2016-11-22 147 views
1

我無法登錄到我的DVWA。DVWA登錄錯誤

我搜索了網頁,但無法找到答案。數據庫創建好了,似乎很好,但是當我想登錄時,我收到一條錯誤消息:

致命錯誤:[MySQLConverterToo]修復mysql_escape_string()調用!此代碼不起作用。在/Applications/XAMPP/xamppfiles/htdocs/dvwa/login.php在線11

我的config.inc.php:

<?php 

# If you are having problems connecting to the MySQL database and all of the variables below are correct 
# try changing the 'db_server' variable from localhost to 127.0.0.1. Fixes a problem due to sockets. 
# Thanks to @digininja for the fix. 

# Database management system to use 
$DBMS = 'MySQL'; 
#$DBMS = 'PGSQL'; // Currently disabled 

# Database variables 
# WARNING: The database specified under db_database WILL BE ENTIRELY DELETED during setup. 
# Please use a database dedicated to DVWA. 
$_DVWA = array(); 
$_DVWA[ 'db_server' ] = '127.0.0.1'; 
$_DVWA[ 'db_database' ] = 'dvwa'; 
$_DVWA[ 'db_user' ]  = 'root'; 
$_DVWA[ 'db_password' ] = ''; 

# Only used with PostgreSQL/PGSQL database selection. 
$_DVWA[ 'db_port '] = '5432'; 

# ReCAPTCHA settings 
# Used for the 'Insecure CAPTCHA' module 
# You'll need to generate your own keys at: https://www.google.com/recaptcha/admin/create 
$_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; 

$_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'; 

# Default security level 
# Default value for the secuirty level with each session. 
# The default is 'impossible'. You may wish to set this to either 'low', 'medium', 'high' or impossible'. 
$_DVWA[ 'default_security_level' ] = 'impossible'; 

# Default PHPIDS status 
# PHPIDS status with each session. 
# The default is 'disabled'. You can set this to be either 'enabled' or 'disabled'. 
$_DVWA[ 'default_phpids_level' ] = 'disabled'; 

# Verbose PHPIDS messages 
# Enabling this will show why the WAF blocked the request on the blocked request. 
# The default is 'disabled'. You can set this to be either 'true' or 'false'. 
$_DVWA[ 'default_phpids_verbose' ] = 'false'; 

?> 

和我的login.php:

<?php 

define('DVWA_WEB_PAGE_TO_ROOT', ''); 
require_once DVWA_WEB_PAGE_TO_ROOT . 'dvwa/includes/dvwaPage.inc.php'; 

dvwaPageStartup(array('phpids')); 

dvwaDatabaseConnect(); 

if(isset($_POST[ 'Login' ])) { 
    // Anti-CSRF 
    checkToken($_REQUEST[ 'user_token' ], $_SESSION[ 'session_token' ], 'login.php'); 

    $user = $_POST[ 'username' ]; 
    $user = stripslashes($user); 
    $user = mysql_real_escape_string($user); 

    $pass = $_POST[ 'password' ]; 
    $pass = stripslashes($pass); 
    $pass = mysql_real_escape_string($pass); 
    $pass = md5($pass); 

    $query = ("SELECT table_schema, table_name, create_time 
       FROM information_schema.tables 
       WHERE table_schema='{$_DVWA['db_database']}' AND table_name='users' 
       LIMIT 1"); 
    $result = @mysql_query($query); 
    if(mysql_num_rows($result) != 1) { 
     dvwaMessagePush("First time using DVWA.<br />Need to run 'setup.php'."); 
     dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'setup.php'); 
    } 

    $query = "SELECT * FROM `users` WHERE user='$user' AND password='$pass';"; 
    $result = @mysql_query($query) or die('<pre>' . mysql_error() . '.<br />Try <a href="setup.php">installing again</a>.</pre>'); 
    if($result && mysql_num_rows($result) == 1) { // Login Successful... 
     dvwaMessagePush("You have logged in as '{$user}'"); 
     dvwaLogin($user); 
     dvwaRedirect(DVWA_WEB_PAGE_TO_ROOT . 'index.php'); 
    } 

    // Login failed 
    dvwaMessagePush('Login failed'); 
    dvwaRedirect('login.php'); 
} 

$messagesHtml = messagesPopAllToHtml(); 

Header('Cache-Control: no-cache, must-revalidate'); // HTTP/1.1 
Header('Content-Type: text/html;charset=utf-8');  // TODO- proper XHTML headers... 
Header('Expires: Tue, 23 Jun 2009 12:00:00 GMT');  // Date in the past 

// Anti-CSRF 
generateSessionToken(); 

echo " 
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"> 

<html xmlns=\"http://www.w3.org/1999/xhtml\"> 

    <head> 

     <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" /> 

     <title>Login :: Damn Vulnerable Web Application (DVWA) v" . dvwaVersionGet() . "</title> 

     <link rel=\"stylesheet\" type=\"text/css\" href=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/css/login.css\" /> 

    </head> 

    <body> 

    <div id=\"wrapper\"> 

    <div id=\"header\"> 

    <br /> 

    <p><img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/login_logo.png\" /></p> 

    <br /> 

    </div> <!--<div id=\"header\">--> 

    <div id=\"content\"> 

    <form action=\"login.php\" method=\"post\"> 

    <fieldset> 

      <label for=\"user\">Username</label> <input type=\"text\" class=\"loginInput\" size=\"20\" name=\"username\"><br /> 


      <label for=\"pass\">Password</label> <input type=\"password\" class=\"loginInput\" AUTOCOMPLETE=\"off\" size=\"20\" name=\"password\"><br /> 

      <br /> 

      <p class=\"submit\"><input type=\"submit\" value=\"Login\" name=\"Login\"></p> 

    </fieldset> 

    " . tokenField() . " 

    </form> 

    <br /> 

    {$messagesHtml} 

    <br /> 
    <br /> 
    <br /> 
    <br /> 
    <br /> 
    <br /> 
    <br /> 
    <br /> 

    <!-- <img src=\"" . DVWA_WEB_PAGE_TO_ROOT . "dvwa/images/RandomStorm.png\" /> --> 
    </div > <!--<div id=\"content\">--> 

    <div id=\"footer\"> 

    <p>" . dvwaExternalLinkUrlGet('http://www.dvwa.co.uk/', 'Damn Vulnerable Web Application (DVWA)') . " is a RandomStorm OpenSource project.</p> 

    </div> <!--<div id=\"footer\"> --> 

    </div> <!--<div id=\"wrapper\"> --> 

    </body> 

</html>"; 

?> 

我只有改變:

$_DVWA[ 'db_password' ] = ''; 

,因爲否則就不能創造..

發生了什麼事?

我完全是這個新手,但我也快死了! ;-)

回答

1

我有同樣的問題,你可以試試這個..

  1. 轉到網址並輸入127.0.0.1/dvwa/setup.php,然後點擊創建重置的數據庫。
  2. 現在以管理員和密碼登錄。