如何解决加点漏洞


如何解决加点漏洞:

<!--#include file="conn.asp" -->
<%
jdmust=10 剩余点数大于此数才能加点
money=1000000 在线加点服务收费
kou=10 对贪心的惩罚,扣去的点数
if request("action")="dl" then
stats="提交"
call jd_1()

elseif request("action")="jd" then
stats="分配点数"
call jd_2()
else
stats="协议"
call jd_3()

end if
-------------------------------------开始分配点数------------------------------------------
sub jd_2()
id=session("usern")
pass=session("userp")
char=session("userc")
llt=request("llt")
tlt=request("tlt")
mjt=request("mjt")
zlt=request("zlt")

↓防止提交负数值~!

if llt<0 or tlt<0 or mjt<0 or zlt<0 then response.write "<script language=javascript>alert(GM:\n\你想黑我啊!);window.parent.close()</script>"
response.end
end if

jds=int(llt)+int(tlt)+int(mjt)+int(zlt)
if id="" or pass="" or char="" then
response.write "<script language=javascript>alert(GM:\n\你想黑我啊!);window.parent.close()</script>"
response.end
else
call check()
lva=session("lvp")
if lva<jds then
call koudian()
response.write "<script language=javascript>alert(GM:\n\你好贪啊,扣你"&kou&"点作为惩罚!);location.href=home.asp</script>"
response.end
else
call jiadian(llt,tlt,mjt,zlt,jds)
response.write "<script language=javascript>alert(GM:\n\哈哈,加好了,你去看看!);location.href=home.asp</script>"
response.end
end if
end if
end sub
--------------------------------扣点-----------------------------
sub koudian()
id=session("usern")
char=session("userc")
set rs8 = Server.CreateObject("ADODB.Recordset")
sql8="select * from Character where AccountID="&id&" and Name="&char&""
rs8.open sql8,conn,1,3
rs8("LevelUpPoint")=rs8("LevelUpPoint")-kou
rs8.update
rs8.Close
end sub
--------------------------------------加点----------------------------
FUNCTION jiadian(llt,tlt,mjt,zlt,jds)
id=session("usern")
char=session("userc")
set rs8 = Server.CreateObject("ADODB.Recordset")
sql8="select * from Character where AccountID="&id&" and Name="&char&""
rs8.open sql8,conn,1,3
rs8("LevelUpPoint")=rs8("LevelUpPoint")-int(jds) →小数取整,防止提交0.999
rs8("Strength")=rs8("Strength")+int(llt) →小数取整,防止提交0.999
rs8("Dexterity")=rs8("Dexterity")+int(mjt) →小数取整,防止提交0.999
rs8("Vitality")=rs8("Vitality")+int(tlt) →小数取整,防止提交0.999
rs8("Energy")=rs8("Energy")+int(zlt) →小数取整,防止提交0.999
rs8("money")=rs8("money")-money
rs8.update
rs8.Close
END FUNCTION

--------------------------------检验提交的表单的数据--------------------------------------------
sub jd_1()
char=request.form("userc")
id=request.form("usern")
pass=request.form("passw")
session("userc")=char
session("usern")=id
session("userp")=pass
if instr(usern,"")<>0 or instr(usern,"=")<>0 or instr(usern,"%")<>0 or id="" or pass="" or char="" then
response.write "<script language=javascript>alert(GM:\n\n资料未填写完整或用户名含有非法字符!);history.back()</script>"
response.end
else
call check()
end if
call jd()
end sub

-----------------------------检验-----------------------------------
sub check()
id=session("usern")
pass=session("userp")
char=session("userc")
set rs = Server.CreateObject("ADODB.Recordset")
sql="select * from MEMB_INFO where memb___id = "&id&" and memb__pwd="&pass&""
set rs=conn.execute(sql)
if rs.eof or rs.bof then
response.write "<script language=javascript>alert(GM:\n\n帐号信息错误,请重新填写!);history.back()</script>"
response.end
else
set rs1 = Server.CreateObject("ADODB.Recordset")
sql1="select * from Character where AccountID="&id&" and Name="&char&" and LevelUpPoint>="&jdmust
rs1.open sql1,conn,1,3
if rs1.eof or rs1.bof then
response.write "<script language=javascript>alert(GM:\n\n你目前能加的点数还不到"&jdmust&"点,自己动动手指加吧!);history.back()</script>"
response.end
end if
if rs1("money")<zhuanshengqian then
response.write "<script language=javascript>alert(GM:\n\n收你"&money&"MU币不算很多吧,你以为我白忙活啊!);history.back()</script>"
response.end
end if
end if
session("lvp")=rs1("LevelUpPoint")
session("ll")=rs1("Strength")
session("tl")=rs1("Vitality")
session("mj")=rs1("Dexterity")
session("zl")=rs1("Energy")
rs1.Close
rs.Close
end sub


-----------------------------登陆---------------------------------
sub jd_3()
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>-=天林奇迹版=-</title>
<link href="img/css.css" rel="stylesheet" type="text/css">
</head>
<body leftmargin="0" topmargin="0">
<!--#include file="top.asp" -->
<TABLE align=center border=1 cellPadding=0 cellSpacing=0 width=760 borderColor="#666666" frame=vsides rules=none>
<TR>
<td width=204 align=left vAlign=top background="img/left_bg.gif"><img src="img/left_top_news.gif" width="204" height="36"><img src="img/left02_hy.gif" width="197" height="40">
<img src="img/122.gif" width="195" height="130" class="hand">
<!--#include file="inc_hy.asp" -->
<table width="195" background="img/xu2.gif">
<tr>
<td width="182" height="1"></td>
</tr>
</table> </TD>
<td width=1 height="190" background="img/xu.gif"></TD>
<td width=553 align=left vAlign=middle bgcolor="#FFFFFF" class="newsbg">
<table width="443" height="199" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td width="437" height="40" align="left" >
<table width="196" border="0" cellspacing="0" cellpadding="3">
<tr>
<td align="center" class="bigf"><font color="#666666">在线加点系统</font></td>
</tr>
</table>
<FORM method=post name=chgform action="userjd.asp"><input type="hidden" name="action" value="dl">
</td>
</tr>
<tr>
<td height="92" align="center">
<TABLE align=left border=0 cellPadding=5 cellSpacing=1 width="241">
<TBODY>
<TR>
<TD align=right class=txt_gray colSpan=2> <DIV align=left>
在线加点每次收费<font color="#FF0000"><%=money%></font>MU币</DIV></TD>
</TR>
<TR>
<TD align=right class=txt_gray colSpan=2> <DIV align=left><FONT
color=#cc3300>请输入您的登陆信息</FONT></DIV></TD>
</TR>
<TR>
<TD align=right class=txt_gray width="65"> <DIV align=left>角色名称</DIV></TD>
<TD class=txt_gray width="133"> <INPUT name=userc type=text class="lanyu" size=17 maxLength=16>
</TD>
</TR>
<TR>
<TD align=right class=txt_gray width="65"> <DIV align=left>用户帐号</DIV></TD>
<TD class=txt_gray width="133"> <INPUT name=usern type=text class="lanyu" size=17 maxLength=16>
</TD>
</TR>
<TR>
<TD class=txt_gray width="65">用户密码</TD>
<TD class=txt_gray width="133"> <INPUT name=passw type=password class="lanyu" size=18 maxLength=16></TD>
</TR>
</TBODY></form>
</TABLE>
</td>
</tr>
<tr>
<td height="25" align="left">
<table width="214" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="208" align="center" class="bigf"><img src="img/reg.gif" width="40" height="17" class="hand" onclick="chgform.submit()"> <img src="img/reg1.gif" width="40" height="17" class="hand" onclick="chgform.reset()"></td>
</tr>
</table>

</td>
</tr>
</table></TD>
</TR>
</TABLE>
</FORM>
<!--#include file="foot.asp" -->
</body>
</html>
<%end sub

----------------------------分配点数--------------------------------
sub jd()
char=session("userc")
id=session("usern")
lvp=session("lvp")
session("lvp")=""
lls=session("ll")
tls=session("tl")
mjs=session("mj")
zls=session("zl")
%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>-=天林奇迹版=-</title>
<link href="img/css.css" rel="stylesheet" type="text/css">
</head>
<body leftmargin="0" topmargin="0">
<!--#include file="top.asp" -->
<TABLE align=center border=1 cellPadding=0 cellSpacing=0 width=760 borderColor="#666666" frame=vsides rules=none>
<TR>
<td width=204 align=left vAlign=top background="img/left_bg.gif"><img src="img/left_top_news.gif" width="204" height="36"><img src="img/left02_hy.gif" width="197" height="40">
<img src="img/122.gif" width="195" height="130" class="hand">
<!--#include file="inc_hy.asp" -->
<table width="195" background="img/xu2.gif">
<tr>
<td width="182" height="1"></td>
</tr>
</table>
</TD>
<td width=1 height="190" background="img/xu.gif"></TD>
<td width=553 align=left vAlign=middle bgcolor="#FFFFFF" class="newsbg">
<table width="443" height="199" border="0" align="center" cellpadding="3" cellspacing="0">
<tr>
<td width="437" height="40" align="left" >
<table width="196" border="0" cellspacing="0" cellpadding="3">
<tr>
<td align="center" class="bigf"><font color="#666666">在线加点系统</font></td>
</tr>
<FORM method=post name=chgform action="userjd.asp"><input type="hidden" name="action" value="jd">
</table>
</td>
</tr>
<tr>
<td height="92" align="center">
<TABLE align=left border=0 cellPadding=5 cellSpacing=1 width="241">
<TBODY>
<TR>
<TD align=right class=txt_gray width="65"> <DIV align=left>角色名称</DIV></TD>
<TD class=txt_gray width="133"> <%=char%>
</TD>
</TR>
<TR>
<TD align=right class=txt_gray width="65"> <DIV align=left>用户帐号</DIV></TD>
<TD class=txt_gray width="133"> <%=id%>
</TD>
</TR>
<TR>
<TD align=right class=txt_gray colSpan=2> <DIV align=left><FONT color=#cc3300><b>
所加点数总和不要超过剩余点数<br>
否则将扣去<%=kou%>点作为您贪心的惩罚!!</FONT></b></DIV></TD>
</TR>
<TR>
<TD align=right class=txt_gray width="65"> <DIV align=left>剩余点数</DIV></TD>
<TD class=txt_gray width="133"> <%=lvp%> 点
</TD>
</TR>
<TR>
<TD class=txt_gray width="85">力量 <%=lls%> +</TD>
<TD class=txt_gray width=100"> <INPUT name=llt value=0 size=7 maxLength=7>
</TD>
</TR>
<TR>
<TD class=txt_gray width="85">敏捷 <%=mjs%> +</TD>
<TD class=txt_gray width=100"> <INPUT name=mjt value=0 size=7 maxLength=7>
</TD>
</TR>
<TR>
<TD class=txt_gray width="85">体力 <%=tls%> +</TD>
<TD class=txt_gray width=100"> <INPUT name=tlt value=0 size=7 maxLength=7>
</TD>
</TR>
<TR>
<TD class=txt_gray width="85">智力 <%=zls%> +</TD>
<TD class=txt_gray width=100"> <INPUT name=zlt value=0 size=7 maxLength=7>
</TD>
</TR>
</TBODY></form>
</TABLE>
</td>
</tr>
<tr>
<td height="25" align="left">
<table width="214" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="208" align="center" class="bigf"><img src="img/reg.gif" width="40" height="17" class="hand" onclick="chgform.submit()"> <img src="img/reg1.gif" width="40" height="17" class="hand" onclick="chgform.reset()"></td>
</tr>
</table>

</td>
</tr>
</table></TD>
</TR>
</TABLE>
</FORM>
<!--#include file="foot.asp" -->
</body>
</html>
<%end sub%>

 

 

请大家切记本站:奇迹私服 HTTP://www.218mu.com

 

◆ 更多的技术资料正在整理中,本决将努力的不断更新! ◆
站长QQ: 67254354[ 530免费私服发布网 版权所有 ]
Copyright @ 2007-2008 www.218mu.com 奇迹私服 All rights reserved.

免责声明:218mu.Com 新开奇迹私服 登载之所有信息及资源均出于传递更多信息之目的,并不意味着本站赞同其观点或证实其描述.本站所有信息均为免费发布,并非赢利及商业目的.