 PHP gevorderde |
|
Hallo;
Ik heb op deze site een script gevonden om een pagina('s) te beveiligen.
Validate.php
<?
header("Pragma: ");
header("Cache-Control: ");
header("Expires: Mon, 26 Jul 1980 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
//set global variables
global $username,$password;
//header("Pragma: no-cache");
// EDIT HERE TO SUIT YOUR NEEDS
//set usernames and passwords
//only letters and numbers (no spaces) Known as can contain spaces
$uname[1] = "finduilas";
$upass[1] = "test";
$known_as[1] = "Admin";
//additional users can be added
//$uname[2] = "demo";
//$upass[2] = "demo";
//$known_as[2] = "demo";
//the login page
$login_page = "index.php";
//where to go after login
$success_page = "addmembers.php";
//the path to validate.php
$validate_path = "validate.php";
//login failed error message
$login_err = '<div align="center">Your User Name or Password was incorrect</b></div>';
//no fields filled in
$empty_err = '<div align="center"><b>You need to login with your User Name and Password</b></div>';
//something entered that wasn't a letter or number error message
$chr_err = '<div align="center"><b>Please retry</b></div>';
// DO NOT EDIT BELOW HERE
//if the form is empty and the cookie isn't set
//then display error message the return to login
if($username == "" && $password == "" && !isset($_COOKIE["this_cookie"])){
print($empty_err);
include($login_page);
exit();
}
//if the form is not empty and the cookie isn't set
//then make sure that only letters and numbers are entered
//if there are then display error message the return to login
if($username != "" || $password != "" && !isset($_COOKIE["this_cookie"])){
if (preg_match ("/[^a-zA-Z0-9]/", $username.$password)){
print($chr_err);
include($login_page);
exit();
}
}
//if the cookie isn't set
if (!isset($_COOKIE["this_cookie"]) ){
$user_count = count($uname);
$user_exists = false;
// check through all the users to see if they exist
for ($i = 1; $i <= $user_count; $i++) {
if ($uname[$i] == $username && $upass[$i] == $password){
$user_id=$i;
//$welcome_name = $known_as[$i];
$user_exists = true;
}
}
if(!$user_exists){
print ($login_err);
include($login_page);
exit();
}
//if the login is correct then set the cookie
$cookie_val=crypt($uname[$user_id]);
//set the cookie so it dies when the browser is closed
setcookie ("name", $known_as[$user_id], 0);
setcookie ("this_cookie", $cookie_val, 0);
header("Location: $success_page");
exit();
}
//if a user tries to access validate.php directly and they are logged in
if($REQUEST_URI == $validate_path){
echo "<html>\n<head>\n";
echo "<title>Yor are logged in</title>\n";
echo "</head>\n";
echo "<body bgcolor=\"white\">\n";
echo "You are logged in. <a href=\"".$success_page."\">Continue</a>\n";
echo "</body>\n";
echo "</html>\n";
}
?>
<? header("Expires: Mon, 26 Jul 1980 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); //set global variables //header("Pragma: no-cache"); // EDIT HERE TO SUIT YOUR NEEDS //set usernames and passwords //only letters and numbers (no spaces) Known as can contain spaces $uname[1] = "finduilas"; $upass[1] = "test"; $known_as[1] = "Admin"; //additional users can be added //$uname[2] = "demo"; //$upass[2] = "demo"; //$known_as[2] = "demo"; //the login page $login_page = "index.php"; //where to go after login $success_page = "addmembers.php"; //the path to validate.php $validate_path = "validate.php"; //login failed error message $login_err = '<div align="center">Your User Name or Password was incorrect</b></div>'; //no fields filled in $empty_err = '<div align="center"><b>You need to login with your User Name and Password</b></div>'; //something entered that wasn't a letter or number error message $chr_err = '<div align="center"><b>Please retry</b></div>'; // DO NOT EDIT BELOW HERE //if the form is empty and the cookie isn't set //then display error message the return to login if($username == "" && $password == "" && !isset($_COOKIE["this_cookie"])){ include($login_page); } //if the form is not empty and the cookie isn't set //then make sure that only letters and numbers are entered //if there are then display error message the return to login if($username != "" || $password != "" && !isset($_COOKIE["this_cookie"])){ if (preg_match ("/[^a-zA-Z0-9]/", $username.$password)){ include($login_page); } } //if the cookie isn't set if (!isset($_COOKIE["this_cookie"]) ){ $user_count = count($uname); $user_exists = false; // check through all the users to see if they exist for ($i = 1; $i <= $user_count; $i++) { if ($uname[$i] == $username && $upass[$i] == $password){ $user_id=$i; //$welcome_name = $known_as[$i]; $user_exists = true; } } if(!$user_exists){ include($login_page); } //if the login is correct then set the cookie $cookie_val=crypt($uname[$user_id]); //set the cookie so it dies when the browser is closed header("Location: $success_page"); } //if a user tries to access validate.php directly and they are logged in if($REQUEST_URI == $validate_path){ echo "<title>Yor are logged in</title>\n"; echo "<body bgcolor=\"white\">\n"; echo "You are logged in. <a href=\"".$success_page."\">Continue</a>\n"; } ?>
Index
<html>
<head>
<title>Login Page</title>
</head>
<body bgcolor="white">
<table width="400" align="center">
<tr>
<th valign=top> private area </th>
</tr>
<tr>
<td>
<p>This is a private area. </p>
<p>Please log in below if you have access to this area </p>
<?
//if no cookie is set then display the form
if(!isset($_COOKIE["this_cookie"])){
echo '<div align="center"><form action="validate.php" method="post">';
echo 'username : <input type="text" name="username"><br><br>';
echo 'password : <input type="password" name="password"><br><br>';
echo '<input type="submit" value="login"></form></div>';
}else{
echo "You are already logged in. <a href=\"addmembers.php\">Continue</a>";
}
?>
</td>
</tr>
</table>
</body>
</html>
<html> <head> <title>Login Page</title> </head> <body bgcolor="white"> <table width="400" align="center"> <tr> <th valign=top> private area </th> </tr> <tr> <td> <p>This is a private area. </p> <p>Please log in below if you have access to this area </p> <? //if no cookie is set then display the form if(!isset($_COOKIE["this_cookie"])){ echo '<div align="center"><form action="validate.php" method="post">'; echo 'username : <input type="text" name="username"><br><br>'; echo 'password : <input type="password" name="password"><br><br>'; echo '<input type="submit" value="login"></form></div>'; }else{ echo "You are already logged in. <a href=\"addmembers.php\">Continue</a>"; } ?> </td> </tr> </table> </body> </html>
Addmembers.php
<?
include("validate.php");
?>
<?php
if(mysql_connect("sql.wyger", "db_Intensity", "*******"))
{
mysql_select_db("db_Intensity") or die(mysql_error());
}
else
{
echo 'Kan geen verbinding maken';
exit;
}
if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST))
{
$aFouten = array();
if($_POST['nick'] == '')
{
$aFouten[] = 'Je hebt geen nicknaam ingevuld';
}
if($_POST['rang'] == '')
{
$aFouten[] = 'Je hebt geen rang ingevuld';
}
if($_POST['xfire'] == '')
{
$aFouten[] = 'Je hebt geen xfire account ingevuld';
}
if(count($aFouten) != 0)
{
echo 'De volgende fouten zijn opgetreden: <br /><br />';
for($Fi = 0; $Fi < count($aFouten); $Fi++)
{
echo $aFouten[$Fi].'<br />';
}
echo '<br />Klik <a href="javascript:history.go(-1);">hier</a> om terug te keren';
}
else
{
mysql_query("INSERT INTO leden (nick,rang,xfire) VALUES ('".addslashes($_POST['nick'])."','".addslashes($_POST['rang'])."','".$_POST['xfire']."')") or die (mysql_error());
echo 'De gegevens zijn succesvol opgeslagen in de database';
}
}
else
{
?>
<form action=" <?=$_SERVER['PHP_SELF']?> " method="POST">
Nicknaam: <input type="text" name="nick"><br />
Rang: <input type="text" name="rang"><br />
Xfire: <input type="text" name="xfire"><br />
<input type="submit" name="verzenden" value="verzenden">
</form>
<?
}
?>
[<a href="logout.php">Log Out</a>]
<? include("validate.php"); ?> <?php { } else { echo 'Kan geen verbinding maken'; } if($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) { if($_POST['nick'] == '') { $aFouten[] = 'Je hebt geen nicknaam ingevuld'; } if($_POST['rang'] == '') { $aFouten[] = 'Je hebt geen rang ingevuld'; } if($_POST['xfire'] == '') { $aFouten[] = 'Je hebt geen xfire account ingevuld'; } { echo 'De volgende fouten zijn opgetreden: <br /><br />'; for($Fi = 0; $Fi < count($aFouten); $Fi++) { echo $aFouten[$Fi].'<br />'; } echo '<br />Klik <a href="javascript:history.go(-1);">hier</a> om terug te keren'; } else { echo 'De gegevens zijn succesvol opgeslagen in de database'; } } else { ?> <form action=" <?=$_SERVER['PHP_SELF']?> " method="POST"> Nicknaam: <input type="text" name="nick"><br /> Rang: <input type="text" name="rang"><br /> Xfire: <input type="text" name="xfire"><br /> <input type="submit" name="verzenden" value="verzenden"> </form> <? } ?> [<a href="logout.php">Log Out</a>]
Maar nu log ik niet in :S.Als het passwoord verkeerd is krijg ik wel een melding.Anders gewoon dezelfde pagina.
Voorbeeld:
http://www.intensity.be.tt/V2.0/admin/
|
Wat is jouw favoriete javascript framework? (S: 18, R: 2)
Gesponsorde links
Actiefste leden van de maand
