http://www.xxx.com/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&inajax=1&password=e10adc3949ba59abbe56e057f20f88&username=testxs

http://www.xxx.com/home.php?mod=space&do=profile&uid=1

http://www.xxx.com/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&password=qqqqqq&username=%E7%94%A8%E6%88%B7%E5%90%8D

http://bbs.xxx.com/member.php?mod=logging&action=login&loginsubmit=yes&handlekey=login&inajax=1&password=e10adc3949ba59abbe56e057f20f88&username=testxs

http://bbs.xxx.com/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes&inajax=1&handlekey=ls&quickforward=yes&password=qqqqqq&username=popcorn

如果 username=testxs 那么就封掉这个ip的登陆权限

将用户名页面的titie 增加几个特殊字符  扰乱用户获取得信息

如果直接来到member.php?mod=logging& 页面,没有refer  那么禁止登陆