diff --git a/include/go.php b/include/go.php
index 105c81e..ed2aad6 100644
--- a/include/go.php
+++ b/include/go.php
@@ -10,10 +10,11 @@ if($_POST['exit']=='exit'){
}
if($_SESSION['pass'] != 1){
//未登录
- if(!empty($_POST['pass'])){
+ $pass = daddslashes($_POST['pass']);
+ if(!empty()){
//用户提交登录
$show = array();
- $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$_POST['pass']."';");
+ $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$pass."';");
while ($pwd = $DB->fetch($pwds)) {
array_push($show,$pwd[pwd_id]);
}
@@ -30,9 +31,9 @@ if($_SESSION['pass'] != 1){
}
else {
//已登录
- if(!empty($_POST['pass'])){
+ if(!empty($pass)){
$show = array();
- $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$_POST['pass']."';");
+ $pwds = $DB->query("SELECT `pwd_id`, `pwd_key` FROM `lylme_pwd` WHERE `pwd_key` LIKE '".$pass."';");
while ($pwd = $DB->fetch($pwds)) {
array_push($show,$pwd['pwd_id']);
}
diff --git a/index.php b/index.php
index 96d7d74..d6c9f79 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,9 @@
六零导航页 - 安装程序您还未安装,点击这里开始安装!');
+exit('安装程序您还未安装,点击这里开始安装!');
include "./include/common.php";
-session_start();
+session_start(); //设置session
+$_SESSION['list'] = isset($_SESSION['list'])?$_SESSION['list']:array();
include $template;
-?>
+?>
\ No newline at end of file