Wall posté le Mercredi 16 septembre 2009
Piratage...
- <?
- include('header.php');
- include('menu.php');
- if(isset($_POST['sub'])) {
- if(isset($_POST['nom']) && (!empty($_POST['nom'])) && (isset($_POST['commentaire'])) && (!empty($_POST['commentaire']))) {
- include('config.php');
- $ip = $_SERVER['REMOTE_ADDR'];
- $date = date('Y-m-d H:i:s');
- $sql = "SELECT COUNT(*) FROM blackliste WHERE ip='$ip'";
- $resultat = mysql_query($sql) or die('Erreur SQL !<br />'.$sql.'<br />'.mysql_error());
- $nb_total = mysql_fetch_array($resultat);
- if ($nb_total[0] != 0) {
- $sql = "UPDATE blackliste SET nbblock = nbblock+1, date='$date' WHERE ip='$ip'";
- mysql_query ($sql);
- echo "<font color='#FF0000'>Votre adresse IP est blacklistée!<br />Contactez l'administrateur</font>";
- include('footer.php');
- exit();
- }
- $nom = $_POST['nom'];
- $calcul = $_POST['calcul'];
- $captcha = $_POST['captcha'];
- $commentaire = $_POST['commentaire'];
- $date = date("Y-m-d");
- $ip = $_SERVER['REMOTE_ADDR'];
- if($calcul!=$captcha) {
- echo "<font color='#FF0000'>Code a recopier incorrect !</font>";
- } else {
- $sql="INSERT INTO livre VALUE('', '".mysql_escape_string($commentaire)."', '".mysql_escape_string($nom)."', '$date', '0', '$ip')";
- mysql_query($sql);
- mysql_close();
- echo '<table border="0" cellspacing="0" cellpadding="0" width="406">
- <tr>
- <td width="406" class="bodyText">Merci ton commentaire à été ajouté<br />';
- echo '<a href="livre.php">Retour au livre d\'or</a></td>
- </tr></table>';
- include('footer.php');
- exit();
- }
- } else {
- echo "<font color='#FF0000'>Merci de remplir les 2 champs !</font>";
- }
- }
- ?>
- <table border="0" cellspacing="0" cellpadding="0" width="406">
- <tr>
- <td width="406" class="bodyTitre">Signez notre livre d'or </td>
- </tr>
- <tr>
- <td class="bodyText" valign="top"><br />
- <form id="form1" name="form1" method="post" action="">
- <table width="90%" border="0">
- <tr>
- <td width="190">Nom </td>
- <td width="150">
- <input name="nom" type="text" id="nom" maxlength="20" />
- </td>
- </tr>
- <tr>
- <td width="190" valign="center">Recopiez ce code :
- </td>
- <td width="150" valign="top">
- <input name="calcul" type="text" id="calcul" maxlength="10" size="10" />
- <?
- for($i=0; $i<5; $i++) {
- $texte .= chr(rand(0, 25) + ord('a'));
- }
- echo '<img src="captcha.php?texte='.$texte.'" border=1>';
- echo '<input name="captcha" type="hidden" value="'.$texte.'" />';
- ?>
- </td>
- </tr>
- <tr>
- <td>Commentaire</td>
- <td align="left"><textarea name="commentaire" rows="7"></textarea></td>
- </tr>
- <tr>
- <td colspan="2">
- <input name="sub" type="submit" value="Envoyer" />
- </td>
- </tr>
- </table>
- </form>
- </td>
- </tr>
- </table>
- <?
- include('footer.php');
- ?>
Remonter 
