset($_POST[‘uname‘]) && isset($_POST[‘passwd‘])) #判断uname和passwd是否输入了 43  44     { 45     $uname = check_input($_POST[‘uname‘]);  #使用check_inpuut函数对传过来的uname进行过滤 46     $passwd = check_input($_POST[‘passwd‘]); #使用check_input函数对传过来的passwd进行过滤 47      48      49     echo ‘Your Your User name:‘. $uname; 50     echo "<br>"; 51     echo ‘Your Password:‘. $passwd; 52     echo "<br>"; 53     echo ‘Your User Agent String:‘. $uagent; 54     echo "<br>"; 55     echo ‘Your User Agent String:‘. $IP; 56      57  58     //logging the connection parameters to a file for analysis.     59     $fp=fopen(‘result.txt‘,‘a‘); 60     fwrite($fp,‘User Agent:‘.$uname."\n"); 61      62     fclose($fp); 63      64      65      66     $sql="SELECT  users.username, users.password FROM users WHERE users.username=$uname and users.password=$passwd ORDER BY users.id DESC LIMIT 0,1"; 67     $result1 = mysql_query($sql);  #执行$sql这一条sql语句。mysql_query是执行mysql的意思。 68     $row1 = mysql_fetch_array($result1); 69         if($row1)     #如果$row1为真 70             { 71             echo ‘<font color= "#FFFF00" font size = 3 >‘; 72             $insert="INSERT INTO `security`.`uagents` (`uagent`, `ip_address`, `username`) VALUES (‘$uagent‘, ‘$IP‘, $uname)"; 73             mysql_query($insert); 74             //echo ‘Your IP ADDRESS is: ‘ .$IP; 75             echo "</font>"; 76             //echo "<br>"; 77             echo ‘<font color= "#0000ff" font size = 3 >‘;             78             echo ‘Your User Agent is: ‘ .$uagent; 79             echo "</font>"; 80             echo "<br>"; 81             print_r(mysql_error());             82             echo "<br><br>"; 83             echo ‘<img src="http://www.mamicode.com/images/flag.jpg"  />‘; 84             echo "<br>"; 85              86             } 87         else 88             { 89             echo ‘<font color= "#0000ff" font size="3">‘; 90             //echo "Try again looser"; 91             print_r(mysql_error()); 92             echo "</br>";             93             echo "</br>"; 94             echo ‘<img src="http://www.mamicode.com/images/slap.jpg"   />‘;     95             echo "</font>";   96             } 97  98     } 99 100 ?>