Scripts - Tutorials - Forum - Downloads - Showcase - Contact

Artikels

VPN vergelijken

Algemeen

Beginpagina

FAQ

Grafische worm (243)

Links

Nieuwsartikels

Nieuwsarchief

Boeken programmeren

Overzicht

Samenwerken

Webhosting

Zoek op Sitemasters

Leden

Registreren

Ledenlijst

Ons team

Links

webhostingtop10.be

Sociale media

Follow @sitemasters

Sitemasters

Adverteren op Sitemasters?

Contacteer ons

RSS

Link naar ons

Donaties

Poll

Je moet ingelogd zijn om te stemmen.

Statistieken

Linkpartners

Forum

Categorieën > PHP

Cookie geset?

Sjaakmans - 23/07/2005 11:26
Nieuw lid		Ik kom er niet meer uit ik heb dit in een script staan: php code - Bekijk de code zonder highlighting - Klap code in <? ob_start(); setcookie("username", $username, time()+7200); ?> <? ob_start(); setcookie("username", $username, time()+7200); ?> en dit in een ander script: php code - Bekijk de code zonder highlighting - Klap code in <? if(!isset($_COOKIE['username'])){ die("Not logged in"); } ?> <? if(!isset($_COOKIE['username'])){ die("Not logged in"); } ?> maar elke keer als ik op die pagina met dat onderste kom zegt ie Not logged in Kan iemand my helpen?:?:

6 antwoorden

Gesponsorde links

Sjaakmans - 23/07/2005 11:35
Nieuw lid		maakt het trouwens uit als die twee scripts allebei in een andere map staan?

Voldemort - 23/07/2005 11:36
PHP ver gevorderde		Wat is de inhoud van die $username?

Sjaakmans - 23/07/2005 11:39
Nieuw lid		oh sorry php code - Bekijk de code zonder highlighting - Klap code in <? $username = $_POST['username']; ?> <? $username = $_POST['username']; ?> t wordt uit een form met method=POST gehaald

Voldemort - 23/07/2005 11:41
PHP ver gevorderde		Geef eens je volledige script, form en verwerking ervan.

Sjaakmans - 23/07/2005 11:43 (laatste wijziging 23/07/2005 11:44)

Nieuw lid

php code - Bekijk de code zonder highlighting - Klap code in

<?
ob_start();
include("connect.php");
?>
<link rel="stylesheet" href="http://gangstaworld.themastermp3.nl/style/gangstastyle.css">
<?
if(!isset($attempt)){
                      $attempt = 0;
              }

?>
        <center>
        <form action=<?=$_SERVER['PHP_SELF']; ?> method=POST>
        <table border=1 bordercolor=#000000 cellpadding=0 cellspacing=0 width=400>
        <th class=title colspan=2>Login</th>
        <?
        if(isset($_POST['submit'])){

                      $attempt = $_POST['attempt'];
                      if($attempt >= 3){
                      setcookie("attempt", time()+(5*60), time()+(5*60));
                      $attempt = 0;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You only have 3 attempts, you will need to wait 5 minutes</font></b></td></tr>";
                }
                elseif($_COOKIE['attempt'] > time()){
                       $rest = $_COOKIE['attempt'] - time();
                       $mins = floor($rest/60);
                       $secs = $rest%60;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You need to wait another ".$mins." minutes and ".$secs." seconds.</td></tr>";
                }
                elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'"))){
                        $attempt++;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>This combination is invalid.</font></b><br>Attempt ".$attempt."/3</td></tr>";
                }
                else{
                $username = $_POST['username'];
                        setcookie("username", $username, time()+7200);
                        echo "<tr><td class=subTitle colspan=2 align=center><meta http-equiv=Refresh content=0;url=http://gangstaworld.themastermp3.nl/money/test.php>Welcome back ".$_COOKIE['username']."</td></tr>";
                }
        }
        ?>
        <tr><td><table border=0 cellspacing=1 cellpadding=2 width=100%>
        <input type=hidden name=attempt value=<?=$attempt; ?>>
        <tr><td>Username:</td><td><input type=text name=username size=30 maxlength=20 onfocus="if(this.value == 'Username'){ this.value = ''; }" onblur="if(this.value == ''){ this.value = 'Username'; }"></td></tr>
        <tr><td>Password:</td><td><input type=password name=password size=30 maxlength=30 onfocus="if(this.value == 'Password'){ this.value = '';}" onblur="if(this.value == ''){ this.value = 'Password'; }"></td></tr>
        <tr><td colspan=2 align=center><input type=submit value=Login name=submit></td></tr>
        </table></td></tr>
        </table>
        </form>
        <br><br>
        <a href=register.php>Register</a> | <a href=lostpw.php>Lost password</a> | <a href=mailto:gangstaworld@themastermp3.nl>Contact</a>

<?
ob_start();
include("connect.php");
?>
<link rel="stylesheet" href="http://gangstaworld.themastermp3.nl/style/gangstastyle.css">
<?
if(!isset($attempt)){
                      $attempt = 0;
              }
 
?>
        <center>
        <form action=<?=$_SERVER['PHP_SELF']; ?> method=POST>
        <table border=1 bordercolor=#000000 cellpadding=0 cellspacing=0 width=400>
        <th class=title colspan=2>Login</th>
        <?
        if(isset($_POST['submit'])){
 
                      $attempt = $_POST['attempt'];
                      if($attempt >= 3){
                      setcookie("attempt", time()+(5*60), time()+(5*60));
                      $attempt = 0;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You only have 3 attempts, you will need to wait 5 minutes</font></b></td></tr>";
                }
                elseif($_COOKIE['attempt'] > time()){
                       $rest = $_COOKIE['attempt'] - time();
                       $mins = floor($rest/60);
                       $secs = $rest%60;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You need to wait another ".$mins." minutes and ".$secs." seconds.</td></tr>";
                }
                elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'"))){
                        $attempt++;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>This combination is invalid.</font></b><br>Attempt ".$attempt."/3</td></tr>";
                }
                else{
                $username = $_POST['username'];
                        setcookie("username", $username, time()+7200);
                        echo "<tr><td class=subTitle colspan=2 align=center><meta http-equiv=Refresh content=0;url=http://gangstaworld.themastermp3.nl/money/test.php>Welcome back ".$_COOKIE['username']."</td></tr>";
                }
        }
        ?>
        <tr><td><table border=0 cellspacing=1 cellpadding=2 width=100%>
        <input type=hidden name=attempt value=<?=$attempt; ?>>
        <tr><td>Username:</td><td><input type=text name=username size=30 maxlength=20 onfocus="if(this.value == 'Username'){ this.value = ''; }" onblur="if(this.value == ''){ this.value = 'Username'; }"></td></tr>
        <tr><td>Password:</td><td><input type=password name=password size=30 maxlength=30 onfocus="if(this.value == 'Password'){ this.value = '';}" onblur="if(this.value == ''){ this.value = 'Password'; }"></td></tr>
        <tr><td colspan=2 align=center><input type=submit value=Login name=submit></td></tr>
        </table></td></tr>
        </table>
        </form>
        <br><br>
        <a href=register.php>Register</a> | <a href=lostpw.php>Lost password</a> | <a href=mailto:gangstaworld@themastermp3.nl>Contact</a>

en dan de pagina:

php code - Bekijk de code zonder highlighting - Klap code in

<?php
ob_start();
$username = $_COOKIE['username'];
include("connect.php");
if(!isset($_COOKIE['username'])){
die("Not logged in");
}
?>
<link rel=stylesheet href=http://gangstaworld.themastermp3.nl/style/gangstastyle.css>
<?
$sql                 = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$user                = mysql_fetch_object($sql);
$language            = $user->language;
$money               = $user->money;
$attempts            = $user->crime_attempts;
$succes              = $user->crime_succes;
$earned              = $user->crime_earnings;
$lastcrime           = $user->lastcrime;
$succes              = explode("-", $user->crimes);
$timenow             = time();

if($language == 'nl'){
        if($lastcrime > $timenow){
                die("* You are only allowed to do one crime every 2 minutes.");
        }

        ?>
        <center>
        <form action=<?=$_SERVER['PHP_SELF']; ?> method=POST>
        <table border=1 bordercolor=#000000 cellpadding=0 cellspacing=0 width=50% rules=none>
        <th class=title colspan=3>Misdaden</th>
        <tr><td align=center colspan=3><img src=http://gangstaworld.themastermp3.nl/style/crimes.jpg></td></tr>
        <?
}
?>

<?php
ob_start();
$username = $_COOKIE['username'];
include("connect.php");
if(!isset($_COOKIE['username'])){
die("Not logged in");
}
?>
<link rel=stylesheet href=http://gangstaworld.themastermp3.nl/style/gangstastyle.css>
<?
$sql                 = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$user                = mysql_fetch_object($sql);
$language            = $user->language;
$money               = $user->money;
$attempts            = $user->crime_attempts;
$succes              = $user->crime_succes;
$earned              = $user->crime_earnings;
$lastcrime           = $user->lastcrime;
$succes              = explode("-", $user->crimes);
$timenow             = time();
 
if($language == 'nl'){
        if($lastcrime > $timenow){
                die("* You are only allowed to do one crime every 2 minutes.");
        }
 
        ?>
        <center>
        <form action=<?=$_SERVER['PHP_SELF']; ?> method=POST>
        <table border=1 bordercolor=#000000 cellpadding=0 cellspacing=0 width=50% rules=none>
        <th class=title colspan=3>Misdaden</th>
        <tr><td align=center colspan=3><img src=http://gangstaworld.themastermp3.nl/style/crimes.jpg></td></tr>
        <?
}
?>

Dolfje - 23/07/2005 13:14 (laatste wijziging 23/07/2005 13:15)

PHP ver gevorderde

schandalige exploit

php code - Bekijk de code zonder highlighting - Klap code in

elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'")))

elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'")))

(zoek er maar eens op, en sorry dat ik hierover weer begin)

ik zie niet op het eerste zicht een fout, maar doe eens het volgende:

php code - Bekijk de code zonder highlighting - Klap code in

<?
        if(isset($_POST['submit'])){

                      $attempt = $_POST['attempt'];
                      if($attempt >= 3){
                      setcookie("attempt", time()+(5*60), time()+(5*60));
                      $attempt = 0;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You only have 3 attempts, you will need to wait 5 minutes</font></b></td></tr>";
                }
                elseif($_COOKIE['attempt'] > time()){
                       echo 1;$rest = $_COOKIE['attempt'] - time();
                       $mins = floor($rest/60);
                       $secs = $rest%60;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You need to wait another ".$mins." minutes and ".$secs." seconds.</td></tr>";
                }
                elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'"))){
                        echo 2;$attempt++;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>This combination is invalid.</font></b><br>Attempt ".$attempt."/3</td></tr>";
                }
                else{
                echo 3;$username = $_POST['username'];
                        setcookie("username", $username, time()+7200);
                        echo "<tr><td class=subTitle colspan=2 align=center><meta http-equiv=Refresh content=0;url=http://gangstaworld.themastermp3.nl/money/test.php>Welcome back ".$_COOKIE['username']."</td></tr>";
                }
        }
        ?>

<?
        if(isset($_POST['submit'])){
 
                      $attempt = $_POST['attempt'];
                      if($attempt >= 3){
                      setcookie("attempt", time()+(5*60), time()+(5*60));
                      $attempt = 0;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You only have 3 attempts, you will need to wait 5 minutes</font></b></td></tr>";
                }
                elseif($_COOKIE['attempt'] > time()){
                       echo 1;$rest = $_COOKIE['attempt'] - time();
                       $mins = floor($rest/60);
                       $secs = $rest%60;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>You need to wait another ".$mins." minutes and ".$secs." seconds.</td></tr>";
                }
                elseif(!mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_POST['username']."' AND `password` = '".md5($_POST['password'])."'"))){
                        echo 2;$attempt++;
                        echo "<tr><td colspan=2 class=subTitle align=center><b><font color=red>This combination is invalid.</font></b><br>Attempt ".$attempt."/3</td></tr>";
                }
                else{
                echo 3;$username = $_POST['username'];
                        setcookie("username", $username, time()+7200);
                        echo "<tr><td class=subTitle colspan=2 align=center><meta http-equiv=Refresh content=0;url=http://gangstaworld.themastermp3.nl/money/test.php>Welcome back ".$_COOKIE['username']."</td></tr>";
                }
        }
        ?>

en kijkt als hij het juiste doet

Gesponsorde links

Dit onderwerp is gesloten.

Actiefste leden van de maand

Actieve forumberichten