Jump to content

simple help please

marklarah

By marklarah
in PHP Coding Help

 Share

Recommended Posts

marklarah Regular Member

marklarah

Posted
Posted

This is probably simple....I have a script, which basically, is that the whole page needs to have authentication. Im not sure what the error is here. To use the page, upon loading it up, you need to enter a password. Then you can do stuff like upload a file. The problem is, NOTHING is showing up :(

<?php
session_start();
$title = "Admin";
include "header.inc.php";



if (!isset($_SESSION['auth'])){

echo '<form action="" method="post"><b>Password: <input type="password" name="pass"><br><input type="submit" value="Go"></form>';
}else{

if (isset($_POST['pass'])){
$pass = md5($_POST['pass']);
$hash = "1eaba0ffd53eee59e30211ae9c31df84";

if ($pass != $hash){
echo "Wrong Password.";
}else{
$_SESSION['auth'] = "Mr. Squiggly Cat";
} 

?>
Welcome to the admin area. If you have acessed this page by any other means than the normal one, please leave now.<br><br>
<big><b><u>Shrubberies Times Upload</u></b></big><br><br>
Here is where you can upload the shrubberies times to the website, so that others can download.<br><br>

<?
if(!isset($_POST['done'])){
?>
<form enctype="multipart/form-data" action="" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input type="hidden" name="done" value="done">
Choose the document: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
<?
}else{

$target = "35635636/";




function findexts ($filename) 
{ 
$filename = strtolower($filename) ; 
$exts = split("[/\\.]", $filename) ; 
$n = count($exts)-1; 
$exts = $exts[$n]; 
return $exts; 
} 

$ext = findexts ($_FILES['uploadedfile']['name']) ; 

$newname = "shrub.";

$target = $target . $newname.$ext;



if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target)) 
{
echo "The file has been uploaded successfully!";
} 
else
{
echo "Error uploading file.";
}

}




?>
<?php
include "footer.inc.php";
?>

 

To clarify, there is no errors showing up. Just a blank page.

Link to comment
Share on other sites
marklarah Regular Member

marklarah

Posted
  • Author
Posted

Okay, now what should shows up shows up. Although, I enter a password, right and wrong, it doesn't do anything. I had to add an extra "}" at the end, but im not sure which "if" it belongs to...

 

Current code:

<?php
session_start();
$title = "Admin";
include "header.inc.php";


if ((!isset($_SESSION['auth'])) && (!isset($_SESSION['auth'])))
{

echo '<form action="" method="post"><b>Password: <input type="password" name="pass"><br><input type="submit" value="Go"></form>';

}else{

if (!isset($_SESSION['auth']))
{

$pass = md5($_POST['pass']);

$hash = "06908fd3201e81e0e151268842a954d9";

if ($pass != $hash)
	{
echo "Wrong Password.";
	}else{
$_SESSION['auth'] = "Mr. Squiggly Cat";

?>
Welcome to the admin area. If you have acessed this page by any other means than the normal one, please leave now.<br><br>
<big><b><u>Shrubberies Times Upload</u></b></big><br><br>
Here is where you can upload the shrubberies times to the website, so that others can download.<br><br>

<?
if(!isset($_POST['done']))
		{

?>
<form enctype="multipart/form-data" action="" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
<input type="hidden" name="done" value="done">
Choose the document: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
<?
		}else{

$target = "35635636/";




function findexts ($filename) 
{ 
$filename = strtolower($filename) ; 
$exts = split("[/\\.]", $filename) ; 
$n = count($exts)-1; 
$exts = $exts[$n]; 
return $exts; 
} 

$ext = findexts ($_FILES['uploadedfile']['name']) ; 

$newname = "shrub.";

$target = $target . $newname.$ext;



if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target)) 
{
echo "The file has been uploaded successfully!";
} 
else
{
echo "Error uploading file.";
}






		} 
	}
}
}
include "footer.inc.php";
?>

 

Link to comment
Share on other sites
Fadion Newbie

Fadion

Posted
Posted

Can you explain this part:

 

<?php
if((!isset($_SESSION['auth'])) && (!isset($_SESSION['auth']))){
     echo '<form action="" method="post"><b>Password: <input type="password" name="pass"><br><input type="submit" value="Go"></form>';
}else{
     if(!isset($_SESSION['auth'])){
          $pass = md5($_POST['pass']);

 

Double check the session, else check the session again. It makes no sense, no matter how hard I try. It could be like this:

 

<?php
if(!isset($_SESSION['auth'])){
     //show form
} else{
     if(isset($_POST['pass'])){
          if(md5($_POST['pass']) == 'somehash'){
               //show the admin panel
          } else{
               echo 'Password incorrect';
          }
     } else{
          //i dont know what you're showing here
     }
}
?>

 

The above approach should be the right way, but managing such a code is a killer. Use different pages, like login.php, admin.php, or at least have different included files for each section. You are getting problems writing and debugging it now, imagine after 2 months.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.