<?php
$unserialize_str = 'a:2:{s:4:"user";b:1;s:4:"pass";b:"s878926199a";}';
echo var_dump(array(12)=="12");
$_POST='a:3:{s:8:"username";b:1;s:8:"password";b:0;s:5:"login";s:5:"Login";}';
//$USER="ADMIN";
//$PASS="PASS";
$P=unserialize($_POST);
echo $P;
if(isset($_POST['login']))
{
$user = addslashes($_POST['username']);
if(strlen($user)>50)
die("用户名长度不能超过50个字符");
$user=urldecode($user);
$user_arr=unserialize($user);
$pass = addslashes($_POST['password']);
$adminpass="!1793422703!";
if($pass==$adminpass){die("请勿攻击admin账户!");}
if(md5($pass)==md5($adminpass)){
if($user_arr['user']==$USER && $user_arr['pass']==$PASS)
echo "Well done, the key:".$KEY;//KEY隐藏了
else
die("用户名错误");
}else{
die("密码错误!");
}
}
?>
- Output for 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.19, 8.3.0 - 8.3.7
- bool(false)
Warning: Array to string conversion in /in/V57Yg on line 10
Array
- Output for 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0 - 7.2.33, 7.3.16 - 7.3.31, 7.4.0 - 7.4.33
- bool(false)
Notice: Array to string conversion in /in/V57Yg on line 10
Array
- Output for 7.3.32 - 7.3.33
- bool(false)
Array
preferences:
160.87 ms | 405 KiB | 225 Q