01-04-06, 12:49
|
# 9
|
|
חבר וותיק
|
ציטוט:
|
נכתב במקור על ידי HaFree-serv
סדרתי את זה עכשיו שי עוד בעייה
PHP קוד:
<?
ob_start();
?>
<STYLE type=text/css>BODY {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 10px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px; FONT-FAMILY: Tahoma
}
SELECT {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 10px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px; FONT-FAMILY: Tahoma
}
INPUT {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 10px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px; FONT-FAMILY: Tahoma
}
TD {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 10px; PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-TOP: 0px; FONT-FAMILY: Tahoma
}
TD {
PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; DIRECTION: rtl; PADDING-TOP: 0px
}
BODY {
SCROLLBAR-FACE-COLOR: white; SCROLLBAR-SHADOW-COLOR: #ffffff; SCROLLBAR-ARROW-COLOR: midnightblue; SCROLLBAR-TRACK-COLOR: #e8e8e8
}
</STYLE>
<?
/*********************/
/*** The Functions ***/
/* Returns the encrypted password of the given string. */
function CalculatePassword($pass)
{
$pass=$pass[0].$pass.$pass[0]; //adding the first letter of the password to the begining and ending of the password string. (For example: "1234" => "112341")
$pass=md5($pass); //encrypts the password
return $pass;
}
/* Checks the user and password for match. Returns a STRING of the password if authorized, FALSE if not allowed. */
function CheckUserGroup($uname)
{
$sql=@mysql_connect('localhost','idan111_radio','12563254') or die("<BR>ERROR: cannot connect to MySQL server!"); //connect to MySQL server
@mysql_select_db("idan111_radio",$sql) or die("<BR>ERROR: cannot use the DB!"); //selects the DB
$cheak=mysql_query("SELECT user_group FROM members WHERE uname='$uname' ");
$cheak_fetch=mysql_fetch_array($cheak);
$group=$cheak_fetch['user_group'];
return $group;
@mysql_close($sql);
}
function CheckUserPassword($uname,$pass,$with_calc=true)
{
global $protect_user_group;
if ($uname=="" || $pass=="") //if empty user or password
return false;
/*** CHANGE: host, user, password and db ***/
$sql=@mysql_connect('localhost','idan111_radio','12563254') or die("<BR>ERROR: cannot connect to MySQL server!"); //connect to MySQL server
@mysql_select_db("idan111_radio",$sql) or die("<BR>ERROR: cannot use the DB!"); //selects the DB
$c_pass=($with_calc==true)?CalculatePassword($pass):$pass; //calculates the password if needed
$res=@mysql_query("SELECT uname FROM members WHERE (user_group='".$protect_user_group."' AND uname='".$uname."' AND pass='".$c_pass."')",$sql) or die("<BR>ERROR: incorrect query!");
if (mysql_num_rows($res)==1) //if we got a row, then we got a match
return $c_pass; //returning a string of the password itself
return false; //if we got to here, we got no row, then there is no match
@mysql_close($sql);
}
/************************/
/*** The Main Program ***/
session_cache_limiter("nocache"); //sets the cache limiter for the session for the current script run (nocache => avoiding from the browser to save the content of the page in his cache, the page refreshes every time you enter)
session_start(); //starting the session
if (!isset($protect_user_group)||($protect_user_group==0))
{
if (isset($_POST["auth_user_"]))
$protect_user_group=CheckUserGroup($_POST["auth_user_"]);
elseif (isset($_SESSION["auth_user_id".'1']))
$protect_user_group=CheckUserGroup($_SESSION["auth_user_id".'1']);
elseif (isset($_SESSION["auth_user_id".'0']))
$protect_user_group=CheckUserGroup($_SESSION["auth_user_id".'0']);
else
$protect_user_group=0;
}
if (!isset($_SESSION["auth_user_id".$protect_user_group]) && !isset($_SESSION["auth_password_id".$protect_user_group])) //if not authorized
{
$us=$_POST["auth_user_"];
$ps=CheckUserPassword($_POST["auth_user_"],$_POST["auth_password_"]);
if ($ps===false) //if user-password is not send or incorrect
{
echo "<DIV align=\"center\" dir=\"rtl\">\n\n";
echo "<B>אתה חייב להתחבר כדי לצפות בדף זה</B><BR><BR>\n\n";
/* Displaying the User-Password Form: */
?>
<FORM action="<?= $_SERVER["PHP_SELF"]; ?>" method="POST">
<TABLE width="596" cellpadding="5" cellspacing="2" border="0" bgcolor="#F9F9F9">
<TR>
<TD colspan="2" bgcolor='#FFFFFF' align="center" width="582">
<u><i><b><font size="4" face="Arial">התחבר לאתר</font></b></i></u></TD>
</TR>
<TR>
<TD width="176" bgcolor="#FFFFFF" align="center">משתמש:</TD>
<TD width="394" bgcolor="#FFFFFF" align="center">
<font color="#FFFFFF">
<INPUT name="auth_user_" value="<?= $us; ?>" style="border:1px dashed #C0C0C0; width:95px; float:right" size="20"></font></TD>
</TR>
<TR>
<TD width="176" bgcolor="#FFFFFF" align="center">ססמא:</TD>
<TD width="394" bgcolor="#FFFFFF" align="center">
<font color="#FFFFFF">
<INPUT type="password" name="auth_password_" style="border:1px dashed #C0C0C0; width:95px; background-image:url(''); float:right" size="20"></font></TD>
</TR>
<TR>
<TD colspan="2" align="center" bgcolor="#FFFFFF" width="582">
<font color="#FFFFFF">
<INPUT type="submit" name="auth_button_enter" value=" התחבר " style="border-style:dotted; border-width:1px; background-color:#F9F9F9"></font></TD>
</TR>
</TABLE>
</FORM>
<?
if (isset($_POST["auth_button_enter"])) //if the user-password form was submitted
echo "<B><FONT color=\"#FF0000\">שם המשתמש והססמא שגויים!</FONT></B><BR><BR>\n";
echo "<b>חובה להיות שדרן או מנהל כדי להיכנס</b>";
echo "</DIV>\n\n";
exit(); //stop the script, avoiding from sending the contents of the page
}
else //if the user-password that was entered is correct
{
$_SESSION["auth_user_id".$protect_user_group]=$us; //saves session variable
$_SESSION["auth_password_id".$protect_user_group]=$ps; //saves session variable
header("Location: ".$_SERVER["PHP_SELF"]); //reloading the page again, to avoid from the POST data of the form to be sent again on refresh
}
}
elseif (CheckUserPassword($_SESSION["auth_user_id".$protect_user_group],$_SESSION["auth_password_id".$protect_user_group],false)===false) //checking the user-password from the session
{
/* If we got to here, then there are user and password saved in the session, but they do not match. */
echo "<DIV align=\"center\" dir=\"rtl\"><H2><FONT color=\"#CC0000\">אינך מורשה להכנס לדף זה !!!</FONT></H2></DIV>\n";
exit(); //stop the script
}
elseif ($_GET["logout"]=="true") //if we want to logout
{
session_unregister("auth_user_id".$protect_user_group); //removing a session variable
session_unregister("auth_password_id".$protect_user_group); //removing a session variable
header("Location: ".$_SERVER["PHP_SELF"]); //reloading the page again, to display the user-password form
}
/* If you got to here, then you are authorized! */
?>
זה עושה לי תבעייה
PHP קוד:
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/****/domains/******/public_html/dash/admin/protect.php:1) in /home/****/domains/****/public_html/dash/admin/protect.php on line 72
|
תנסה זה אמור לפעול |
|
|
|