ASP.NET(C#)バックグラウンドセキュリティログインコード(XSS攻撃防止/万能パスワードホール)

3444 ワード

string ispostback = Context.Request["ispostbask"];
        string k8user = this.txtUser.Text.Trim();
        string k8pwd = this.txtPwd.Text.Trim();
        string k8md5pwd = FormsAuthentication.HashPasswordForStoringInConfigFile(k8pwd, "MD5").ToLower();
        //            
        if (ispostback == "true")
        {   
            //        
            if (k8user != "" || k8pwd != "")
            {
                //                  
               //               =       
               //XSS     < %               
                //     4-8       
                Regex k8chkName = new Regex("^[[a-zA-Z0-9]{4,8}$");
                //  7-12          
                Regex k8chkpwd1 = new Regex(@"\d+");
                Regex k8chkpwd2 = new Regex(@"[a-zA-Z]+");
                Regex k8chkpwd3 = new Regex(@"^[a-zA-Z0-9]{7,12}$");
                //     
                if (k8chkName.IsMatch(k8user))
                {   
                    //    
                    if (k8chkpwd1.IsMatch(k8pwd) && k8chkpwd2.IsMatch(k8pwd) && k8chkpwd3.IsMatch(k8pwd))
                    {
                        //ClientScript.RegisterStartupScript(GetType(), "", "alert('    ');", true);
                        //                       
                        try
                        {
                            OleDbConnection K8conn = new OleDbConnection();
                            K8conn.ConnectionString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data source=" + Server.MapPath("K8Data/k8access.mdb");
                            K8conn.Open(); //     
                            //     
                            string k8sql = "select count(*) from K8admin where User='" + txtUser.Text.Trim() + "' and Pass='" + k8md5pwd + "'";//  sql    
                            OleDbCommand cmd = new OleDbCommand(k8sql, K8conn);//     
                            int state = Convert.ToInt32(cmd.ExecuteScalar());//  sql  ,      
                            if (state == 0 || state > 1)//                  
                            {
                                ClientScript.RegisterStartupScript(GetType(), "", "alert('          ');", true);
                            }
                            else//           
                            {
                                //Session["k8user"] = k8user;
                                //Session["k8pass"] = k8md5pwd;
                                Response.Cookies.Add(new HttpCookie(k8user, k8md5pwd));
                                Response.Redirect("admin.aspx");//       
                            }
                            K8conn.Close();//     
                        }
                        catch
                        {
                            ClientScript.RegisterStartupScript(GetType(), "", "alert('       ');", true);
                        }
                        return;
                    }
                }
            }
            //         
            ClientScript.RegisterStartupScript(GetType(), "", "alert('          ');", true);
        }

原文:http://qqhack8.blog.163.com/blog/static/114147985201162172136155/