Jambuster Posted August 19, 2010 Share Posted August 19, 2010 Okay, I downloaded a PHP Script called RadiPanel which is a User System type thing and uploaded and installed it to my website. Now The problem with RadiPanel is, I have to add users/members to it as there is no registration process. So within the Admin page on RadiPanel I have taken the script out, now when I try view it as a "non logged in" user it just shows a white blank page, I was wondering if anyone here could determine just from the code below what I have to take out/delete in order for the public to view the page fully? Thanks guys <?php if( !preg_match( "/index.php/i", $_SERVER['PHP_SELF'] ) ) { die(); } if( $_GET['id'] ) { $id = $core->clean( $_GET['id'] ); $query = $db->query( "SELECT * FROM users WHERE id = '{$id}'" ); $data = $db->assoc( $query ); $data['ugroups'] = explode( ",", $data['usergroups'] ); $editid = $data['id']; } ?> <form action="" method="post" id="addUser"> </div> <?php if( $_POST['submit'] ) { try { $username = $core->clean( $_POST['username'] ); $password = $core->clean( $_POST['password'] ); $email = $core->clean( $_POST['email'] ); $habbo = $core->clean( $_POST['habbo'] ); $dgroup = $core->clean( $_POST['dgroup'] ); $query = $db->query( "SELECT * FROM usergroups" ); while( $array = $db->assoc( $query ) ) { if( $_POST['ugroup-' . $array['id']] ) { $ugroups .= $array['id'] . ","; } } $password_enc = $core->encrypt( $password ); if( !$username or ( !$password and !$editid ) or !$dgroup or !$ugroups ) { throw new Exception( "All fields are required." ); } else { if( $editid ) { if( $password ) { $password = ", password = '{$password_enc}'"; } else { unset( $password ); } $db->query( "UPDATE users SET username = '{$username}'{$password}, email = '{$email}', habbo = '{$habbo}', displaygroup = '{$dgroup}', usergroups = '{$ugroups}' WHERE id = '{$editid}'" ); } else { $db->query( "INSERT INTO users VALUES (NULL, '{$username}', '{$password_enc}', '{$email}', '{$habbo}', '{$dgroup}', '{$ugroups}');" ); } echo "<div class=\"square good\">"; echo "<strong>Success</strong>"; echo "<br />"; echo "User added!"; echo "</div>"; } } catch( Exception $e ) { echo "<div class=\"square bad\">"; echo "<strong>Error</strong>"; echo "<br />"; echo $e->getMessage(); echo "</div>"; } } ?> <table width="100%" cellpadding="3" cellspacing="0"> <?php $query = $db->query( "SELECT * FROM usergroups" ); while( $array = $db->assoc( $query ) ) { if( in_array( $array['id'], $data['ugroups'] ) ) { $groups[$array['id'] . '_active'] = $array['name']; } else { $groups[$array['id']] = $array['name']; } if( $array['id'] == $data['displaygroup'] ) { $dgroups[$array['id'] . '_active'] = $array['name']; } else { $dgroups[$array['id']] = $array['name']; } } echo $core->buildField( "text", "required", "username", "Username", "The new username.", $data['username'] ); echo $core->buildField( "password", "<?php if( !$editid ) { ?>required<?php } ?>", "password", "Password", "The new password." ); echo $core->buildField( "text", "", "email", "Email", "The new email (optional).", $data['email'] ); echo $core->buildField( "text", "", "habbo", "Habbo name", "The new Habbo name (optional).", $data['habbo'] ); echo $core->buildField( "select", "required", "dgroup", "Display group", "The user's display group.", $dgroups ); echo $core->buildField( "checkbox", "required", "ugroup", "Active usergroups", "The user's active groups.", $groups ); ?> </table> </div> <div class="box" align="right"> <input class="button" type="submit" name="submit" value="Submit" /> </div> </form> <?php echo $core->buildFormJS('addUser'); ?> Link to comment https://forums.phpfreaks.com/topic/211226-register-help/ Share on other sites More sharing options...
btherl Posted August 19, 2010 Share Posted August 19, 2010 Is that the entire script? I don't see where $core and $db are defined. Also is the script named "index.php"? The first line there will exit if that is not the script's name. You might want to add this at the top: ini_set('display_errors', 1); And see if you get something useful. Link to comment https://forums.phpfreaks.com/topic/211226-register-help/#findComment-1101461 Share on other sites More sharing options...
Jambuster Posted August 20, 2010 Author Share Posted August 20, 2010 No it's not the full script. Also this page runs fine when I am logged into the system, but when not logged in this page is blocked, therefore just a blank white page, so I was wondering how i'd remove the block and make it public? Also here is the index.php & user.inc.php below if anyone can help that would be great! index.php <?php require_once( "_inc/glob.php" ); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8" /> <title>radiPanel</title> <script type="text/javascript" src="_js/prototype.js"></script> <script type="text/javascript" src="_js/scriptaculous.js"></script> <script type="text/javascript" src="_js/validation.js"></script> <script type="text/javascript" src="_js/radi.js"></script> <style type="text/css" media="screen">@import url('_img/style.css');</style> </head> <body> <?php if( $user->loggedIn ) { ?> <div style="width: 800px; margin: auto;"> <div> <div style="float: right; width: 500px; text-align: right; padding-top: 12px;"> Welcome, <strong><?php echo $user->data['fullUsername']; ?></strong>! </div> <big>radiPanel</big> </div> <div style="float: left; width: 200px;"> <?php $url = $_GET['url'] ? $core->clean( $_GET['url'] ) : 'core.home'; $query3 = $db->query( "SELECT * FROM menu WHERE url = '{$url}'" ); $array3 = $db->assoc( $query3 ); if( !$array3['usergroup'] ) { $array3['usergroup'] = "invalid"; } $query = $db->query( "SELECT * FROM usergroups ORDER BY weight ASC" ); while( $array = $db->assoc( $query ) ) { if( in_array( $array['id'], $user->data['uGroupArray'] ) ) { ?> <div class="box"> <div class="square menu" style="background: #<?php echo $array['colour']; ?>;" onclick="Radi.menuToggle('<?php echo $array['id']; ?>');"> <img id="menutoggle_<?php echo $array['id']; ?>" class="menutoggle" src="_img/<?php echo ( $array['id'] != $array3['usergroup'] ) ? 'plus' : 'minus'; ?>_white.png" alt="Toggle" align="right" /> <strong><?php echo $array['name']; ?></strong> </div> <div class="menuitems"<?php if( $array['id'] != $array3['usergroup'] ) { ?> style="display: none;"<?php } ?> id="mitems_<?php echo $array['id']; ?>"> <?php $query2 = $db->query( "SELECT * FROM menu WHERE usergroup = '{$array['id']}' ORDER BY weight ASC" ); $i = "a"; while( $array2 = $db->assoc( $query2 ) ) { ?> <a href="<?php echo $array2['url']; ?>" class="<?php echo $i; ?>"> <?php echo $array2['text']; ?> </a> <?php $i++; if( $i == "c" ) { $i = "a"; } } ?> </div> </div><br> <?php } } ?> </div> <br> <div style="float: left; width: 590px; padding-left: 10px;"> <?php if( !in_array( $array3['usergroup'], $user->data['uGroupArray'] ) ) { echo "Permission denied."; } elseif( !@include_once( $array3['resource'] ) ) { echo "Error has occurred looking for " . $array3['resource']; } ?> </div> <br clear="all" /> </div> <?php } else { ?> <div style="width: 500px; margin: auto;"> <big> Log in </big> <form method="post" action="" id="login"> <div class="box"> <?php if( $_POST['submit'] ) { try { $username = $_POST['username']; $password = $_POST['password']; $user->login( $username, $password ); echo $core->redirect( "?" ); } catch( UserException $e ) { echo "<div class=\"square bad\">"; echo "<strong>Error</strong>"; echo "<br />"; echo $e->getMessage(); echo "</div>"; } } ?> <table width="100%" cellpadding="3" cellspacing="0"> <?php echo $core->buildField( "text", "required", "username", "Username", "Your username." ); echo $core->buildField( "password", "required", "password", "Password", "Your password." ); ?> </table> </div> <div class="box" align="right"> <input class="button" type="submit" name="submit" value="Log in" /> </div> </form> </div> </div> <?php echo $core->buildFormJS("login"); } ?> </body> </html> user.inc.php <?php class UserException extends Exception { } class User { private $sessionID; public $sessionData; public $data; public $loggedIn; /** * Constructor - forms session and loads session data. * @global $db * @global $core */ public function __construct() { global $db, $core; $this->clearUpSessions(); $this->sessionID = $core->encrypt( session_id() ); $this->createSession(); $query = $db->query( "SELECT * FROM sessions WHERE session_id = '{$this->sessionID}'" ); $this->sessionData = $db->assoc( $query ); if( $this->sessionData['user_id'] ) { $this->loggedIn = true; $query = $db->query( "SELECT * FROM users WHERE id = '{$this->sessionData['user_id']}'" ); $this->data = $db->assoc( $query ); $this->data['uGroupArray'] = explode( ",", $this->data['usergroups'] ); $query = $db->query("SELECT * FROM usergroups WHERE id = '{$this->data['displaygroup']}'"); $array = $db->assoc($query); $this->data['usergroup'] = $array; $this->data['fullUsername'] = "<span style=\"color: #{$array['colour']}\">" . $this->data['username'] . "</span>"; } } private function createSession() { global $db, $core; $query = $db->query( "SELECT * FROM sessions WHERE session_id = '{$this->sessionID}'" ); $num = $db->num( $query ); if( $num == 0 ) { $time = time(); $db->query( "INSERT INTO sessions VALUES ( NULL, '{$this->sessionID}', '0', '{$time}' );" ); } else { $oldID = $this->sessionID; session_regenerate_id(); $newID = $core->encrypt( session_id() ); $time = time(); $db->query( "UPDATE sessions SET session_id = '{$newID}', stamp = '{$time}' WHERE session_id = '{$oldID}'" ); $this->sessionID = $newID; } } public function hasGroup( $id ) { if( in_array( $id, $this->data['uGroupArray'] ) ) { return true; } else { return false; } } private function clearUpSessions() { global $params, $db; $time = strtotime( "{$params['user']['timeout']} ago" ); $db->query( "DELETE FROM sessions WHERE stamp < '{$time}'" ); } public function destroySession() { global $db; $db->query( "DELETE FROM sessions WHERE session_id = '{$this->sessionID}'" ); } private function assignUser( $id ) { global $db; $db->query( "UPDATE sessions SET user_id = '{$id}' WHERE session_id = '{$this->sessionID}'" ); } public function login( $username, $password ) { global $core, $db; $username = $core->clean( $username ); $password = $core->clean( $password ); $password_enc = $core->encrypt( $password ); $query = $db->query("SELECT * FROM users WHERE username = '{$username}' AND password = '{$password_enc}'"); $array = $db->assoc($query); $num = $db->num($query); if( !$username or !$password ) { throw new UserException( 'All fields are required.' ); } elseif( $num != 1 ) { throw new UserException( 'Invalid username/password.' ); } else { $this->assignUser( $array['id'] ); return true; } } } $user = new User(); ?> Hope someone can help Link to comment https://forums.phpfreaks.com/topic/211226-register-help/#findComment-1101894 Share on other sites More sharing options...
oliverj777 Posted August 20, 2010 Share Posted August 20, 2010 When you click logout - does it take you back to the index.php (but shows as a blank page?) Link to comment https://forums.phpfreaks.com/topic/211226-register-help/#findComment-1101923 Share on other sites More sharing options...
oliverj777 Posted August 20, 2010 Share Posted August 20, 2010 Okay, I may of solved it. Just copy and paste this code and see if it works --> <?php require_once( "_inc/glob.php" ); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-type" content="text/html; charset=UTF-8" /> <title>radiPanel</title> <script type="text/javascript" src="_js/prototype.js"></script> <script type="text/javascript" src="_js/scriptaculous.js"></script> <script type="text/javascript" src="_js/validation.js"></script> <script type="text/javascript" src="_js/radi.js"></script> <style type="text/css" media="screen">@import url('_img/style.css');</style> </head> <body> <?php //This is what is causing the problem .. the script is checking to see if the person is logged in --> //if( $user->loggedIn ) { ?> <div style="width: 800px; margin: auto;"> <div> <div style="float: right; width: 500px; text-align: right; padding-top: 12px;"> Welcome, <strong><?php echo $user->data['fullUsername']; ?></strong>! </div> <big>radiPanel</big> </div> <div style="float: left; width: 200px;"> <?php $url = $_GET['url'] ? $core->clean( $_GET['url'] ) : 'core.home'; $query3 = $db->query( "SELECT * FROM menu WHERE url = '{$url}'" ); $array3 = $db->assoc( $query3 ); if( !$array3['usergroup'] ) { $array3['usergroup'] = "invalid"; } $query = $db->query( "SELECT * FROM usergroups ORDER BY weight ASC" ); while( $array = $db->assoc( $query ) ) { if( in_array( $array['id'], $user->data['uGroupArray'] ) ) { ?> <div class="box"> <div class="square menu" style="background: #<?php echo $array['colour']; ?>;" onclick="Radi.menuToggle('<?php echo $array['id']; ?>');"> <img id="menutoggle_<?php echo $array['id']; ?>" class="menutoggle" src="_img/<?php echo ( $array['id'] != $array3['usergroup'] ) ? 'plus' : 'minus'; ?>_white.png" alt="Toggle" align="right" /> <strong><?php echo $array['name']; ?></strong> </div> <div class="menuitems"<?php if( $array['id'] != $array3['usergroup'] ) { ?> style="display: none;"<?php } ?> id="mitems_<?php echo $array['id']; ?>"> <?php $query2 = $db->query( "SELECT * FROM menu WHERE usergroup = '{$array['id']}' ORDER BY weight ASC" ); $i = "a"; while( $array2 = $db->assoc( $query2 ) ) { ?> <a href="<?php echo $array2['url']; ?>" class="<?php echo $i; ?>"> <?php echo $array2['text']; ?> </a> <?php $i++; if( $i == "c" ) { $i = "a"; } } ?> </div> </div><br> <?php } } ?> </div> <br> <div style="float: left; width: 590px; padding-left: 10px;"> <?php if( !in_array( $array3['usergroup'], $user->data['uGroupArray'] ) ) { echo "Permission denied."; } elseif( !@include_once( $array3['resource'] ) ) { echo "Error has occurred looking for " . $array3['resource']; } ?> </div> <br clear="all" /> </div> <?php } // Below is what a unlogged in person will see - if you want, you may want to remove the below HTML --> //else { ?> <!------------ remove all this from here -------------> <div style="width: 500px; margin: auto;"> <big> Log in </big> <form method="post" action="" id="login"> <div class="box"> <?php /* if( $_POST['submit'] ) { try { $username = $_POST['username']; $password = $_POST['password']; $user->login( $username, $password ); echo $core->redirect( "?" ); } catch( UserException $e ) { echo "<div class=\"square bad\">"; echo "<strong>Error</strong>"; echo "<br />"; echo $e->getMessage(); echo "</div>"; } } */ ?> <table width="100%" cellpadding="3" cellspacing="0"> <?php /* echo $core->buildField( "text", "required", "username", "Username", "Your username." ); echo $core->buildField( "password", "required", "password", "Password", "Your password." ); */ ?> </table> </div> <div class="box" align="right"> <input class="button" type="submit" name="submit" value="Log in" /> </div> </form> </div> </div> <!----------------------- to here ------------------------> <?php echo $core->buildFormJS("login"); } ?> </body> </html> Link to comment https://forums.phpfreaks.com/topic/211226-register-help/#findComment-1101926 Share on other sites More sharing options...
Jambuster Posted August 22, 2010 Author Share Posted August 22, 2010 Nope that hasn't solved anything, thanks for taking the time to try, I can view index.php but I want to view addUser.php without being logged in, (make anyone who comes to the page be able to view it) which I posted on the first page. Can anyone help? Link to comment https://forums.phpfreaks.com/topic/211226-register-help/#findComment-1102353 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.