在 post 方法中隐藏表单操作 url [英] Hide form action url in post method
问题描述
我在下面有这个代码,我想把它插入到新脚本中
i have this code below and i want to insert it in new script
<?php
session_start();
$host = "localhost";
$username = "#";
$password = "#";
$dbname = "#";
$ip = getenv("REMOTE_ADDR") ;
$time = time();
$waktu = date("G:i:s",time());
//database connect
mysql_connect($host,$username,$password) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
mysql_query("SET NAMES utf8");
mysql_query("CREATE TABLE IF NOT EXISTS `cookies` (
`ip` varchar(32) NOT NULL DEFAULT '',
`time` varchar(32) DEFAULT NULL,
`waktu` varchar(255) DEFAULT NULL,
PRIMARY KEY (`ip`)
ENGINE=MyISAM DEFAULT CHARSET=utf8;
)
");
function get_html($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FAILONERROR, 0);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$token = $_SESSION['token'];
if($token){
$graph_url ="http://example.com?user=" . $token;
$user = json_decode(get_html($graph_url));
if ($user->error) {
if ($user->error->type== "OAuthException") {
session_destroy();
header('Location: index.php?info=403');
}
}
}
else{
header('Location: index.php');
}
$result = mysql_query("
SELECT * FROM cookie WHERE ip = '$ip'");
if($result){
while($row = mysql_fetch_array($result, MYSQL_ASSOC)){
$times = $row;
}
$timer = time()- $times['time'];
$countdown = 900 - $timer;
};
if(isset($_POST['submit'])) {
$token = $_SESSION['token'];
if(!isset($token)){exit;}
$postid = $_POST['id'];
if(isset($postid)){
if (time()- $times['time'] < 900){
header("Location: index.php?info=404");
}
else{
mysql_query("REPLACE INTO cookie (ip,time,waktu) VALUES ( '$ip','$time','$waktu')");
$ch = curl_init('http://example.com/secure.php');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, "id=$postid");
$hasil = curl_exec ($ch);
curl_close ($ch);
if (strpos($hasil,'GAGAL') !== false) {
echo 'Done';
}else{
//header("Location: index.php");
header("Location: index.php?info=401");
}
}
}else{
header("Location: index.php");
};
}else{
$go ="hello";
}
$urlSplitted = explode('?fbid=', $_GET['url']);
$fbid = $urlSplitted[1];
?>
接下来我有新的脚本仪表板,其中包含以下代码:
And next i have new script dashboard having code below:
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location:index.php");
}
$fbid = '7676767676';
?>
<form action="" method="post" class="form-wrapper cf">
Id Is: <font color="red"><strong><?php echo $fbid; ?></strong></font>
<input name="id" value="<?php echo $fbid; ?>" type="hidden">
<input type="submit" value="send">
</form>
现在我想使用该secure.php作为隐藏,没有人可以在表单操作中看到该文件,当我发送表单时,它会自动将数据发送到secure.php
我不需要任何数据库来保存数据和没有 900 秒计时器,我无法尽可能简单地编辑它.
任何帮助将不胜感激!谢谢.
Now i want to use that secure.php as hidden that no one can see that file in form action and when i send form then it automatically sends data to secure.php
I dont need any database to save data and no 900second timer, I am unable to edit this as simple i can.
Any help will be appreciated! Thanks.
推荐答案
PHP 代码对您的问题毫无用处.
PHP code is useless for your question.
为了混淆动作 url,您可以使用一些 javascript 来设置仅在提交时的属性.在这里你可以看到一个愚蠢的例子:http://codepen.io/anon/pen/gprygB
To obfuscate action url you could use some javascript to set attribute only on submit. Here you can see a dumb example: http://codepen.io/anon/pen/gprygB
$("form").submit(function() {
$(this).attr("action", "realAction");
});
因此,您还可以使用一些 crypt/uglify 库来隐藏 js 文件中的 realAction.
Thanks to this you could also use some crypt/uglify library to hide the realAction inside js file.
这篇关于在 post 方法中隐藏表单操作 url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!