代码如下
$secret = "XXXXXXXXXXXXXXX";
$username = $_POST["username"];
$password = $_POST["password"];
if (!empty($_COOKIE["getmein"])) {
if (urldecode($username) === "admin" && urldecode($password) != "admin") {
if ($COOKIE["getmein"] === md5($secret . urldecode($username . $password))) {
echo "Congratulations! You are a registered user.\n";
die ("The flag is ". $flag);
}
else {
die ("Your cookies don't match up! STOP HACKING THIS SITE.");
}
}
else {
die ("You are not an admin! LEAVE.");
}
}
主要是 if ($COOKIE["getmein"] === md5($secret . urldecode($username . $password))) 这句怎么理解?$secret.urldecode($username . $password),这里的函数调用方式怎么这么奇怪?那个 " . "是什么意思?
你好,意思是,COOKIE信息是md5是加密后的字符串,$secret.urldecode(...)中那个点是字符串拼接
那个点是字符串连接符,拼接字符串用的
不是在调用函数,而是让$secret和后面的值拼接