1.用户注册时对密码进行加密:includes / functions / password_funcs.phpphp
// This function makes a new password from a plaintext password.
function zen_encrypt_password($plain) {
$password = '';
for ($i=0; $i<10; $i++) {
$password .= zen_rand(); //get a rand num
}
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $plain) . ':' . $salt;
return $password;
}
2.得到用户字串时先进行“防sql注入”处理: includes / functions / functions_general.phpsql
//
function zen_db_prepare_input($string) {
if (is_string($string)) {
return trim(zen_sanitize_string(stripslashes($string)));
} elseif (is_array($string)) {
reset($string);
while (list($key, $value) = each($string)) {
$string[$key] = zen_db_prepare_input($value);
}
return $string;
} else {
return $string;
}
}
/**
* Returns a string with conversions for security.
*
* @param string The string to be parsed
*/
function zen_sanitize_string($string) {
$string = preg_replace('/ +/', ' ', $string);
return preg_replace("/[<>]/", '_', $string);
}