Jump to content
php.lv forumi

php login


ziedinjsh

Recommended Posts

ieejot lapā es vēlos lai ir redzams tikai login forma, piec ielogošanās atveras paša lapa

 

<?php
$con = mysql_connect("localhost","root","nls2236300");
if (!$con)

 {
 die('Could not connect: ' . mysql_error());
 }
mysql_select_db("pro");  

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$epasts = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['ID_my_site'];
$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['pass'])
{
}
else
{
header("Location: index.php");

}
}
}

//if the login form is submitted
if (isset($_POST['login'])) { // if form has been submitted


// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['grupa'] = addslashes($_POST['grupa']);
}
$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('sheit taads lietotaajs nav');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['pass'] = stripslashes($info['pass']);


//gives error if the password is wrong

if ($_POST['pass'] != $info['pass']) {
die('Nepareiza parole.');
}
else
{

// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['mail']);
$hour = time() + 60 * 60 * 3;
setcookie(ID_my_site, $_POST['epasts'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: http://62.63.191.54/");
}
}

echo 'Mana lapa';

}
else
{



echo"<form name='login' method='post' action='index.php'>";
echo"<table width='210' border='0' align='center' cellpadding='0' cellspacing='0' class='login'>
 <tr>
   <th align='right' scope='col'>e-pasts:</th>
   <th align='right' scope='col'>
     <input type='text' name='epasts' class='ltextbox'></th>
 </tr>
 <tr>
   <th align='right' scope='col'>parole:</th>
   <th align='right' scope='col'>
     <input type='password' name='pass' class='ltextbox'> </th>
 </tr>
 <tr>
   <th align='right' scope='col'> </th>
   <th align='right' scope='col'>
     <input type='submit' name='login' value='ieiet' class='lbutton'>   </th>
 </tr>
</table>
";
echo"</form>";

}



?>

 

ieelogojoties man rāda ka šāds lietotājs nav!!

 

un kā lai izvada tādu lietu kā piemēram:

 

if (user) {
echo 'kautkas';
}
else (guest) {
header("Location: index.php");
}

Link to comment
Share on other sites

1) Ir neforši slēgties ar root lietotāju DB. root lietotājs ir izmantojams tikai DB izveides un modifikācijas vajadzībām, bet nevis, lai slēgtos klāt tabulām un mēģinātu izpildīt neaizsargātus SQLus. Un neforši ir arī root paroli paziņot visiem caur forumu ;)

2) Rindiņas:

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$epasts = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['ID_my_site'];
$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['pass'])
{
}
else
{
header("Location: index.php");

Ja nebūs tāds cookie ID_my_site uzstādīts, tad rinda:

$epasts = $_COOKIE['ID_my_site'];

izdos warningu - kā rezultātā radīsies "headers already sent" kļūda. Taču pieņemsim, ka šāds cookie ir uzstādīts un tam vērtība ir: [email protected], tādā gadījumā mainīgais $pass iegūst šo pašu vērtību un DB tiek atlasīti visi ieraksti, kuriem epasts ir vienāds ar [email protected] un ja kaut vienam no šiem ierakstiem parole sakrīt ar [email protected], tad tiekam pāradresēti uz... index.php (šo pašu lapu, vai ne? - un viss sākas no gala)

 

un vēl... un vēl.. un vēl...

 

Ielogojoties rāda, ka tāds lietotājs nav tādēļ, ka Tu neseko līdzi, kā saucas input lauki formā un kādus $_POST mainīgos Tu izmanto skriptā:

Skriptā izmanto:

$_POST['email']

Bet formā ir:

<input type='text' name='epasts' class='ltextbox'>

Link to comment
Share on other sites

tā tad izvada logina informāciju parāda e-pastu, paroli un pogu

 

echo '<pre>';
print_r($_POST);
print_r($_GET);
print_r($_COOKIE);
echo '</pre>';

 

Viņam nepatīk kaut kas šijā:

 

$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 60 * 60 * 3;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: index.php");

 

Use of undefined constant ID_my_site - assumed 'ID_my_site'

Use of undefined constant Key_my_site - assumed 'Key_my_site'

 

Šis arī ir iemesls droši vien kapēc uzpiežot uz kādu linku, viņš man atmet atpakaļ uz loginu

Edited by ziedinjsh
Link to comment
Share on other sites

:) Laikam jau.. Headers already sent.. Tur arī iet run par par šām rindiņām:

setcookie('ID_my_site', $_POST['email'], $hour);
setcookie('Key_my_site', $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: index.php");

\

 

Es nevaru saparast kur tad viņš pirmstam ir izvadījis..

 

 <?php
error_reporting(E_ALL);
ini_set("display_errors", 1);

echo '<pre>';
print_r($_POST);
print_r($_GET);
print_r($_COOKIE);
echo '</pre>';

include "misc/opendb.php";
include "misc/functions.php";
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$email = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['ID_my_site'];
$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['pass'])
{
}
else
{
header("Location: index.php");

}
}
}

//if the login form is submitted
if (isset($_POST['login'])) { // if form has been submitted


// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('ðâds producents nav ðeit reìistrçjies');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['pass'] = stripslashes($info['pass']);


//gives error if the password is wrong

if ($_POST['pass'] != $info['pass']) {
die('Nepareiza parole.');
}
else
{

// if login is ok then we add a cookie
$_POST['email'] = stripslashes($_POST['email']);
$hour = time() + 60 * 60 * 3;
setcookie('ID_my_site', $_POST['email'], $hour);
setcookie('Key_my_site', $_POST['pass'], $hour);

//then redirect them to the members area
header("Location: index.php");
}
}


include "skin/header.php";
include "skin/menu.php";

echo '<table id="warp" align="center">';
echo '<tr>';
echo '<td id="left" valign="top">';
echo '<div id="panel-left">';
include "skin/left.php";
echo '</div>';
echo '</td>';
echo '<td id="center" valign="top">';

if ($set == '') {
include "home/index.php";
}
if ($set == 'news') {
include "news/index.php";
}
if ($set == 'music') {
include "music/index.php";
}
if ($set == 'producers') {
include "producers/index.php";
}
if ($set == 'register') {
include "reg.php";
}

echo '</td>';
echo '<td id="right" valign="top">';
echo '<div id="panel-right">';
include "skin/right.php";
echo '</div>';
echo '</td>';
echo '</tr>';
echo '</table>';

include "skin/footer.php";

}
else
{



echo"<form name='login' method='post' action='index.php'>";
echo"<table width='210' border='0' align='center' cellpadding='0' cellspacing='0' class='login'>
 <tr>
   <th align='right' scope='col'>e-pasts:</th>
   <th align='right' scope='col'>
     <input type='text' name='email' class='ltextbox'></th>
 </tr>
 <tr>
   <th align='right' scope='col'>parole:</th>
   <th align='right' scope='col'>
     <input type='password' name='pass' class='ltextbox'> </th>
 </tr>
 <tr>
   <th align='right' scope='col'> </th>
   <th align='right' scope='col'>
     <input type='submit' name='login' value='ieiet' class='lbutton'>   </th>
 </tr>
</table>
";
echo"</form>";

}


include "misc/closedb.php";
?>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...