0

我在我网站的索引页面上使用以下表单尝试登录论坛:

<form method = "post" action = "/forum/ucp.php?mode=login">
   <div id = "field_container">
      <div class = "field"><input name = "username" type = "text" placeholder = "Username" /></div>
      <div class = "field"><input name = "password" type = "password" placeholder = "Password" /></div>
   </div>
   <div class = "submit"><input type = "submit" value = "Login" /></div>
</form>

但是,提交此表单只会将用户带到论坛的登录页面。它不会给出错误,也不会让用户登录。使这项工作起作用的缺失链接是什么?

编辑:这是论坛本身的表格:

<form action="./ucp.php?mode=login" method="post" id="login">
<div class="panel">
    <div class="inner"><span class="corners-top"><span></span></span>

    <div class="content">
        <h2>Login</h2>

        <fieldset class="fields1">

        <dl>
            <dt><label for="username">Username:</label></dt>
            <dd><input type="text" tabindex="1" name="username" id="username" size="25" value="" class="inputbox autowidth"></dd>
        </dl>
        <dl>
            <dt><label for="password">Password:</label></dt>
            <dd><input type="password" tabindex="2" id="password" name="password" size="25" class="inputbox autowidth"></dd>
            <dd><a href="./ucp.php?mode=sendpassword">I forgot my password</a></dd>
        </dl>

        <dl>
            <dd><label for="autologin"><input type="checkbox" name="autologin" id="autologin" tabindex="4"> Log me on automatically each visit</label></dd>
            <dd><label for="viewonline"><input type="checkbox" name="viewonline" id="viewonline" tabindex="5"> Hide my online status this session</label></dd>
        </dl>


        <input type="hidden" name="redirect" value="./ucp.php?mode=login">

        <dl>
            <dt>&nbsp;</dt>
            <dd><input type="hidden" name="sid" value="7703a705e2d9971b1eae77b1f3ff61d6">
<input type="hidden" name="redirect" value="index.php">
<input type="submit" name="login" tabindex="6" value="Login" class="button1"></dd>
        </dl>
        </fieldset>
    </div>
    <span class="corners-bottom"><span></span></span></div>
</div>



    <div class="panel">
        <div class="inner"><span class="corners-top"><span></span></span>

        <div class="content">
            <h3>Register</h3>
            <p>In order to login you must be registered. Registering takes only a few moments but gives you increased capabilities. The board administrator may also grant additional permissions to registered users. Before you register please ensure you are familiar with our terms of use and related policies. Please ensure you read any forum rules as you navigate around the board.</p>
            <p><strong><a href="./ucp.php?mode=terms">Terms of use</a> | <a href="./ucp.php?mode=privacy">Privacy policy</a></strong></p>
            <hr class="dashed">
            <p><a href="./ucp.php?mode=register" class="button2">Register</a></p>
        </div>

        <span class="corners-bottom"><span></span></span></div>
    </div>


</form>

编辑:除了 SID,您还必须确保提交按钮的名称是“登录”。

4

1 回答 1

0

我认为您面临的问题是,原始表单包含两个额外的隐藏字段:

<input type="hidden" name="sid" value="7703a705e2d9971b1eae77b1f3ff61d6">
<input type="hidden" name="redirect" value="index.php">

重定向字段不应该是问题。

对于 sid 字段,我自己假设有两个功能。它可能是防止 XSS 的哈希,也可能只是登录将分配到的 sid。但我认为由于选择的名称,第二个会更合理:)

因此,在使表单工作之前,您必须做的是使用curl获取登录公式,提取 sid 并将其作为隐藏字段添加到您自己的表单中。

让我知道这是否对您有帮助。

于 2013-08-03T08:25:43.753 回答