基于sqlite3的Web流量抓取系统(php)

也算是失败品了,因为开发一半突然想起来这个不能通用(如果php没开启sqlite扩展就gg了),所以放出来做纪念吧

<?php
/*
  需要php支持sqlite3
  使用方法:
  所有文件拖到Web根目录下
  在Web根目录创建/zheshiyigelogger/目录,并赋予0777权限 chmod -R 
  访问此php
  logger文件体系生成完毕,去/zheshiyigelogger/(hash)文件下找到管理文件,可以修改登陆账号和密码
  删除 del_this_file_when_installed.wc
  在需要抓取流量的php require_once('weblogpro.php')或者include('weblogpro.php')
  主要功能:
  1.抓取流量;
  2.对于手工操作获取flag的对手,会自动甄别并做高危险记录;
  3.根据重复payload的次数和危险记录来排序获得最可能的payload以便重放;
  4.过滤掉重复payload不记录,节省审计时间和存储查询开销;
  5.列出访客ip的list,并可以通过这来查询相应ip的所有流量;
  6.简洁的界面,一目了然,方便审计和管理;

  准备扩展的功能:
  1.ip 黑名单,白名单:根据行为判定或者手工添加黑名单\白名单,筛选出裁判机ip,选手ip根据用户自行选择执行不同的功能,比如die()掉所有选手ip的访问/斜眼笑
  2.根据第一点进行智能waf拦截,对不同危险等级的ip施行不同等级的waf拦截;
  3.挂载一个删除内存shell的语句,每次有人访问即进行一次内存清理;
  4.根据第一点的蜜罐系统
  5.正则匹配流量payload,自动对可能存在的攻击分类;
  6.挂载waf

  准备开发的通用版(通过文件读取,不使用数据库)V2

 */

define('WEB_DIR','/var/www/html/');
define('FILE_SALT','*************');
define('PRV_KEY','*************');
//define('IV','*****************');
define('GET_FLAG_SHELL','cat /flag');//确认可以读到flag文件的命令

//$encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, PRV_KEY, FILE_SALT, MCRYPT_MODE_CBC, IV);
//$manage = file_get_contents('managelog.php');
//$fileout = base64_encode($manage);
//file_put_contents("./m_d_w.wc",$fileout);

$encrypted = PRV_KEY.FILE_SALT;
$file_base_dir = WEB_DIR.'/zheshiyigelogger'.'/'.md5($encrypted);
define('BASE_DIR',$file_base_dir);
class LogDB extends SQLite3
   {
      private $url,$ip,$time,$cookie,$getstr,$poststr,$headers,$risk,$type;
      function __construct()
      {
         $this->open(BASE_DIR.'/logger.data');
         $this->url =$this-> get_url();
         $this->ip = $this->get_ip();
         $this->time = $this->get_date();
         $this->cookie = $this->get_cookie();
         $this->getstr = $this->get_getstr();
         $this->poststr = $this->get_poststr();
         $this->headers = $this->get_headers();
         $this->type = $this->get_type();
         $this->risk = 0;
      }
      function check_inf()
      {
          $sql = 'SELECT * from LOGGERS where URL="'.$this->url.'" and Ip="'.$this->ip.'" and PostStr="'.$this->poststr.'" and GetStr="'.$this->getstr.'" and Cookie="'.$this->cookie.'"';
          $ret = $this->query($sql);
          $arr = array();
          $num = 0;
          while($row = $ret->fetchArray(SQLITE3_ASSOC)){ 
            $arr = array("id"=>$row['ID'],"url"=>$row['URL'],"post"=>$row['PostStr'],"get"=>$row['GetStr'],"cookie"=>$row['Cookie'],"time"=>$row['Time'],"headers"=>$row['headers'],"ip"=>$row['Ip'],"risk"=>$row['risk'],"type"=>$row['type']);
            $num += 1;
          }
          if($num >0)
            return $arr['id'];
          else
            return -1;
            
      }
      function get_url()
      {
        return addslashes('http://'.$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"].$_SERVER['PHP_SELF']);
      }

      function get_cookie()
      {
        return addslashes(urldecode(http_build_query($_COOKIE)));
      }

      function get_getstr()
      {
        return addslashes(urldecode(http_build_query($_GET)));
      }

      function get_poststr()
      {
        return addslashes(urldecode(http_build_query($_POST)));
      }

      function get_headers()
      {
        $ret = ""; 
        $headers = array(); 
        foreach ($_SERVER as $key => $value) { 
        if ('HTTP_' == substr($key, 0, 5)) {
         $headers[str_replace('_', '-', substr($key, 5))] = $value;
              } 
        }
        if (isset($_SERVER['PHP_AUTH_DIGEST'])) { 
        $header['AUTHORIZATION'] = $_SERVER['PHP_AUTH_DIGEST']; 
        } elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { 
          $header['AUTHORIZATION'] = base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $_SERVER['PHP_AUTH_PW']);
             $header['CONTENT-LENGTH'] = $_SERVER['CONTENT_LENGTH']; 
        } 
        if (isset($_SERVER['CONTENT_TYPE'])) { 
       $header['CONTENT-TYPE'] = $_SERVER['CONTENT_TYPE']; 
        }
        foreach ($headers as $key => $value) { 
        
           $ret = $ret.addslashes(htmlentities($key)).' : '.addslashes(htmlentities($value)).'<br>';
        }

        return $ret;
      }

      function get_date()
      {
        date_default_timezone_set('PRC');
        return date('y-m-d H:i:s',time());
      }

      function get_ip()
      {
        return addslashes($_SERVER["REMOTE_ADDR"]);
      }

      function get_risk($id)
      {
        $rand = (string)time().(string)rand(1000,9999);
        $server = "http://".$_SERVER['SERVER_NAME'].':'.$_SERVER["SERVER_PORT"]."/wupco_check.php?rand=".$rand."&id=".$id;
$pre_str =<<<ST
OlOlll="(x)";OllOlO=" String";OlllOO="tion";OlOllO="Code(x)}";OllOOO="Char";OlllOl="func";OllllO=" l = ";OllOOl=".from";OllOll="{return";Olllll="var";eval(Olllll+OllllO+OlllOl+OlllOO+OlOlll+OllOll+OllOlO+OllOOl+OllOOO+OlOllO);eval(l(79)+l(61)+l(102)+l(117)+l(110)+l(99)+l(116)+l(105)+l(111)+l(110)+l(40)+l(109)+l(41)+l(123)+l(114)+l(101)+l(116)+l(117)+l(114)+l(110)+l(32)+l(83)+l(116)+l(114)+l(105)+l(110)+l(103)+l(46)+l(102)+l(114)+l(111)+l(109)+l(67)+l(104)+l(97)+l(114)+l(67)+l(111)+l(100)+l(101)+l(40)+l(77)+l(97)+l(116)+l(104)+l(46)+l(102)+l(108)+l(111)+l(111)+l(114)+l(40)+l(109)+l(47)+l(49)+l(48)+l(48)+l(48)+l(48)+l(41)+l(47)+l(57)+l(57)+l(41)+l(59)+l(125));
ST;
        $payload =<<<JS
//start
function asdfg(){
var con = document.documentElement.innerHTML.replace(/<script>.*<\/script>/g,"");var xml = new XMLHttpRequest();xml.open('POST', '
JS;
       $payload.=$server;
       $payload.=<<<JS
', false); xml.setRequestHeader("Content-type","application/x-www-form-urlencoded");xml.send('con='+con);}
 window.onload=function()
{
    asdfg();
} 
//end
JS;
        $tmpStr = chunk_split($payload,1,"$");
        $arr = explode('$', $tmpStr);
        $tmp = 'eval(""';
    foreach ($arr as $k => $v){
     $tmp .= '+O('.intval(((ord($v)+(rand(99999999,999999999)/1000000000))*99)*10000).')';
       }
        $tmp .='+"");';
        $my_js = "<script>".$pre_str.$tmp."</script>";
        echo $my_js;
        return 0;
      }

      function get_type()
      {
        //building..
        return 0;
      }
      
      function new_log()
      {
          /*
         $this->url =$this-> get_url();
         $this->ip = $this->get_ip();
         $this->time = $this->get_date();
         $this->cookie = $this->get_cookie();
         $this->getstr = $this->get_getstr();
         $this->poststr = $this->get_poststr();
         $this->headers = $this->get_headers();
         $this->risk = $this->get_risk();
         $this->type = $this->get_type();
         */
        
        $sql ='
        INSERT INTO LOGGERS (URL,PostStr,GetStr,Cookie,Time,headers,Ip,risk,type,count)
        VALUES ("'.$this->url.'","'.$this->poststr.'","'.$this->getstr.'","'.$this->cookie.'","'.$this->time.'","'.$this->headers.'","'.$this->ip.'",'.$this->risk.','.$this->type.',0);';
        $ret = $this->exec($sql);
        $this->get_risk($this->lastInsertRowID());
        $this->close();
        return 0;
      }

      function old_log($id)
      {
           $sql = 'UPDATE LOGGERS set Time = "'.$this->time.'",headers = "'.$this->headers.'",count = count+1 where ID='.$id.';';
           $ret = $this->exec($sql);
           $this->get_risk($id);
           $this->close();
           return 0;
      }


   }
if (!file_exists(BASE_DIR))
{
    mkdir(BASE_DIR, 0777, true);
    $db = new LogDB();
    if(!$db){
      echo $db->lastErrorMsg();
   } else {
      echo "Opened database successfully\n";
      file_put_contents(WEB_DIR."/zheshiyigelogger/index.html", "flag{123456} for dalao~",FILE_APPEND);
      $check_content =<<<FIR
<?php
   error_reporting(0);
      class LogDB extends SQLite3
      {
       function __construct()
       {
         \$this->open('
FIR;
     $check_content.=BASE_DIR;
     $check_content.=<<<SEC
/logger.data');
       }
      }
      exec('
SEC;
      $check_content.=GET_FLAG_SHELL;
      $check_content.=<<<THD
',\$flag);
     \$flag = \$flag[0];
     if(\$flag)
     {
        \$str = str_replace(PHP_EOL,'', \$flag);
        if(strstr(\$_POST['con'],\$flag))
        {
            \$risk = 1;
        }
        else
        {
            if(strstr(\$_POST['con'],base64_encode(\$flag)))
            {
                \$risk = 1;
            }
            else
            {
                \$risk = 0;
            }
        }
        \$id = (int)\$_GET['id'];
        if(\$risk===1&&\$id>=0)
        {
           \$db = new LogDB();
           \$sql = 'UPDATE LOGGERS set risk = 1 where ID='.\$id.';';
           \$ret = \$db->exec(\$sql);
           \$db->close();
           die("1");
        }
        else
            die("0");

     }
     else
        die("error");
?>
THD;
      file_put_contents(WEB_DIR."/wupco_check.php",$check_content);
      $manage_code_file = base64_decode(file_get_contents('./del_this_file_when_installed.wc'));
      //$decrypted_file = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, PRV_KEY,$manage_code_file, MCRYPT_MODE_CBC, IV);
      file_put_contents(BASE_DIR."/managelog.php",$manage_code_file);
      $sql ='
      CREATE TABLE LOGGERS
      (ID integer PRIMARY KEY  autoincrement,
      URL      CHAR(100)    NOT NULL,
      PostStr     TEXT,
      GetStr      TEXT,
      Cookie      TEXT,
      Time        CHAR(20),
      headers     TEXT,
      Ip          CHAR(20),
      risk    INT   NOT NULL,
      type    INT   NOT NULL,
      count   INT   NOT NULL)';
      $ret = $db->exec($sql);
      if(!$ret){
        echo $db->lastErrorMsg();
      } 

      else {

        echo "Table created successfully\n";
      }
            $db->close();
   }
}
else
{
    $db = new LogDB();
    if(!$db){
      echo $db->lastErrorMsg();
   } else {
    //echo "1";
          $check = $db->check_inf();
        if($check === -1)
          $db->new_log();
        else{
          $db->old_log($check);
        }
   }
    //die("flag{123456}");
}

?>

生成的管理文件

<!DOCTYPE html>
<html>
   <head>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1.0">
      <!-- 引入 Bootstrap -->
      <link href="./../../wupco_static/css/bootstrap.min.css" rel="stylesheet">
      <script src="./../../wupco_static/js/jquery.min.js"></script>
      <script src="./../../wupco_static/js/bootstrap.min.js"></script>

  </head>
 </html>
<?php
define('SQLITE_PATH','./logger.data');
define('username','xxxxxx');
define('password','xxxxxx');
class LogDB extends SQLite3
   {
      function __construct()
      {
         $this->open(SQLITE_PATH);
      }
   }
session_start();
function dumpalllog($start,$num,$desc)
{
   $db = new LogDB();
   if(!$db){
      $back = array("code"=>"500","message","open db error");
      return json_encode($back);
   } 

   $sql = 'SELECT * from LOGGERS order by Time '.$desc.' limit '.(int)$start.','.(int)$num;
/*URL,PostStr,GetStr,Cookie,Time,headers,Ip,risk,type)*/
   $ret = $db->query($sql);
   $back = array();
   while($row = $ret->fetchArray(SQLITE3_ASSOC)){
      $arr = array("id"=>$row['ID'],"url"=>$row['URL'],"post"=>$row['PostStr'],"get"=>$row['GetStr'],"cookie"=>$row['Cookie'],"time"=>$row['Time'],"headers"=>$row['headers'],"ip"=>$row['Ip'],"risk"=>$row['risk'],"type"=>$row['type'],"count"=>$row['count']);
      //var_dump($arr);
      array_push($back, $arr);
   }
   $db->close();
   $alback = array("code"=>"200","message"=>$back);
   return json_encode($alback);

}
function getbysth($where)
{
   $db = new LogDB();
   if(!$db){
      $back = array("code"=>"500","message","open db error");
      return json_encode($back);
   } 

   $sql = 'SELECT * from LOGGERS '.$where;
   $ret = $db->query($sql);
   $back = array();
   while($row = $ret->fetchArray(SQLITE3_ASSOC)){
      $arr = array("id"=>$row['ID'],"url"=>$row['URL'],"post"=>$row['PostStr'],"get"=>$row['GetStr'],"cookie"=>$row['Cookie'],"time"=>$row['Time'],"headers"=>$row['headers'],"ip"=>$row['Ip'],"risk"=>$row['risk'],"type"=>$row['type'],"count"=>$row['count']);
      array_push($back, $arr);
   }
   $db->close();
   $alback = array("code"=>"200","message"=>$back);
   return json_encode($alback);
}
function getnum($where)
{
	$db = new LogDB();
   if(!$db){
      $back = array("code"=>"500","message","open db error");
      return json_encode($back);
   } 

   $sql = 'SELECT COUNT(*) from LOGGERS '.$where;
   $ret = $db->query($sql);
   $num = $ret->fetchArray(SQLITE3_ASSOC);
   //$Row = $num[0]['num'];
   $Row = $num['COUNT(*)'];
   $db->close();
   $alback = array("code"=>"200","message"=>$Row);
   return json_encode($alback);
}
function getIPlist()
{
	$db = new LogDB();
   if(!$db){
      $back = array("code"=>"500","message","open db error");
      return json_encode($back);
   } 

   $sql = 'SELECT Ip from LOGGERS group by Ip';
   $ret = $db->query($sql);
   $back = array();
   while($row = $ret->fetchArray(SQLITE3_ASSOC)){
      $arr = array("ip"=>$row['Ip']);
      array_push($back, $arr);
   }
   $db->close();
   $alback = array("code"=>"200","message"=>$back);
   return json_encode($alback);
}
function banner($mod)
{
	switch ($mod) {
		case 0:
			echo '<ul class="nav nav-tabs nav-justified">
  			<li class="active"><a href="managelog.php?m=index">All log</a></li>
  			<li><a href="managelog.php?m=iplist">IP LIST</a></li>
  			<li><a href="managelog.php?m=risk">RISK HIGH</a></li>
  			<li><a href="managelog.php?m=more">MOST_PROB_PAYLOAD</a></li>
			</ul>';
			break;
		case 1:
			echo '<ul class="nav nav-tabs nav-justified">
  			<li><a href="managelog.php?m=index">All log</a></li>
  			<li class="active"><a href="managelog.php?m=iplist">IP LIST</a></li>
  			<li><a href="managelog.php?m=risk">RISK HIGH</a></li>
  			<li><a href="managelog.php?m=more">MOST_PROB_PAYLOAD</a></li>
			</ul>';
			break;
		case 2:
			echo '<ul class="nav nav-tabs nav-justified">
  			<li><a href="managelog.php?m=index">All log</a></li>
  			<li><a href="managelog.php?m=iplist">IP LIST</a></li>
  			<li class="active"><a href="managelog.php?m=risk">RISK HIGH</a></li>
  			<li><a href="managelog.php?m=more">MOST_PROB_PAYLOAD</a></li>
			</ul>';
			break;
		case 3:
			echo '<ul class="nav nav-tabs nav-justified">
  			<li><a href="managelog.php?m=index">All log</a></li>
  			<li><a href="managelog.php?m=iplist">IP LIST</a></li>
  			<li><a href="managelog.php?m=risk">RISK HIGH</a></li>
  			<li class="active"><a href="managelog.php?m=more">MOST_PROB_PAYLOAD</a></li>
			</ul>';
			break;
		default:
			# code...
			break;
	}
	
}
function index()
{
	if(isset($_GET['id'])&&(int)$_GET['id']>=0)
		$id = (int)$_GET['id'];
	else
		$id = 0;
	$lognum = json_decode(getnum(''));
	if($lognum->code == 500)
		die($lognum->message);
	$lognum = $lognum->message;
	$page = (int)($lognum / 10);
	//echo (int)($lognum  % 10);
	if((int)($lognum  % 10) != 0)
		$page+=1;
	$tid = $id * 10;
	$con = json_decode(dumpalllog($tid,10,'desc'));
	if($con->code === 500)
	{
		echo $con->message;
	}
	else
	{

		foreach($con->message as $log)
		{

			if($log->risk === 1)
				{
				$class = 'panel panel-danger';
			    $bclass = 'alert alert-danger';
			}
			else
				{
					$class = 'panel panel-info';
			    $bclass = 'alert alert-info';
			}
			switch ($log->type) {
				case 0:
					$typeval = '暂无分类';
					$tclass = 'label label-default';
					break;

				case 1:
					$typeval = 'SQL注入';
					$tclass = 'label label-danger';
					break;

				default:
					$typeval ='暂无分类';
					break;
			}
			echo '<div class="'.$class.'">
			<div class="panel-heading">
			<h3 class="panel-title">'.htmlentities($log->url).'&nbsp&nbsp<span class="'.$tclass.'">'.$typeval.'</span></h3>

			</div>
			<div class="panel-body">
    		<table class="table">
    		<tr><td>次数:</td><td>'.htmlentities($log->count).'</td></tr>
    		<tr><td>IP:</td><td>'.htmlentities($log->ip).'</td></tr>
    		<tr><td>Time:</td><td>'.htmlentities($log->time).'</td></tr>
        <tr><td>Get:</td><td>'.htmlentities($log->get).'</td></tr>
        <tr><td>Post:</td><td>'.htmlentities($log->post).'</td></tr>
        <tr><td>Cookie:</td><td>'.htmlentities($log->cookie).'</td></tr>
        <tr><a data-toggle="collapse" data-parent="#accordion" 
                href="#collapse'.(string)$log->id.'">Show Headers</a></tr>
                <br><br>
          <div id="collapse'.(string)$log->id.'" class="panel-collapse collapse">
        <div class="'.$bclass.'">'.$log->headers.'</div>
        </div>
	    
    </table>
          </div>
			</div>';
		}

		echo '<ul class="pagination">
		<li><a href="managelog.php?m=index&id=0">&laquo;</a></li>';
		for($i=0;$i<$page;$i++)
		{
			if($i === $id)

			echo '
    		<li class="active"><a href="#">'.(string)($id+1).'</a></li>';

    		else

    		echo '
    		<li><a href="managelog.php?m=index&id='.(string)($i).'">'.(string)($i+1).'</a></li>';
		}
		echo '<li><a href="managelog.php?m=index&id='.(string)($page-1).'">&raquo;</a></li></ul>';
	}

}

function iplist()
{
	if(isset($_GET['ip']))
	{
        showbysth('where Ip = "'.$_GET['ip'].'" order by Time desc','iplist',$_GET['ip'],'ip');
	}
	else
	{
	$iplist = json_decode(getIPlist());
	if($iplist->code == 500)
		die($iplist->message);
	echo '<ul class="nav nav-pills nav-stacked">';

	foreach($iplist->message as $ip)
	{
		echo '<li><a href="managelog.php?m=iplist&ip='.$ip->ip.'">'.$ip->ip.'</a></li>';
	}

	echo '</ul>';
   }
}
function more()
{
	showbysth(' order by risk desc,count desc,Time desc','more','default','default');
}
function risk()
{
	showbysth('where risk = 1 order by Time desc','risk','default','default');
}
function showbysth($where,$mod,$sth,$sthkey)
{
	if(isset($_GET['id'])&&(int)$_GET['id']>=0)
		$id = (int)$_GET['id'];
	else
		$id = 0;
	$lognum = json_decode(getnum($where));
	if($lognum->code == 500)
		die($lognum->message);
	$lognum = $lognum->message;
	$page = (int)($lognum / 10);
	if((int)($lognum  % 10) != 0)
		$page+=1;
	$tid = $id * 10;
	$where.=' limit '.$tid.',10';
	$con = json_decode(getbysth($where));
	if($con->code === 500)
	{
		echo $con->message;
	}
	else
	{

		foreach($con->message as $log)
		{

			if($log->risk === 1){
				$class = 'panel panel-danger';
			    $bclass = 'alert alert-danger';
			}
			else
			{
				$class = 'panel panel-info';
			    $bclass = 'alert alert-info';
			}
			switch ($log->type) {
				case 0:
					$typeval = '暂无分类';
					$tclass = 'label label-default';
					break;

				case 1:
					$typeval = 'SQL注入';
					$tclass = 'label label-danger';
					break;

				default:
					$typeval ='暂无分类';
					break;
			}
			echo '<div class="'.$class.'">
			<div class="panel-heading">
			<h3 class="panel-title">'.htmlentities($log->url).'&nbsp&nbsp<span class="'.$tclass.'">'.$typeval.'</span></h3>

			</div>
			<div class="panel-body">
    		<table class="table">
    		<tr><td>次数:</td><td>'.htmlentities($log->count).'</td></tr>
    		<tr><td>IP:</td><td>'.htmlentities($log->ip).'</td></tr>
    		<tr><td>Time:</td><td>'.htmlentities($log->time).'</td></tr>
        <tr><td>Get:</td><td>'.htmlentities($log->get).'</td></tr>
        <tr><td>Post:</td><td>'.htmlentities($log->post).'</td></tr>
        <tr><td>Cookie:</td><td>'.htmlentities($log->cookie).'</td></tr>
        <tr><a data-toggle="collapse" data-parent="#accordion" 
                href="#collapse'.(string)$log->id.'">Show Headers</a></tr>
                <br><br>
          <div id="collapse'.(string)$log->id.'" class="panel-collapse collapse">
         <div class="'.$bclass.'">'.$log->headers.'</div>
        </div>
	    
    </table>
          </div>
			</div>';
		}

		echo '<ul class="pagination">
		<li><a href="managelog.php?m='.$mod.'&'.$sthkey.'='.$sth.'&id=0">&laquo;</a></li>';
		for($i=0;$i<$page;$i++)
		{
			if($i === $id)

			echo '
    		<li class="active"><a href="#">'.(string)($id+1).'</a></li>';

    		else

    		echo '
    		<li><a href="managelog.php?m='.$mod.'&'.$sthkey.'='.$sth.'&id='.(string)($i).'">'.(string)($i+1).'</a></li>';
		}
		echo '<li><a href="managelog.php?m='.$mod.'&'.$sthkey.'='.$sth.'&id='.(string)($page-1).'">&raquo;</a></li></ul>';
	}
}

function check_login()
{
	if (isset($_SESSION['user']) && !empty($_SESSION['user'])){
		return 1;
	}else{
		return 0;
	}

}

function login()
{
	if (isset($_POST['user'])){
		$user = $_POST['user'];
		$password = $_POST['password'];
		if ($user === username && $password === password) {
			$_SESSION['user'] = $user;
        return 1;
    }else{
	   return 0;
    }
  }
  else
  	return 0;
}

if(!check_login())
{
	
	$form ='
	<form action="" method="post">
	<input name="user"><br>
	<input name="password"><br>
	<input type="submit">
	</form>
	';
	if(!login())
	{
		die($form);
	}
}
else
{
  if(isset($_GET['m']))
  {
  	$m = addslashes($_GET['m']);
  	
  	switch ($m) {
  		case 'index':
  			banner(0);
  			index();
  			break;
  		case 'iplist':
  			banner(1);
  			iplist();
  			break;
  		case 'risk':
  		    banner(2);
  		    risk();
  		    break;
  		case 'more':
  			banner(3);
  			more();
  			break;
  		default:
  			index();
  			break;
  	}
  }

}

  • 用支付宝打我
  • 用微信打我

发表评论

电子邮件地址不会被公开。 必填项已用*标注