首页 新闻 搜索 专区 学院

c# 怎么能绕过 登录验证登陆成功

0
悬赏园豆:10 [已解决问题] 解决于 2020-02-26 00:00

using main_loader.Utility;
using Newtonsoft.Json;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Drawing;
using System.IO;
using System.Net;
using System.Threading;
using System.Windows.Forms;

namespace main_loader.frames
{
public class LoginForm : Form
{
private bool is_aborted;

    private bool hasBeenLoggedIn;

    private string session_key;

    private NetClient.AuthResult auth_result;

    private IContainer components;

    private Button Login;

    private Button Register;

    private TextBox loginTextBox;

    private TextBox paswordTextBox;

    public bool IsLoggedIn
    {
        get
        {
            return this.hasBeenLoggedIn;
        }
    }

    public string SessionKey
    {
        get
        {
            return this.session_key;
        }
    }

    public NetClient.AuthResult AuthResult
    {
        get
        {
            return this.auth_result;
        }
    }

    public LoginForm()
    {
        this.InitializeComponent();
        this.loginTextBox.Text = Config.Login;
        this.paswordTextBox.Text = Config.Password;
    }

    private void Register_Click(object sender, EventArgs e)
    {
        RegisterForm registerForm = new RegisterForm
        {
            StartPosition = FormStartPosition.CenterParent
        };
        if (sender is string)
        {
            registerForm.license_key.Text = (sender as string);
        }
        registerForm.Closing += delegate(object o, CancelEventArgs args)
        {
            if (registerForm.IsRegisteredSuccessfully)
            {
                this.loginTextBox.Text = registerForm.Login;
                this.paswordTextBox.Text = registerForm.Password;
                Config.Login = registerForm.Login;
                Config.Password = registerForm.Password;
                Config.Save();
            }
        };
        if (registerForm.ShowDialog() == DialogResult.OK)
        {
            Application.Run(registerForm);
        }
    }

    private void Login_Click(object sender, EventArgs e)
    {
        this.DisableControls();
        try
        {
            HttpWebRequest httpWebRequest = WebRequest.Create("http://127.0.0.1/loader/login.php") as HttpWebRequest;
            Dictionary<string, string> expr_1B = new Dictionary<string, string>();
            expr_1B["login"] = this.loginTextBox.Text;
            expr_1B["password"] = this.paswordTextBox.Text;
            byte[] array = NetClient.SerializeParameters(expr_1B);
            httpWebRequest.Method = "POST";
            httpWebRequest.ContentType = "application/x-www-form-urlencoded";
            httpWebRequest.ContentLength = (long)array.Length;
            this.is_aborted = false;
            ThreadPool.RegisterWaitForSingleObject(httpWebRequest.BeginGetRequestStream(new AsyncCallback(this.UploadValuesCallback), httpWebRequest).AsyncWaitHandle, new WaitOrTimerCallback(this.TimeoutCallback), httpWebRequest, 60000, true);
        }
        catch (WebException ex)
        {
            if (ex.Status != WebExceptionStatus.RequestCanceled)
            {
                MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
            }
            this.EnableControls();
        }
        catch (Exception arg_D3_0)
        {
            this.EnableControls();
            MessageBox.Show(arg_D3_0.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
        }
    }

    private void UploadValuesCallback(IAsyncResult result)
    {
        try
        {
            HttpWebRequest httpWebRequest = result.AsyncState as HttpWebRequest;
            Stream arg_4A_0 = httpWebRequest.EndGetRequestStream(result);
            Dictionary<string, string> expr_18 = new Dictionary<string, string>();
            expr_18["login"] = this.loginTextBox.Text;
            expr_18["password"] = this.paswordTextBox.Text;
            byte[] array = NetClient.SerializeParameters(expr_18);
            arg_4A_0.Write(array, 0, array.Length);
            arg_4A_0.Close();
            ThreadPool.RegisterWaitForSingleObject(httpWebRequest.BeginGetResponse(new AsyncCallback(this.ResponseCallback), httpWebRequest).AsyncWaitHandle, new WaitOrTimerCallback(this.TimeoutCallback), httpWebRequest, 60000, true);
        }
        catch (WebException ex)
        {
            if (ex.Status != WebExceptionStatus.RequestCanceled)
            {
                MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
            }
            this.EnableControls();
        }
        catch (Exception arg_B3_0)
        {
            MessageBox.Show(arg_B3_0.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
            this.EnableControls();
        }
    }

    private void TimeoutCallback(object state, bool timedOut)
    {
        if (timedOut)
        {
            HttpWebRequest httpWebRequest = state as HttpWebRequest;
            if (httpWebRequest != null)
            {
                if (!this.is_aborted)
                {
                    this.EnableControls();
                    this.is_aborted = true;
                    MessageBox.Show("无法连接到服务器!", "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
                }
                httpWebRequest.Abort();
            }
        }
    }

    private void ResponseCallback(IAsyncResult result)
    {
        this.EnableControls();
        try
        {
            using (Stream responseStream = ((result.AsyncState as HttpWebRequest).EndGetResponse(result) as HttpWebResponse).GetResponseStream())
            {
                using (StreamReader streamReader = new StreamReader(responseStream))
                {
                    NetClient.AuthResult authResult = JsonConvert.DeserializeObject<NetClient.AuthResult>(Encryption.Base64Decode(streamReader.ReadToEnd()));
                    this.auth_result = authResult;
                    responseStream.Close();
                    streamReader.Close();
                    if (authResult.CanRegister)
                    {
                        base.Invoke(new MethodInvoker(delegate
                        {
                            this.Register_Click(this.loginTextBox.Text, null);
                        }));
                    }
                    else if (!authResult.IsAuthenticated)
                    {
                        MessageBox.Show(authResult.ErrorMessage, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
                    }
                    else
                    {
                        Config.Login = this.loginTextBox.Text;
                        Config.Password = this.paswordTextBox.Text;
                        Config.Save();
                        this.hasBeenLoggedIn = true;
                        this.session_key = authResult.AuthData.Session;
                        base.BeginInvoke(new MethodInvoker(delegate
                        {
                            base.Close();
                        }));
                    }
                }
            }
        }
        catch (WebException ex)
        {
            if (ex.Status != WebExceptionStatus.RequestCanceled)
            {
                MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
            }
        }
        catch (Exception arg_119_0)
        {
            MessageBox.Show(arg_119_0.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Hand);
        }
    }

    private void DisableControls()
    {
        this.Login.SetPropertyThreadSafe(() => this.Login.Enabled, false);
        this.Register.SetPropertyThreadSafe(() => this.Register.Enabled, false);
        this.loginTextBox.SetPropertyThreadSafe(() => this.loginTextBox.Enabled, false);
        this.paswordTextBox.SetPropertyThreadSafe(() => this.paswordTextBox.Enabled, false);
    }

    private void EnableControls()
    {
        this.Login.SetPropertyThreadSafe(() => this.Login.Enabled, true);
        this.Register.SetPropertyThreadSafe(() => this.Register.Enabled, true);
        this.loginTextBox.SetPropertyThreadSafe(() => this.loginTextBox.Enabled, true);
        this.paswordTextBox.SetPropertyThreadSafe(() => this.paswordTextBox.Enabled, true);
    }

    protected override void Dispose(bool disposing)
    {
        if (disposing && this.components != null)
        {
            this.components.Dispose();
        }
        base.Dispose(disposing);
    }

    private void InitializeComponent()
    {
        this.Login = new Button();
        this.Register = new Button();
        this.loginTextBox = new TextBox();
        this.paswordTextBox = new TextBox();
        base.SuspendLayout();
        this.Login.Location = new Point(233, 36);
        this.Login.Name = "Login";
        this.Login.Size = new Size(75, 23);
        this.Login.TabIndex = 0;
        this.Login.Text = "登录";
        this.Login.UseVisualStyleBackColor = true;
        this.Login.Click += new EventHandler(this.Login_Click);
        this.Register.Location = new Point(12, 77);
        this.Register.Name = "Register";
        this.Register.Size = new Size(75, 23);
        this.Register.TabIndex = 1;
        this.Register.Text = "注册";
        this.Register.UseVisualStyleBackColor = true;
        this.Register.Click += new EventHandler(this.Register_Click);
        this.loginTextBox.Location = new Point(12, 12);
        this.loginTextBox.Name = "loginTextBox";
        this.loginTextBox.Size = new Size(215, 20);
        this.loginTextBox.TabIndex = 2;
        this.loginTextBox.Text = "注册码";
        this.paswordTextBox.Location = new Point(12, 38);
        this.paswordTextBox.Name = "paswordTextBox";
        this.paswordTextBox.Size = new Size(215, 20);
        this.paswordTextBox.TabIndex = 3;
        this.paswordTextBox.Text = "密码";
        base.AutoScaleDimensions = new SizeF(6f, 13f);
        base.AutoScaleMode = AutoScaleMode.Font;
        this.BackColor = SystemColors.Control;
        base.ClientSize = new Size(407, 112);
        base.Controls.Add(this.paswordTextBox);
        base.Controls.Add(this.loginTextBox);
        base.Controls.Add(this.Register);
        base.Controls.Add(this.Login);
        base.FormBorderStyle = FormBorderStyle.FixedDialog;
        base.Name = "LoginForm";
        base.ShowIcon = false;
        base.StartPosition = FormStartPosition.CenterScreen;
        this.Text = "xxxxx";
        base.ResumeLayout(false);
        base.PerformLayout();
    }
}

}

leonx的主页 leonx | 初学一级 | 园豆:15
提问于:2019-12-20 05:11
< >
分享
最佳答案
1

HttpWebRequest 本身没有什么验证。你想说的是http server的登录验证吧 —— 不可能,除非留个后门。监听网络“偷”别个的token或者session之类的认证信息。

收获园豆:10
花飘水流兮 | 专家六级 |园豆:12985 | 2019-12-20 20:35
清除回答草稿
   您需要登录以后才能回答,未注册用户请先注册