Hennikenno Posted August 20, 2009 Report Share Posted August 20, 2009 (edited) Sveiki. Šodien turpinu iesākto darbu pie vienas weblapas. Uzrakstīju signup, viss iet ideāli. Ustaisīju, skriptu, kas veic ielogošanos un kas nočeko vai lietotājs ir ielgojies, bet sākas problēmas, jo ielogošanos veic bez erroriem, bet pēctam rāda, ka lietotājs nav ielogojies. Drošivien jau pats kautkādu pastulbu kļūdu esmu pieļāvis, bet gan pusnakti nosēž pie koda, tur nav nekāds brīnums... Login.php - ielogošanās izpilde (ar jau saņemtiem datiem no $_POST) <?php require_once "core/main.php"; checklogin(); if(isloggedon() == true) { errmsg("Login error!", "You have already registered and logged on!"); } if(!mkglobal("username:password")) { errsmg("No access!", "You have no access key to this page!"); } $username = $_POST['username']; $password = $_POST['password']; $sql_username = sqlesc($username); if(!validusername($username)) { errmsg("Login error", "You typed in invalid username"); } $user_res = sql_query("SELECT * FROM users WHERE uname = $sql_username")or die(mysql_error()); if(mysql_num_rows($user_res) != 1) { errmsg("Login error", "You typed in unknow or invalid username"); } $user_row = mysql_fetch_assoc($user_res); $db_user_hashedpass = base64_decode($user_row['hashedpass']); $db_user_salt = base64_decode($user_row['salt']); $db_user_id = $user_row['id']; $cur_rev_pass = strrev($password); $cur_hashedpass = md5($username . $cur_rev_pass . $db_user_salt); if($cur_hashedpass != $db_user_hashedpass) { errmsg("Login error", "Username or / and password was incorrect!"); } $_SESSION['uid'] = $db_user_id; $_SESSION['hashed'] = $cur_hashedpass; msg("Congrats!", "You have successfuly logged on. You can now proceed to index page!"); ?> main.php - tikai pāris funkcijas no šī faila <?php // Start counter to check page execution time: $GLOBALS['stime'] = array_sum(explode(' ',microtime())); // Set our timezone: date_default_timezone_set('Europe/Riga'); // Reset query counter: $_SESSION['queries_made'] = 0; // Database config: $db_host = "localhost"; $db_user = "admin"; $db_pass = "pass"; $db_database = "newice"; // Make a connection to mysql server: mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error()); mysql_select_db($db_database) or die(mysql_error()); // Define all functions: function sql_query($query) { $query = mysql_query($query); $_SESSION['queries_made'] = $_SESSION['queries_made'] + 1; return $query; } function sqlesc($x) { return "'".mysql_real_escape_string($x)."'"; } function unesc($x) { if (get_magic_quotes_gpc()) return stripslashes($x); return $x; } function curdate() { $curdate = date('d.m.Y H:i:s'); return $curdate; } function mkglobal($vars) { if (!is_array($vars)) $vars = explode(":", $vars); foreach ($vars as $v) { if (isset($_GET[$v])) $GLOBALS[$v] = unesc($_GET[$v]); elseif (isset($_POST[$v])) $GLOBALS[$v] = unesc($_POST[$v]); else return 0; } return 1; } function validusername($username) { if ($username == "") return false; // The following characters are allowed in user names $allowedchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789."; for ($i = 0; $i < strlen($username); ++$i) if (strpos($allowedchars, $username[$i]) === false) return false; return true; } function checklogin() { unset($GLOBALS['me']); $_SESSION['islogged'] = md5('no'); $curid = 0 + $_SESSION['uid']; $curhash = $_SESSION['hashed']; $user_res = sql_query("SELECT * FROM users WHERE id = $curid")or die(mysql_error()); if(mysql_num_rows($user_res) == 1) { $row = mysql_fetch_assoc($user_res); $db_user_hashedpass = base64_decode($row['hashedpass']); if($curhash == $db_user_hashedpass) { $GLOBALS['me'] = $row; $_SESSION['isloggedon'] = md5('yes'); $now = sqlesc(curdate()); sql_query("UPDATE users SET last_online = $now WHERE id = $curid")or die(mysql_error()); } } } function isloggedon() { $state = false; if($_SESSION['isloggedon'] == md5("yes")) { $state = true; } else { $state = false; } return $state; } function errmsg($title = "Error", $text = "Random error occured") { if(!headers_sent()) { draw_head("Error"); ?> <H2><? echo "$title"; ?></h2> <p> <span style="color: #d82a2a;"><? echo "$text"; ?></span> </p> <? draw_foot(); break; } else { ?> <H2><? echo "$title"; ?></h2> <p> <span style="color: #d82a2a;"><? echo "$text"; ?></span> </p> <? } } function msg($title = "A message", $text = "You now see a message!") { if(!headers_sent()) { draw_head("Message"); ?> <H2><? echo "$title"; ?></h2> <p> <span style="color: #42d82a;"><? echo "$text"; ?></span> </p> <? draw_foot(); break; } else { ?> <H2><? echo "$title"; ?></h2> <p> <span style="color: #42d82a;"><? echo "$text"; ?></span> </p> <? } } Tad varbūt kāds no jums varēs pamanīt to, ko es esmu palaidis garām + varēsiet pēc pilnas programmas "nolikt" manu kodu! :D ps. izlaidu draw_head() un draw_foot() funkcijas. Kā jau var saprast, tās uzzīmē lapas galveni un kājeni! Edited August 20, 2009 by Hennikenno Quote Link to comment Share on other sites More sharing options...
xPtv45z Posted August 20, 2009 Report Share Posted August 20, 2009 session_start()? Quote Link to comment Share on other sites More sharing options...
Hennikenno Posted August 20, 2009 Author Report Share Posted August 20, 2009 Nu vot tā, idiots es! :D :D :D Viss aizgāja, paldies par tāda maza sīkuma atgādināšanu ;) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.