Jump to content

dragno_12dk

New Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

dragno_12dk's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. dragno_12dk
    Hello, I have been working on relocating an HTML form from an admin panel over to a new page where anyone can access. However the action will produce a 403 because they cant access the admin panel. so essentially I am trying to scrap the old admin panel to make it into an upload area... Anyways, What I am trying to do is simply remove the login requirement from a page so anyone may access it. However I keep breaking the page when I try to remove the login... here is the PHP where I am trying to remove the password / login requirements so that anyone can access. any help would be awesome!!! <?php 2.function PageMain() { 3. global $TMPL; 4. 5. $time = time()+86400; 6. $exp_time = time()-86400; 7. 8. $TMPL['loginForm'] = ' 9. <form action="/index.php?a=admin" method="post"> 10. Username: <input type="text" name="username" value="admin" /><br /> 11. Password: <input type="password" name="password" value="password" /><br /><br /> 12. <input type="submit" value="Log In" name="login"/> 13. </form> 14. <div class="addurlSmall">Note: The password is case-sensitive.</div>'; 15. 16. if(isset($_POST['login'])) { 17. header("Location: /index.php?a=admin"); 18. $username = $_POST['username']; 19. $password = $_POST['password']; 20. 21. setcookie("username", $username, $time); 22. setcookie("password", $password, $time); 23. 24. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); 25. } elseif(isset($_COOKIE['username']) && isset($_COOKIE['password'])) { 26. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); 27. 28. if(mysql_fetch_row(mysql_query($query))) { 29. $TMPL['success'] = '<div class="success">Welcome <strong>'.$_COOKIE['username'].'</strong>, <a href="/index.php?a=admin&logout=1">Log Out</a></div>'; 30. $TMPL['rowsTitle'] = '<h3>Top 15 Keywords</h3><div class="addurlSmall">Delete one or more keywords by clicking the <strong>X</strong> sign.<br /><br /></div>'; 31. $TMPL['loginForm'] = ''; 32. 33. $TMPL_old = $TMPL; $TMPL = array(); 34. $skin = new skin('admin/ads'); $ads = ''; 35. $query = 'SELECT ad1,ad2,ad3 from users'; 36. $result = mysql_query($query); 37. if(isset($_POST['ads1']) || isset($_POST['ads2']) || isset($_POST['ads3'])) { 38. $query = 'UPDATE `users` SET ad1 = \''.$_POST['ads1'].'\', ad2 = \''.$_POST['ads2'].'\', ad3 = \''.$_POST['ads3'].'\' WHERE username = \''.$_COOKIE['username'].'\''; 39. mysql_query($query); 40. header("Location: /index.php?a=admin"); 41. } 42. while($TMPL = mysql_fetch_assoc($result)) { 43. $ads .= $skin->make(); 44. } 45. 46. $skin = new skin('admin/rows'); $all = ''; 47. $query = 'SELECT id,keyword, count from keywords WHERE keyword !="Search..." ORDER BY count DESC LIMIT 0,15'; 48. $result = mysql_query($query); 49. while($TMPL = mysql_fetch_assoc($result)) { 50. $all .= $skin->make(); 51. } 52. if(isset($_GET['delete'])) { 53. $delQuery = 'DELETE from `keywords` where id = '.$_GET['delete'].''; 54. mysql_query($delQuery); 55. header("Location: /index.php?a=admin"); 56. } 57. 58. $skin = new skin('admin/remove'); $remove = ''; 59. 60. if(isset($_POST['remove'])) { 61. $query = 'DELETE from web WHERE id = "'.$_POST['remove'].'"'; 62. mysql_query($query); 63. header("Location: /index.php?a=admin"); 64. } 65. $remove .= $skin->make(); 66. 67. $skin = new skin('admin/title'); $title = ''; 68. 69. $queryTitle = "SELECT title from users where id = '1'"; 70. $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); 71. $TMPL['currentTitle'] = $resultTitle[0]; 72. 73. if(isset($_POST['title'])) { 74. $query = 'UPDATE `users` SET title = \''.$_POST['title'].'\' WHERE username = \''.$_COOKIE['username'].'\''; 75. mysql_query($query); 76. header("Location: /index.php?a=admin"); 77. } 78. $siteTitle .= $skin->make(); 79. 80. $skin = new skin('admin/add'); $title = ''; 81. 82. if(isset($_POST['addtitle']) && isset($_POST['addurl']) && isset($_POST['adddesc'])) { 83. $url = parse_url($_POST['addurl']); 84. $date = date("d M Y"); 85. $query = "INSERT INTO `web` (`url` , `title` , `description`, `date`) VALUES ('http://".$url['host']."', '".$_POST['addtitle']."', '".$_POST['adddesc']."', '".$date."')"; 86. mysql_query($query); 87. header("Location: /index.php?a=admin"); 88. } 89. $add .= $skin->make(); 90. 91. $skin = new skin('admin/password'); $password = ''; 92. if(isset($_POST['pwd'])) { 93. $pwd = md5($_POST['pwd']); 94. $query = 'UPDATE `users` SET password = \''.$pwd.'\' WHERE username = \''.$_COOKIE['username'].'\''; 95. mysql_query($query); 96. header("Location: /index.php?a=admin"); 97. } 98. $password .= $skin->make(); 99. 100. $TMPL = $TMPL_old; unset($TMPL_old); 101. $TMPL['add'] = $add; 102. $TMPL['rows'] = $all; 103. $TMPL['ads'] = $ads; 104. $TMPL['remove'] = $remove; 105. $TMPL['password'] = $password; 106. $TMPL['siteTitle'] = $siteTitle; 107. 108. if(isset($_GET['logout']) == 1) { 109. setcookie('username', '', $exp_time); 110. setcookie('password', '', $exp_time); 111. header("Location: /index.php?a=admin"); 112. } 113. } else { 114. $TMPL['error'] = '<div class="error">Invalid username or password. Remember that the password is case-sensitive.</div>'; 115. unset($_COOKIE['username']); 116. unset($_COOKIE['password']); 117. } 118. } 119. $queryTitle = "SELECT title from users where id = '1'"; 120. $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); 121. 122. $TMPL['title'] = 'Admin - '.$resultTitle[0].''; 123. 124. $skin = new skin('admin/content'); 125. return $skin->make(); 126.} 127.?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.