TalkPHP - View Single Post

Swordbeta · 12-05-2007, 06:30 PM

thanks for explaining sock :)
I got another problem...
It's something totally different,I'm making a file editor but problems with the login.
The pass and username are in the config.php,but when entering a wrong password it logs me in =/

PHP Code:


			
<?php

/**
 * @author Michael
 * @copyright 2007
 */
session_start();
include("config.php");
echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
 <html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<title>Phatom Panel</title>
<style>
BODY { font-size: 11px; color: #7d7b7b;background-color:#1F1F1F; }
a:link, a:visited, a:active { text-decoration: none; color: #B9B9B9 }
a:hover { color: #D7D7D7; text-decoration:underline }
.table { border:1px solid #181818;text-align: center;background-color: #262626; }
</style>
</head>
<body>";
if(isset($_SESSION['pp_admin'])){
    if($_SESSION['pp_admin']!=$pass){
        unset($_SESSION['pp_admin']); 
    }
}
if(!isset($_GET['act'])){
    if(!isset($_SESSION['pp_admin'])){
    echo "<center>
    <table width='500' class='table'><tr>
    <td><h2><b>Login</b></h2></td>
    <td><form action='ppanel.php?act=admin' method='post'><p><br /><b>Admin Name:</b> <input type='text' name='name' /></p><p><b>Password:</b> <input type='password' name='pass' /></p><p><input type='submit' value='Login'></p></form>
    </td></tr></table></center>";
    }else if(isset($_SESSION['pp_admin'])){
        echo "<center><table width='500' class='table'><tr>
    <td><b>You're already logged in!</b><br /><a href='ppanel.php?act=panel'>Go to the Phantom Panel</a></td></tr></table></center>";
    }
}
if($_GET['act']=="admin"){
    $a = 0;
    if(isset($_POST['name']) && $_POST['name']!="" && isset($_POST['pass']) && $_POST['pass']!=""){
    if(md5($_POST['pass'])==$pass){
        $a = 0;
    }else{
        $a = 1;
    }
    if($_POST['name']==$username){
        $a = 0;
    }else{
        $a = 1;
    }}
    echo "<center><table width='500' class='table'><tr><td>";
    if($a==0){
        $_SESSION['pp_admin'] = $pass; 
        if(isset($_SESSION['pp_admin'])){
        echo "<b>Login Succesful!</b><br /><a href='ppanel.php?act=panel'>Go to the Phantom Panel</a>";
        }else{
        echo "<b>Unknown error.</b>";
        }
        }else{
                echo "<b>Admin Name/Password didn't matched.</b>";
        }
    echo "</center></td></tr></table>";
}
if($_GET['act']=="panel"){
        echo "<center><table width='500' class='table'><tr><td>";
    if(isset($_SESSION['pp_admin']) && $_SESSION['pp_admin']==$pass){
        echo "<font size='1'><a href='ppanel.php?act=logout'>Logout</a></font><h2>Welcome to your Phantom Panel!</h2><br /><br /><br /><img src='pp_images/edit.png' alt='' /> <a href='ppanel.php?act=edit&path=/'>File Editor</a><br /><br /><img src='pp_images/key.png' alt='' /><a href='ppanel.php?act=pass'>Change password</a>";
        }else{
        echo "<a href='ppanel.php'><h2>Please Login</h2></a>";    
        }
        echo "</td></tr></table>";
}
if($_GET['act']=="logout"){
    if(isset($_SESSION['pp_admin'])){
        unset($_SESSION['pp_admin']);
        echo "<center><table width='500' class='table'><tr><td><h2>Your now logged out</h2></td></tr></table</center>";
    }else{
        echo "<center><table width='500' class='table'><tr><td><a href='ppanel.php'><h2>Please login first.</h2></a></td></tr></table</center>";
    }
}
if($_GET['act']=="pass"){
        if(isset($_SESSION['pp_admin']) && $_SESSION['pp_admin']==$pass){
    if(!$_POST){
    echo "<center><table width='500' class='table'><tr><td><h2>Change your password</h2><br /><br /><form action='ppanel.php?act=pass' method='post'><p><b>Current Password:</b> <input type='password' name='pass' /></p><p><b>New Password:</b> <input type='password' name='pass1' /></p><p><b>Confirm new password:</b><input type='password' name='pass2'></p><p><input type='submit' value='Change password'></form></td></tr></table</center>";
    }else if($_POST){
        if($_POST['pass'] && $_POST['pass1'] && $_POST['pass2']){
            if(md5($_POST['pass'])==$pass && $_POST['pass1']==$_POST['pass2']){
                $f = "config.php";
                $fh = fopen($f, 'w') or die("can't open file");
                $data = "
                <"."?php 
                \$username = \"".$username."\";
                \$pass = \"".md5($_POST['pass2'])."\"; 
                ?".">";
                fwrite($fh, $data);
            }else{
                echo "<center><table width='500' class='table'><tr><td><h2>Passwords didn't matched!</h2></td></tr></table</center>";
            }
        }else{
            echo "<center><table width='500' class='table'><tr><td><h2>Please fill in all fields!</h2></td></tr></table</center>";
        }
    }
    }else{
        echo "<center><table width='500' class='table'><tr><td><a href='ppanel.php'><h2>Please login!</h2></a></td></tr></table</center>";
    }
}
echo "<br /><br /><br /><br /><center>Phantom Panel copyright Michael of Phantom-designs.net</center></body></html>";
?>

12-05-2007, 06:30 PM	#7 (permalink)
Swordbeta The Wanderer Join Date: Dec 2007 Location: Holland Posts: 18 Thanks: 0	thanks for explaining sock :) I got another problem... It's something totally different,I'm making a file editor but problems with the login. The pass and username are in the config.php,but when entering a wrong password it logs me in =/ PHP Code: <?php /** * @author Michael * @copyright 2007 */ session_start(); include("config.php"); echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> <html xmlns=\"http://www.w3.org/1999/xhtml\"> <head> <title>Phatom Panel</title> <style> BODY { font-size: 11px; color: #7d7b7b;background-color:#1F1F1F; } a:link, a:visited, a:active { text-decoration: none; color: #B9B9B9 } a:hover { color: #D7D7D7; text-decoration:underline } .table { border:1px solid #181818;text-align: center;background-color: #262626; } </style> </head> <body>"; if(isset($_SESSION['pp_admin'])){ if($_SESSION['pp_admin']!=$pass){ unset($_SESSION['pp_admin']); } } if(!isset($_GET['act'])){ if(!isset($_SESSION['pp_admin'])){ echo "<center> <table width='500' class='table'><tr> <td><h2><b>Login</b></h2></td> <td><form action='ppanel.php?act=admin' method='post'><p><br /><b>Admin Name:</b> <input type='text' name='name' /></p><p><b>Password:</b> <input type='password' name='pass' /></p><p><input type='submit' value='Login'></p></form> </td></tr></table></center>"; }else if(isset($_SESSION['pp_admin'])){ echo "<center><table width='500' class='table'><tr> <td><b>You're already logged in!</b><br /><a href='ppanel.php?act=panel'>Go to the Phantom Panel</a></td></tr></table></center>"; } } if($_GET['act']=="admin"){ $a = 0; if(isset($_POST['name']) && $_POST['name']!="" && isset($_POST['pass']) && $_POST['pass']!=""){ if(md5($_POST['pass'])==$pass){ $a = 0; }else{ $a = 1; } if($_POST['name']==$username){ $a = 0; }else{ $a = 1; }} echo "<center><table width='500' class='table'><tr><td>"; if($a==0){ $_SESSION['pp_admin'] = $pass; if(isset($_SESSION['pp_admin'])){ echo "<b>Login Succesful!</b><br /><a href='ppanel.php?act=panel'>Go to the Phantom Panel</a>"; }else{ echo "<b>Unknown error.</b>"; } }else{ echo "<b>Admin Name/Password didn't matched.</b>"; } echo "</center></td></tr></table>"; } if($_GET['act']=="panel"){ echo "<center><table width='500' class='table'><tr><td>"; if(isset($_SESSION['pp_admin']) && $_SESSION['pp_admin']==$pass){ echo "<font size='1'><a href='ppanel.php?act=logout'>Logout</a></font><h2>Welcome to your Phantom Panel!</h2><br /><br /><br /><img src='pp_images/edit.png' alt='' /> <a href='ppanel.php?act=edit&path=/'>File Editor</a><br /><br /><img src='pp_images/key.png' alt='' /><a href='ppanel.php?act=pass'>Change password</a>"; }else{ echo "<a href='ppanel.php'><h2>Please Login</h2></a>"; } echo "</td></tr></table>"; } if($_GET['act']=="logout"){ if(isset($_SESSION['pp_admin'])){ unset($_SESSION['pp_admin']); echo "<center><table width='500' class='table'><tr><td><h2>Your now logged out</h2></td></tr></table</center>"; }else{ echo "<center><table width='500' class='table'><tr><td><a href='ppanel.php'><h2>Please login first.</h2></a></td></tr></table</center>"; } } if($_GET['act']=="pass"){ if(isset($_SESSION['pp_admin']) && $_SESSION['pp_admin']==$pass){ if(!$_POST){ echo "<center><table width='500' class='table'><tr><td><h2>Change your password</h2><br /><br /><form action='ppanel.php?act=pass' method='post'><p><b>Current Password:</b> <input type='password' name='pass' /></p><p><b>New Password:</b> <input type='password' name='pass1' /></p><p><b>Confirm new password:</b><input type='password' name='pass2'></p><p><input type='submit' value='Change password'></form></td></tr></table</center>"; }else if($_POST){ if($_POST['pass'] && $_POST['pass1'] && $_POST['pass2']){ if(md5($_POST['pass'])==$pass && $_POST['pass1']==$_POST['pass2']){ $f = "config.php"; $fh = fopen($f, 'w') or die("can't open file"); $data = " <"."?php \$username = \"".$username."\"; \$pass = \"".md5($_POST['pass2'])."\"; ?".">"; fwrite($fh, $data); }else{ echo "<center><table width='500' class='table'><tr><td><h2>Passwords didn't matched!</h2></td></tr></table</center>"; } }else{ echo "<center><table width='500' class='table'><tr><td><h2>Please fill in all fields!</h2></td></tr></table</center>"; } } }else{ echo "<center><table width='500' class='table'><tr><td><a href='ppanel.php'><h2>Please login!</h2></a></td></tr></table</center>"; } } echo "<br /><br /><br /><br /><center>Phantom Panel copyright Michael of Phantom-designs.net</center></body></html>"; ?>