6 odpowiedzi w tym temacie

[fastlone]

Witam. Ostatnio pytałem się nt. dodania do pliku podstrony typu ?strona=...
1. Ustawiłem jako ?strona=loguj include pliku login.php, a jako ?strona=wyloguj include pliku logout.php.
Plik logout.php działa, tzn. wylogowuje, plik login.php loguje, ale nie ustawia ciasteczek do końca (nie pokazuje UID, w nawigacji nie pokazuje linków dla administratora). W stopce ustawia nick pusty, jakby go zupełnie nie było, ale pokazuje, że się jest zalogowanym. Niestety nie wiem, co jest nie tak.
2. Przy ustawieniu ?strona=szukaj pliku ban_search.php, przy wpisaniu jakiejkolwiek frazy do wyszukania i kliknieciu OK, robi redirect'a na plik głowny (z index.php?strona=szukaj na index.php). Zastanawiam się, czy nie pomogla by tutaj tablica GET, która przy uzupełnieniu pola nick dodałaby np: &nick=... Zrobiłbym tak, lecz w PHP to ja pro nie jestem.
Proszę o odpowiedź, bardzo mi na tym zależy.

Użytkownik fastlone edytował ten post 22.06.2010 21:09

[mgr inż. Pavulon]

Aktualnie to nie ma jak ci pomóc bo nie dałeś żadnego kodu a bawić się we wróżkę nie każdy lubi.

[fastlone]

1. Treści plików login.php i login.tpl
login.tpl

<table cellspacing='1' class='listtable' width='100%'>

          <tr>

            <td height='16' colspan='3' class='listtable_top'><b>{"_LOGIN"|lang}</b></td>

          </tr>

					<form name="login" method="post" action="{$this}">

					<input type='hidden' name='remember' value='on'>

          <tr bgcolor="#D3D8DC">

            <td height='16' width='30%' class='listtable_1'>{"_USERNAME"|lang}</td>

            <td height='16' width='65%' class='listtable_1'><input type='text' value='' name='uid' style='font-family: verdana, tahoma, arial; font-size: 10px; width: 150px'></td>

          </tr>

          <tr bgcolor="#D3D8DC">

            <td height='16' width='30%' class='listtable_1'>{"_PASSWORD"|lang}</td>

            <td height='16' width='70%' class='listtable_1'><input type='password' value='' name='pwd' style='font-family: verdana, tahoma, arial; font-size: 10px; width: 150px'></td>

          </tr>

		  <tr bgcolor="#D3D8DC">

            <td height='16' width='30%' class='listtable_1'>&nbsp;</td>

			<td height='16' width='70%' class='listtable_1'><input type='checkbox' value='rememberme' name='remember'>

            {"_REMEMBERME"|lang}</td>

		  </tr>

          <tr bgcolor="#D3D8DC">

            <td height='16' width='30%' class='listtable_1' colspan='2' align='right'><input type='submit' name='login' value=' {"_LOGIN"|lang} ' style='font-family: verdana, tahoma, arial; font-size: 10px;'></td>

          </tr>

         	</form>

        </table>

login.php

<?php

 // Start session

session_start();



include("include/config.inc.php");



if ($config->error_handler == "enabled") {

	include("$config->error_handler_path");

}

require("$config->path_root/include/functions.lang.php");

include("$config->path_root/include/accesscontrol.inc.php");



echo "<script>document.location.href='$config->document_root/'</script>";

?>

2. Plik ban_search.php w załączniku.

Załączone pliki

•  ban_search.php   13,98 KB  43 Ilość pobrań
  

Użytkownik fastlone edytował ten post 23.06.2010 11:26

[Portek]

Otwierasz sesje i nie wysyłasz ciasteczka... pokaż include/accesscontrol.inc.php

[fastlone]

Pliczek accesscontrol.inc.php

<?php

session_start();



require("$config->path_root/include/functions.inc.php");



$uid = mysql_real_escape_string($_POST['uid']);

$pwd = mysql_real_escape_string($_POST['pwd']);

$uip = $_SERVER['REMOTE_ADDR'];



if (empty($uid)) $uid = $_SESSION['uid'];

if (empty($pwd)) $pwd = $_SESSION['pwd'];



if(isset($_COOKIE["amxbans"])) {

	$cook			= explode(":", $_COOKIE["amxbans"]);

	$uid			= $cook[0];

	$pwd			= $cook[1];

	$lvl			= $cook[2];

	$uip			= $cook[3];

	$logcode		= $cook[4];

	$bans_add		= $cook[5];

	$bans_edit		= $cook[6];

	$bans_delete		= $cook[7];

	$bans_unban		= $cook[8];

	$bans_import		= $cook[9];

	$bans_export		= $cook[10];

	$amxadmins_view		= $cook[11];

	$amxadmins_edit		= $cook[12];

	$webadmins_view		= $cook[13];

	$webadmins_edit		= $cook[14];

	$permissions_edit	= $cook[15];

	$prune_db		= $cook[16];

	$servers_edit		= $cook[17];

	$ip_view		= $cook[18];

}

if(empty($uid)) {

	$_SESSION['uid'] = "";

	$_SESSION['pwd'] = "";

	$_SESSION['logcode'] = "";

	

	$title	= "Login";



	$smarty = new dynamicPage;



	$smarty->assign("meta","");

	$smarty->assign("title",$title);

	$smarty->assign("dir",$config->document_root);

	$smarty->assign("this",$_SERVER['PHP_SELF']);

	$smarty->display('main_header.tpl');

	$smarty->display('login.tpl');

	$smarty->display('main_footer.tpl');

	

	exit;

}



if(isset($_COOKIE["amxbans"])) {

	$sql = "SELECT * FROM $config->webadmins AS wa LEFT JOIN $config->levels AS le ON wa.level=le.level WHERE username = '$uid' AND password = '$pwd' AND logcode = '$logcode'";

} else {

	$sql = "SELECT * FROM $config->webadmins AS wa LEFT JOIN $config->levels AS le ON wa.level=le.level WHERE username = '$uid' AND password = md5('$pwd')";

}

$result = mysql_query($sql);

if (!$result)

{

	echo "A database error occurred while checking your login details.<br>Please contact an adminstrator.";

	exit;

}



if (mysql_num_rows($result) == 0)

{	

	$_SESSION['uid'] = "";

	$_SESSION['pwd'] = "";

	$_SESSION['logcode'] = "";

	

	$title	= "Login";



	$smarty = new dynamicPage;



	$smarty->assign("meta","");

	$smarty->assign("title",$title);

	$smarty->assign("dir",$config->document_root);

	$smarty->assign("this",$_SERVER['PHP_SELF']);

	$smarty->display('main_header.tpl');

	echo "<br><font color='#ff0000'><b>Your username or password is incorrect, or you are not an admin.</b></font><br><br>";

	$smarty->display('login.tpl');

	$smarty->display('main_footer.tpl');

	

	$now = date("U");

	$add_log	= mysql_query("INSERT INTO $config->logs (timestamp,ip,username,action,remarks) VALUES ('$now', '$uip', 'unknown', 'admin logins', '$uid failed to login')") or die (mysql_error());

	

	exit;

	}



while ($my_admin = mysql_fetch_array($result))

{

	$lvl			= isset($my_admin['level']) ? $my_admin['level'] : "";

	$bans_add		= $my_admin['bans_add'];

	$bans_edit		= $my_admin['bans_edit'];

	$bans_delete	= $my_admin['bans_delete'];

	$bans_unban		= $my_admin['bans_unban'];

	$bans_import		= $my_admin['bans_import'];

	$bans_export		= $my_admin['bans_export'];

	$amxadmins_view		= $my_admin['amxadmins_view'];

	$amxadmins_edit	= $my_admin['amxadmins_edit'];

	$webadmins_view	= $my_admin['webadmins_view'];

	$webadmins_edit		= $my_admin['webadmins_edit'];

	$permissions_edit	= $my_admin['permissions_edit'];

	$prune_db	= $my_admin['prune_db'];

	$servers_edit		= $my_admin['servers_edit'];

	$ip_view		= $my_admin["ip_view"];



	

	

	if(isset($_POST['remember']) && ($_POST['remember']=="rememberme")) {

	

		$logcode	= md5(GenerateString(8));

		$res		= mysql_query("UPDATE $config->webadmins SET logcode = '$logcode' WHERE username = '$uid'");

		$pwdhash	= md5($pwd);

		$cookiestring	= $uid.":".$pwdhash.":".$lvl.":".$uip.":".$logcode.":".$bans_add.":".$bans_edit.":".$bans_delete.":".$bans_unban.":".$bans_import.":".$bans_export.":".$amxadmins_view.":".$amxadmins_edit.":".$webadmins_view.":".$webadmins_edit.":".$permissions_edit.":".$prune_db.":".$servers_edit.":".$ip_view;

		

		$savecookie=setcookie("amxbans", $cookiestring, time()+60*60*24*7,"$config->document_root/",$_SERVER['SERVER_NAME']);

		

	}

	

	$_SESSION['uid'] = $uid;

	$_SESSION['pwd'] = $pwd;

	$_SESSION['uip'] = $uip;	

	$_SESSION['lvl'] = $lvl;

	$_SESSION['userid'] = $userid;

	$_SESSION['bans_add'] = $bans_add;

	$_SESSION['bans_edit'] = $bans_edit;

	$_SESSION['bans_delete'] = $bans_delete;

	$_SESSION['bans_unban'] = $bans_unban;

	$_SESSION['bans_import'] = $bans_import;

	$_SESSION['bans_export'] = $bans_export;

	$_SESSION['amxadmins_view'] = $amxadmins_view;

	$_SESSION['amxadmins_edit'] = $amxadmins_edit;

	$_SESSION['webadmins_view'] = $webadmins_view;

	$_SESSION['webadmins_edit'] = $webadmins_edit;

	$_SESSION['permissions_edit'] = $permissions_edit;

	$_SESSION['prune_db'] = $prune_db;

	$_SESSION['servers_edit'] = $servers_edit;

	$_SESSION['ip_view'] = $ip_view;

}

?>

Odkryłem też, że przy wpisaniu złych danych nie wyskakuje error, ale też nie pokazuje nazwy użyszkodnika

Użytkownik fastlone edytował ten post 23.06.2010 12:54

[Portek]

Ciacha wysyłane są poprawnie, przeglądarka akceptuje ciasteczka z strony? Być może tutaj jest pies pogrzebany, spróbuj wyczyścić cache (cache + templates_c).

[fastlone]

Wyczyściłem folder templates_c, ale nie ma nigdzie folderu cache.

Do punktu 2.
Sądzę, że przy ustawieniu tamtej strony jako ban_search.php, coś jest nie tak z tymi POST'ami

if ((isset($_POST['nick'])) || (isset($_POST['steamid'])) || (isset($_POST['ip'])) || (isset($_POST['reason'])) || (isset($_POST['date'])) || (isset($_POST['timesbanned'])) || (isset($_POST['admin'])) || (isset($_POST['server']))) {

	$query = "SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip, se.gametype FROM $config->bans AS ba LEFT JOIN $config->servers AS se ON ba.server_ip=se.address WHERE ";
	// Make the array for the active bans list
	if (isset($_POST['nick'])) {
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE player_nick LIKE '%".$_POST['nick']."%' ORDER BY ban_created DESC") or die(mysql_error());
		$nick = mysql_escape_string($_POST['nick']);
		$query .= " player_nick LIKE '%$nick%' ";
	} else if (isset($_POST['steamid']) || isset($_POST['ip'])) {
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE (player_id = '".$_POST['steamid']."' AND ban_type='S' ) OR ( player_ip='".$_POST['ip']."' AND ban_type='SI')  ORDER BY ban_created DESC") or die(mysql_error());
		$steamid = mysql_escape_string($_POST['steamid']);
		$ip = mysql_escape_string($_POST['ip']);
		$query .= " (player_id = '$nick' AND ban_type='S' ) OR ( player_ip='$ip' AND ban_type='SI') ";
	} else if (isset($_POST['reason'])) {
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE ban_reason LIKE '%".$_POST['reason']."%' ORDER BY ban_created DESC") or die(mysql_error());
		$reason = mysql_escape_string($_POST['reason']);
		$query .= " ban_reason LIKE '%$reason%' ORDER BY ban_created DESC ";
	} else if (isset($_POST['date'])) {
		$date		= substr_replace($_POST['date'], '', 2, 1);
		$date		= substr_replace($date, '', 4, 1);
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE FROM_UNIXTIME(ban_created,'%d%m%Y') LIKE '$date' ORDER BY ban_created DESC") or die(mysql_error());
		$date = mysql_escape_string($date);
		$query .= " FROM_UNIXTIME(ban_created,'%d%m%Y') LIKE '$date' ";
	} else if (isset($_POST['timesbanned'])) {
		$bcount = mysql_escape_string($_POST['timesbanned']);
		//Note: Not .=
		$query = "SELECT id, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip, COUNT(*), se.gametype FROM $config->ban_history AS ba LEFT JOIN $config->servers AS se ON ba.server_ip=se.address GROUP BY player_id HAVING COUNT(*) >= '$bcount' ";
	} else if (isset($_POST['admin'])) {
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE admin_id = '".$_POST['admin']."' ORDER BY ban_created DESC") or die(mysql_error());
		$admin = mysql_escape_string($_POST['admin']);
		$query .= " admin_id = '$admin' ";
	} else if (isset($_POST['server'])) {
		// // $resource3	= mysql_query("SELECT bid, player_nick, admin_nick, ban_length, ban_reason, ban_created, server_ip FROM $config->bans WHERE server_ip = '".$_POST['server']."' ORDER BY ban_created DESC") or die(mysql_error());
		$server = mysql_escape_string($_POST['server']);
		$query .= " server_ip = '$server' ";
	} else  {
		echo "KOE";
	}

25 czerwiec 2010 - 11:49:
Jesteście w stanie mi pomóc z tymi problemami?

Użytkownik fastlone edytował ten post 24.06.2010 12:46