300x250
php 게시판 만들기 (칼리리눅스 환경)
- php를 이용하여 기본적인 기능만 가지고 게시판을 만들려고 합니다.
- mysql을 이용하여 데이터베이스 설정하는 부분은 다음 포스팅에 진행하겠습니다.
- 일단 php를 이용하여 작성한 게시판 코드입니다.
- 리눅스 환경에서 경로는 /var/www/html 에서 파일을 생성하였습니다.
- vi /etc/apache2/mods-available/dir.conf 명령을 통해서 dir.conf에 index.php를 추가였습니다.
*** 출처 : 어서와 해킹은 처음이지 - 칼리리눅스로 배우는 해킹과 보안
*** index.php - 시작화면
<html>
<body>
<?php
session_start();
if(!isset($_SESSION['username'])){
?>
<form action="login.php" method="post">
Username : <input type="text" name="username" size="10" required/>
Password : <input type="password" name="password" size="10" required/>
<input type="submit" name="login" value="Login"/>
</form>
<?php
}
else{
echo "Welcome ".$_SESSION['username'];
?>
<input type="button" value="Logout" onclick="location.href='login.php'">
<input type="button" value="Write" onclick="location.href='write.php'">
<?php
}
?>
<br/><br/>
<table width="580" border="1px" cellpadding="2" style="border-collapse:collapse">
<thead>
<tr align="center">
<th width="30">number</th>
<th width="300">title</th>
<th width="50">name</th>
<th width="60">date</th>
</tr>
</thead>
<tbody>
<?php
$con = mysqli_connect('localhost','root','toor','sample');
$result = mysqli_query($con, "select * from board order by id desc");
while($row = mysqli_fetch_array($result)){
?>
<tr align="center">
<td><?=row[id]?></td>
<td>
<a href="view.php?id=<?=$row[id]?>">
<?=$row[title]?>
</a>
</td>
<td><?=$row[user]?></td>
<td><?=$row[date]?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</body>
</html>
*** login.php - 로그인창
<html>
<body>
<?php
if(isset($_POST['login']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$con = mysqli_connect('localhost','root','toor','sample');
$result = mysqli_query($con, "select * from users where username='$username' and password='$password'");
if(mysqli_num_rows($result) == 0)
echo "<script>alert('Invalid username or password');</script>";
else{
session_start();
$_SESSION['username']=$username;
}
}
else{
session_start();
session_destroy();
}
?>
<meta http-equiv='refresh' content='0; url=index.php'>
*** file.php - 파일 업로드
<?php
$save_dir="/var/www/html/tmp/";
function file_upload(&$file)
{
global $save_dir;
$file_name = $save_dir.time().'@'.iconv("UTF-8","EUC-KR",$file['name']);
if(!move_uploaded_file($file['tmp_name'],$file_name))
die('<script type="text/javascript">alert("file upload fail!");history.back()</script>');
return $file_name;
}
function file_download($file_path)
{
if(file_exists($file_path)){
$file_name = substr(strstr($file_path,'@'),2);
header('Content-Type: file/unknown');
header('Content-Description: File Transfer');
header('Content-Disposition: attachment; filename="'.$file_name.'"');
header('Content-Length:'.filesize($file_path));
header('Pragma: no-cache');
header('Expires:0');
readfile($file_path);
exit;
}
}
?>
300x250
*** write.php - 게시글 작성
<?php
require_once("./file.php");
session_start();
if(isset($_POST['write'])){
$username=$_POST['username'];
$title=$_POST['title'];
$comment=$_POST['comment'];
$date=date("Y-m-d");
$file=NULL;
if(is_uploaded_file($_FILES['upfile']['tmp_name']))
$file=file_upload($_FILES['upfile']);
$con=mysqli_connect('localhost','root','toor','sample');
$result = mysqli_query($con, "INSERT INTO board(user,title,comment,file,date) VALUES('$username','$title','$comment','$file','$date')");
if(!$result)
echo "<script>alert('fail save comment');</script>";
?>
<meta http-equiv='refresh' content='0; url=index.php'>
<?php
}
else{
?>
<form action="" method="post" enctype="multipart/form-data">
<table>
<tr>
<td>subject</td>
<td><input type="text" name="title" required/></td>
</tr>
<tr>
<td>name</td>
<?php
echo "<td><input type='text' name='username' values=".$_SESSION['username']."readonly/></td>"
?>
</tr>
<tr>
<td>content</td>
<td><textarea cols="30" rows="8" name="comment" wrap="off" required></textarea></td>
</tr>
<tr>
<td>attachment</td>
<td><input type="file" name="upfile"></td>
</tr>
</table>
<input type="submit" name="write" value="save"/>
<input type="reset" values="reset"/>
</form>
<?php
}
?>
*** view.php - 게시판 보기
<?php
require_once("./file.php");
if(!isset($_GET["id"])){
echo "<script>alert('Invalid access page');</script>";
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
$id=$_GET['id'];
$con=mysqli_connect('localhost', 'root','toor','sample');
$result=mysqli_query($con,"SELECT * FROM board WHERE id=".$id);
if(mysqli_num_rows($result)==0){
echo "<script>alert('Invalid access page');</script>";
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
$row = mysqli_fetch_array($result)
?>
<html>
<body>
<table width="400" border="1px" cellpadding="2" style="border-collapse: coollapse">
<tr>
<td align="center">subject</td>
<td><?=$row[title]?></td>
</tr>
<tr>
<td align="center">name</td>
<td><?=$row[user]?></td>
</tr>
<tr>
<td align="center">content</td>
<td><?=str_replace("\r\n","<br/>", $row[comment])?></td>
</tr>
<tr>
<td align="center">attachment</td>
<td>
<?php
echo "<a href='./download.php?file=$row[file]'>".substr(strstr($row[file],'@'),1)."</a>";
?> </td>
</tr>
</table>
<input type="button" value="back" onclick="location.href='index.php'">
</body>
</html>
*** download.php - 파일 다운로드
<?php
require_once("./file.php");
file_download($_GET['file']);
?>
- 이렇게 파일을 추가한 후 apache와 mysql을 실행합니다. (다음 포스팅에서 데이터베이스 생성을 올리겠습니다.)
#service apache2 start
#service mysql start
** index.php - 시작화면
** 게시글 쓰기
** 게시글 보기
반응형
'IT Security' 카테고리의 다른 글
| Xss(Cross-Site Scripting) (0) | 2017.10.29 |
|---|---|
| 정보보안 - Blind SQL Injection (0) | 2017.10.11 |
| iOS 11 - iOS 10.2와 10.3.3버전 브로드컴 칩 취약점 발견 (0) | 2017.09.29 |
| SQL injection - 칼리리눅스 sql injection 실습 (0) | 2017.09.28 |
| 소물인터넷(Internet of Small Things) - IoT와 관계는? (0) | 2017.09.22 |