Hello, I have been working on relocating an HTML form from an admin panel over to a new page where anyone can access. However the action will produce a 403 because they cant access the admin panel. so essentially I am trying to scrap the old admin panel to make it into an upload area... Anyways, What I am trying to do is simply remove the login requirement from a page so anyone may access it. However I keep breaking the page when I try to remove the login...
here is the PHP where I am trying to remove the password / login requirements so that anyone can access.
any help would be awesome!!!
<?php
2.function PageMain() {
3. global $TMPL;
4.
5. $time = time()+86400;
6. $exp_time = time()-86400;
7.
8. $TMPL['loginForm'] = '
9. <form action="/index.php?a=admin" method="post">
10. Username: <input type="text" name="username" value="admin" /><br />
11. Password: <input type="password" name="password" value="password" /><br /><br />
12. <input type="submit" value="Log In" name="login"/>
13. </form>
14. <div class="addurlSmall">Note: The password is case-sensitive.</div>';
15.
16. if(isset($_POST['login'])) {
17. header("Location: /index.php?a=admin");
18. $username = $_POST['username'];
19. $password = $_POST['password'];
20.
21. setcookie("username", $username, $time);
22. setcookie("password", $password, $time);
23.
24. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password'])));
25. } elseif(isset($_COOKIE['username']) && isset($_COOKIE['password'])) {
26. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password'])));
27.
28. if(mysql_fetch_row(mysql_query($query))) {
29. $TMPL['success'] = '<div class="success">Welcome <strong>'.$_COOKIE['username'].'</strong>, <a href="/index.php?a=admin&logout=1">Log Out</a></div>';
30. $TMPL['rowsTitle'] = '<h3>Top 15 Keywords</h3><div class="addurlSmall">Delete one or more keywords by clicking the <strong>X</strong> sign.<br /><br /></div>';
31. $TMPL['loginForm'] = '';
32.
33. $TMPL_old = $TMPL; $TMPL = array();
34. $skin = new skin('admin/ads'); $ads = '';
35. $query = 'SELECT ad1,ad2,ad3 from users';
36. $result = mysql_query($query);
37. if(isset($_POST['ads1']) || isset($_POST['ads2']) || isset($_POST['ads3'])) {
38. $query = 'UPDATE `users` SET ad1 = \''.$_POST['ads1'].'\', ad2 = \''.$_POST['ads2'].'\', ad3 = \''.$_POST['ads3'].'\' WHERE username = \''.$_COOKIE['username'].'\'';
39. mysql_query($query);
40. header("Location: /index.php?a=admin");
41. }
42. while($TMPL = mysql_fetch_assoc($result)) {
43. $ads .= $skin->make();
44. }
45.
46. $skin = new skin('admin/rows'); $all = '';
47. $query = 'SELECT id,keyword, count from keywords WHERE keyword !="Search..." ORDER BY count DESC LIMIT 0,15';
48. $result = mysql_query($query);
49. while($TMPL = mysql_fetch_assoc($result)) {
50. $all .= $skin->make();
51. }
52. if(isset($_GET['delete'])) {
53. $delQuery = 'DELETE from `keywords` where id = '.$_GET['delete'].'';
54. mysql_query($delQuery);
55. header("Location: /index.php?a=admin");
56. }
57.
58. $skin = new skin('admin/remove'); $remove = '';
59.
60. if(isset($_POST['remove'])) {
61. $query = 'DELETE from web WHERE id = "'.$_POST['remove'].'"';
62. mysql_query($query);
63. header("Location: /index.php?a=admin");
64. }
65. $remove .= $skin->make();
66.
67. $skin = new skin('admin/title'); $title = '';
68.
69. $queryTitle = "SELECT title from users where id = '1'";
70. $resultTitle = mysql_fetch_row(mysql_query($queryTitle));
71. $TMPL['currentTitle'] = $resultTitle[0];
72.
73. if(isset($_POST['title'])) {
74. $query = 'UPDATE `users` SET title = \''.$_POST['title'].'\' WHERE username = \''.$_COOKIE['username'].'\'';
75. mysql_query($query);
76. header("Location: /index.php?a=admin");
77. }
78. $siteTitle .= $skin->make();
79.
80. $skin = new skin('admin/add'); $title = '';
81.
82. if(isset($_POST['addtitle']) && isset($_POST['addurl']) && isset($_POST['adddesc'])) {
83. $url = parse_url($_POST['addurl']);
84. $date = date("d M Y");
85. $query = "INSERT INTO `web` (`url` , `title` , `description`, `date`) VALUES ('http://".$url['host']."', '".$_POST['addtitle']."', '".$_POST['adddesc']."', '".$date."')";
86. mysql_query($query);
87. header("Location: /index.php?a=admin");
88. }
89. $add .= $skin->make();
90.
91. $skin = new skin('admin/password'); $password = '';
92. if(isset($_POST['pwd'])) {
93. $pwd = md5($_POST['pwd']);
94. $query = 'UPDATE `users` SET password = \''.$pwd.'\' WHERE username = \''.$_COOKIE['username'].'\'';
95. mysql_query($query);
96. header("Location: /index.php?a=admin");
97. }
98. $password .= $skin->make();
99.
100. $TMPL = $TMPL_old; unset($TMPL_old);
101. $TMPL['add'] = $add;
102. $TMPL['rows'] = $all;
103. $TMPL['ads'] = $ads;
104. $TMPL['remove'] = $remove;
105. $TMPL['password'] = $password;
106. $TMPL['siteTitle'] = $siteTitle;
107.
108. if(isset($_GET['logout']) == 1) {
109. setcookie('username', '', $exp_time);
110. setcookie('password', '', $exp_time);
111. header("Location: /index.php?a=admin");
112. }
113. } else {
114. $TMPL['error'] = '<div class="error">Invalid username or password. Remember that the password is case-sensitive.</div>';
115. unset($_COOKIE['username']);
116. unset($_COOKIE['password']);
117. }
118. }
119. $queryTitle = "SELECT title from users where id = '1'";
120. $resultTitle = mysql_fetch_row(mysql_query($queryTitle));
121.
122. $TMPL['title'] = 'Admin - '.$resultTitle[0].'';
123.
124. $skin = new skin('admin/content');
125. return $skin->make();
126.}
127.?>