ziedinjsh Posted August 19, 2009 Report Share Posted August 19, 2009 ieejot lapā es vēlos lai ir redzams tikai login forma, piec ielogošanās atveras paša lapa <?php $con = mysql_connect("localhost","root","nls2236300"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("pro"); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $epasts = $_COOKIE['ID_my_site']; $pass = $_COOKIE['ID_my_site']; $check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['pass']) { } else { header("Location: index.php"); } } } //if the login form is submitted if (isset($_POST['login'])) { // if form has been submitted // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['grupa'] = addslashes($_POST['grupa']); } $check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('sheit taads lietotaajs nav'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['pass'] = stripslashes($info['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['pass']) { die('Nepareiza parole.'); } else { // if login is ok then we add a cookie $_POST['email'] = stripslashes($_POST['mail']); $hour = time() + 60 * 60 * 3; setcookie(ID_my_site, $_POST['epasts'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: http://62.63.191.54/"); } } echo 'Mana lapa'; } else { echo"<form name='login' method='post' action='index.php'>"; echo"<table width='210' border='0' align='center' cellpadding='0' cellspacing='0' class='login'> <tr> <th align='right' scope='col'>e-pasts:</th> <th align='right' scope='col'> <input type='text' name='epasts' class='ltextbox'></th> </tr> <tr> <th align='right' scope='col'>parole:</th> <th align='right' scope='col'> <input type='password' name='pass' class='ltextbox'> </th> </tr> <tr> <th align='right' scope='col'> </th> <th align='right' scope='col'> <input type='submit' name='login' value='ieiet' class='lbutton'> </th> </tr> </table> "; echo"</form>"; } ?> ieelogojoties man rāda ka šāds lietotājs nav!! un kā lai izvada tādu lietu kā piemēram: if (user) { echo 'kautkas'; } else (guest) { header("Location: index.php"); } Quote Link to comment Share on other sites More sharing options...
waplet Posted August 19, 2009 Report Share Posted August 19, 2009 Čaw kaimiņ... Kā kā?kur viņš padod nikname? kur viņš padod to ka ir guest? tāpat arī izvadi Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 1) Ir neforši slēgties ar root lietotāju DB. root lietotājs ir izmantojams tikai DB izveides un modifikācijas vajadzībām, bet nevis, lai slēgtos klāt tabulām un mēģinātu izpildīt neaizsargātus SQLus. Un neforši ir arī root paroli paziņot visiem caur forumu ;) 2) Rindiņas: //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $epasts = $_COOKIE['ID_my_site']; $pass = $_COOKIE['ID_my_site']; $check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['pass']) { } else { header("Location: index.php"); Ja nebūs tāds cookie ID_my_site uzstādīts, tad rinda: $epasts = $_COOKIE['ID_my_site']; izdos warningu - kā rezultātā radīsies "headers already sent" kļūda. Taču pieņemsim, ka šāds cookie ir uzstādīts un tam vērtība ir: gavriks@gav.lv, tādā gadījumā mainīgais $pass iegūst šo pašu vērtību un DB tiek atlasīti visi ieraksti, kuriem epasts ir vienāds ar gavriks@gav.lv un ja kaut vienam no šiem ierakstiem parole sakrīt ar gavriks@gavriks.lv, tad tiekam pāradresēti uz... index.php (šo pašu lapu, vai ne? - un viss sākas no gala) un vēl... un vēl.. un vēl... Ielogojoties rāda, ka tāds lietotājs nav tādēļ, ka Tu neseko līdzi, kā saucas input lauki formā un kādus $_POST mainīgos Tu izmanto skriptā: Skriptā izmanto: $_POST['email'] Bet formā ir: <input type='text' name='epasts' class='ltextbox'> Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 nu jā, tā arī ir, ka rāda Warning: Cannot modify header information - headers already sent by Kā tad es varu izveidot cookie? Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 Nu... tev tak tajā kodā ir izveidošana: setcookie(ID_my_site, $_POST['epasts'], $hour); Tā arī izveido Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 nu labi, bet tas es īsti nesaprotu kapēc ielogojoties man rāda kļudas: headers already sent ? Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 Tādēļ, ka skripts jau kaut kur kaut ko sācis izvadīt jau pirms esi izsaucis setcookie() vai header(). Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 es nevaru saprast kurā vietā!!! Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 Sāc metodiski atkļūdot. Rekur aprakstīts, kā: http://php.lv/f/topic/12593-strada-bet-tomer-nestrada/page__view__findpost__p__100205 Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 (edited) tā tad izvada logina informāciju parāda e-pastu, paroli un pogu echo '<pre>'; print_r($_POST); print_r($_GET); print_r($_COOKIE); echo '</pre>'; Viņam nepatīk kaut kas šijā: $_POST['email'] = stripslashes($_POST['email']); $hour = time() + 60 * 60 * 3; setcookie(ID_my_site, $_POST['email'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: index.php"); Use of undefined constant ID_my_site - assumed 'ID_my_site' Use of undefined constant Key_my_site - assumed 'Key_my_site' Šis arī ir iemesls droši vien kapēc uzpiežot uz kādu linku, viņš man atmet atpakaļ uz loginu Edited August 20, 2009 by ziedinjsh Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 šķiet, ka jāieliek pēdiņās tie abi... Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 :) Laikam jau.. Headers already sent.. Tur arī iet run par par šām rindiņām: setcookie('ID_my_site', $_POST['email'], $hour); setcookie('Key_my_site', $_POST['pass'], $hour); //then redirect them to the members area header("Location: index.php"); \ Es nevaru saparast kur tad viņš pirmstam ir izvadījis.. <?php error_reporting(E_ALL); ini_set("display_errors", 1); echo '<pre>'; print_r($_POST); print_r($_GET); print_r($_COOKIE); echo '</pre>'; include "misc/opendb.php"; include "misc/functions.php"; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $email = $_COOKIE['ID_my_site']; $pass = $_COOKIE['ID_my_site']; $check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['pass']) { } else { header("Location: index.php"); } } } //if the login form is submitted if (isset($_POST['login'])) { // if form has been submitted // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('ðâds producents nav ðeit reìistrçjies'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['pass'] = stripslashes($info['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['pass']) { die('Nepareiza parole.'); } else { // if login is ok then we add a cookie $_POST['email'] = stripslashes($_POST['email']); $hour = time() + 60 * 60 * 3; setcookie('ID_my_site', $_POST['email'], $hour); setcookie('Key_my_site', $_POST['pass'], $hour); //then redirect them to the members area header("Location: index.php"); } } include "skin/header.php"; include "skin/menu.php"; echo '<table id="warp" align="center">'; echo '<tr>'; echo '<td id="left" valign="top">'; echo '<div id="panel-left">'; include "skin/left.php"; echo '</div>'; echo '</td>'; echo '<td id="center" valign="top">'; if ($set == '') { include "home/index.php"; } if ($set == 'news') { include "news/index.php"; } if ($set == 'music') { include "music/index.php"; } if ($set == 'producers') { include "producers/index.php"; } if ($set == 'register') { include "reg.php"; } echo '</td>'; echo '<td id="right" valign="top">'; echo '<div id="panel-right">'; include "skin/right.php"; echo '</div>'; echo '</td>'; echo '</tr>'; echo '</table>'; include "skin/footer.php"; } else { echo"<form name='login' method='post' action='index.php'>"; echo"<table width='210' border='0' align='center' cellpadding='0' cellspacing='0' class='login'> <tr> <th align='right' scope='col'>e-pasts:</th> <th align='right' scope='col'> <input type='text' name='email' class='ltextbox'></th> </tr> <tr> <th align='right' scope='col'>parole:</th> <th align='right' scope='col'> <input type='password' name='pass' class='ltextbox'> </th> </tr> <tr> <th align='right' scope='col'> </th> <th align='right' scope='col'> <input type='submit' name='login' value='ieiet' class='lbutton'> </th> </tr> </table> "; echo"</form>"; } include "misc/closedb.php"; ?> Quote Link to comment Share on other sites More sharing options...
Aleksejs Posted August 20, 2009 Report Share Posted August 20, 2009 echo <pre> ... izvada ;) Quote Link to comment Share on other sites More sharing options...
ziedinjsh Posted August 20, 2009 Author Report Share Posted August 20, 2009 nu es izņēmu viņu ārā, bet nu nekas nemainās.. k\ludu ziņā! ahh.. Quote Link to comment Share on other sites More sharing options...
xPtv45z Posted August 20, 2009 Report Share Posted August 20, 2009 Tev tā ir iekopējies vai arī šeit ir space sākumā? <?php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.