1, ajax to achieve a simple file upload

(1) Code example

<html>
<head>
    <meta charset="utf-8">
    <title>ajax</title>
</head>
<body>
<form class="upload" method="post" enctype="multipart/form-data" action="">
    <input class="uploadfile" type="file" name="upload" onchange="checkFileExt(this.value)"/><br/>
    <input class="sub" type="submit" name="submit" value="Start uploading"/>
</form>

</body>
</html>

<script src="js/jquery-1.12.4.min.js"></script>
<script>
    //js Do verification
    function checkFileExt(filename) {
        var flag = false;  //state
        var arr = ["jpg", "png", "gif", "jpeg"];
        //Take out the extension of the uploaded file
        var index = filename.lastIndexOf(".");
        var ext = filename.substr(index+1);
        //compare
        for(var i=0;i<arr.length;i++){
            if(ext == arr[i]){
                flag = true;  //Once the appropriate is found, exit the loop immediately
                alert("The uploaded file meets the requirements!");
                break;
            }
        }
        //Conditional judgment
        if(!flag){
            alert("The uploaded file does not meet the requirements, please select again!");
            location.reload(true);
        }
    }
</script>

<?php
//php Do processing
//php implementation, the verified code can not be seen, and can only be black box tested
//js implementation, the verified code can be seen and can be tested in a white box
header("Content-Type:text/html;charset=utf-8");
//Get upload file name
@$file_name = $_FILES['upload']['name'];
//Get upload file type
@$file_type = $_FILES['upload']['type'];
//Get upload file size
@$file_size = $_FILES['upload']['size'];
//Get temporary file name of uploaded file
@$file_tmpname = $_FILES['upload']['tmp_name'];
//Whether there is an error in obtaining the uploaded file
@$file_error = $_FILES['upload']['error'];

echo $file_name . "<hr>";
echo $file_type . "<hr>";
echo $file_size . "<hr>";
echo $file_tmpname . "<hr>";
echo $file_error . "<hr>";

if(@$file_error>0){
    echo "File upload error!";
}else{
    move_uploaded_file(@s_FILES["upload"]["tmp_name"],"upload/" . @$_FILES["upload"]["name"]);
    echo "Files are stored in:" . "upload/" . @$_FILES["upload"]["name"];
}
?>

(2) How to determine whether file upload is js verification or php verification

1. The browser views the source code. The js code with the verification file in the source code is js verification.

2. Check the verification time. js verification time is very fast, and php is relatively delayed.

(3) Vulnerability of js validation file

1. js verification is implemented at the front end. Users can directly see the source code of the verification process in the browser. Users can directly conduct white box testing and bypass verification by disabling js, modifying the source code or modifying parameters.

2. php verification is implemented in the back-end server. Users can't see the source code and can only conduct black box testing. The bypass probability is very low and the verification is relatively safe.

2, ajax implementation of login authentication

(1) Code example

1. Front end

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Ajax Login</title>
</head>
<body>
    account number:<input type="user" class="user">
    password:<input type="password" class="password">
    <button>Sign in</button>
    <script src="js/jquery-1.12.4.min.js"></script>
    <script>
        $('button').click(function () {
            $.ajax({
                type:'post',
                url:'ajax.php',
                dataType:'json',
                data:{
                    myUname:$('.user').val(),
                    myUpass:$('.password').val()
                },
                success:function (res) {
                    if(res.infocode==1){
                        alert('Login succeeded!')
                    }else{
                        alert('Login failed!')
                    }
                }
            })
        })
    </script>
</body>
</html>

2. Back end

<?php
$success = array('msg'=>'ok');
$username = $_POST['myUname'];
$password = $_POST['myUpass'];
//Verify the account and password submitted by the user. Since only testing and simple implementation are done here, the actual project should be connected to the database for verification
if($username=='xiaodi' && $password=='123456'){
    $success['infocode'] = 1; //1 Login successfully for
}else{
    $success['infocode'] = 0; //0 Failed to login for
}

echo json_encode($success);
?>

(2) Determine whether login verification is js or php

1. After the ajax request of js code is verified, the returned data is read, and the browser will parse the js ajax code before the request result is displayed. In this process, users can intervene and tamper with the result parameters to bypass.

2. php verification is directly completed on the server side. After verification, the results are directly returned to the client. The user cannot intervene in this process. Even if the results are tampered with, the server will no longer pay attention to it.

Note: whether the bypass can be realized depends on who operates the processing result. If the final processing result is controlled by the foreground, it can be bypassed.

3, ajax shopping function

(1) Code example

<?php
header("Content-Type:text/html;charset=utf-8");
$success=array('msg'=>'ok');
$price=$_POST['price'];
$num=$_POST['number'];
$m=$price*$num;

if($m<10000){
    $success['code']=1;
}else{
    $success['code']=0;
}

echo json_encode($success);

?>

(2) Vulnerable vulnerabilities

1. If the processing result is implemented in js code, the user can bypass the verification by modifying the transfer parameters