Jump to content

Recommended Posts

Hello, I have been working on relocating an HTML form from an admin panel over to a new page where anyone can access. However the action will produce a 403 because they cant access the admin panel. so essentially I am trying to scrap the old admin panel to make it into an upload area... Anyways, What I am trying to do is simply remove the login requirement from a page so anyone may access it. However I keep breaking the page when I try to remove the login...

 

here is the PHP where I am trying to remove the password / login requirements so that anyone can access.

 

any help would be awesome!!! :geek:

<?php
2.function PageMain() {
3.	global $TMPL;
4.	
5.	$time = time()+86400;
6.	$exp_time = time()-86400;
7.	
8.	$TMPL['loginForm'] = '
9.	<form action="/index.php?a=admin" method="post">
10.	Username: <input type="text" name="username" value="admin" /><br />
11.	Password: <input type="password" name="password" value="password" /><br /><br />
12.	<input type="submit" value="Log In" name="login"/>
13.	</form>
14.	<div class="addurlSmall">Note: The password is case-sensitive.</div>';
15.	
16.	if(isset($_POST['login'])) {
17.		header("Location: /index.php?a=admin");
18.		$username = $_POST['username'];
19.		$password = $_POST['password'];
20.		
21.		setcookie("username", $username, $time);
22.		setcookie("password", $password, $time);
23.				
24.		$query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password'])));
25.	} elseif(isset($_COOKIE['username']) && isset($_COOKIE['password'])) { 
26.		$query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password'])));
27.	
28.		if(mysql_fetch_row(mysql_query($query))) {
29.			$TMPL['success'] = '<div class="success">Welcome <strong>'.$_COOKIE['username'].'</strong>, <a href="/index.php?a=admin&logout=1">Log Out</a></div>';
30.			$TMPL['rowsTitle'] = '<h3>Top 15 Keywords</h3><div class="addurlSmall">Delete one or more keywords by clicking the <strong>X</strong> sign.<br /><br /></div>';
31.			$TMPL['loginForm'] = '';
32.			
33.			$TMPL_old = $TMPL; $TMPL = array();
34.			$skin = new skin('admin/ads'); $ads = '';
35.			$query = 'SELECT ad1,ad2,ad3 from users';
36.			$result = mysql_query($query);
37.			if(isset($_POST['ads1']) || isset($_POST['ads2']) || isset($_POST['ads3'])) {
38.				$query = 'UPDATE `users` SET ad1 = \''.$_POST['ads1'].'\', ad2 = \''.$_POST['ads2'].'\', ad3 = \''.$_POST['ads3'].'\' WHERE username = \''.$_COOKIE['username'].'\'';
39.				mysql_query($query);
40.				header("Location: /index.php?a=admin");
41.			}
42.			while($TMPL = mysql_fetch_assoc($result)) {	
43.				$ads .= $skin->make();
44.			}
45.			
46.			$skin = new skin('admin/rows'); $all = '';
47.			$query = 'SELECT id,keyword, count from keywords WHERE keyword !="Search..." ORDER BY count DESC LIMIT 0,15';
48.			$result = mysql_query($query);
49.			while($TMPL = mysql_fetch_assoc($result)) {	
50.				$all .= $skin->make();
51.			}
52.				if(isset($_GET['delete'])) {
53.					$delQuery = 'DELETE from `keywords` where id = '.$_GET['delete'].'';
54.					mysql_query($delQuery);
55.					header("Location: /index.php?a=admin");
56.				}
57.			
58.			$skin = new skin('admin/remove'); $remove = '';
59.			
60.			if(isset($_POST['remove'])) {
61.				$query = 'DELETE from web WHERE id = "'.$_POST['remove'].'"';
62.				mysql_query($query);
63.				header("Location: /index.php?a=admin");
64.			}
65.			$remove .= $skin->make();
66.			
67.			$skin = new skin('admin/title'); $title = '';
68.			
69.			$queryTitle = "SELECT title from users where id = '1'";
70.			$resultTitle = mysql_fetch_row(mysql_query($queryTitle));	
71.			$TMPL['currentTitle'] = $resultTitle[0];
72.			
73.			if(isset($_POST['title'])) {
74.				$query = 'UPDATE `users` SET title = \''.$_POST['title'].'\' WHERE username = \''.$_COOKIE['username'].'\'';
75.				mysql_query($query);
76.				header("Location: /index.php?a=admin");
77.			}
78.			$siteTitle .= $skin->make();
79.			
80.			$skin = new skin('admin/add'); $title = '';
81.			
82.			if(isset($_POST['addtitle']) && isset($_POST['addurl']) && isset($_POST['adddesc'])) {
83.				$url = parse_url($_POST['addurl']);
84.				$date = date("d M Y");
85.				$query = "INSERT INTO `web` (`url` ,  `title` ,  `description`, `date`) VALUES ('http://".$url['host']."', '".$_POST['addtitle']."', '".$_POST['adddesc']."', '".$date."')";
86.				mysql_query($query);
87.				header("Location: /index.php?a=admin");
88.			}
89.			$add .= $skin->make();
90.						
91.			$skin = new skin('admin/password'); $password = '';
92.			if(isset($_POST['pwd'])) {
93.				$pwd = md5($_POST['pwd']);
94.				$query = 'UPDATE `users` SET password = \''.$pwd.'\' WHERE username = \''.$_COOKIE['username'].'\'';
95.				mysql_query($query);
96.				header("Location: /index.php?a=admin");
97.			}
98.			$password .= $skin->make();
99.		
100.			$TMPL = $TMPL_old; unset($TMPL_old);
101.			$TMPL['add'] = $add;
102.			$TMPL['rows'] = $all;
103.			$TMPL['ads'] = $ads;
104.			$TMPL['remove'] = $remove;
105.			$TMPL['password'] = $password;
106.			$TMPL['siteTitle'] = $siteTitle;
107.			
108.			if(isset($_GET['logout']) == 1) {
109.				setcookie('username', '', $exp_time);
110.				setcookie('password', '', $exp_time);
111.				header("Location: /index.php?a=admin");
112.				}
113.			} else { 
114.			$TMPL['error'] = '<div class="error">Invalid username or password. Remember that the password is case-sensitive.</div>';
115.			unset($_COOKIE['username']);
116.			unset($_COOKIE['password']);
117.		}			
118.	}
119.	$queryTitle = "SELECT title from users where id = '1'";
120.	$resultTitle = mysql_fetch_row(mysql_query($queryTitle));
121.	
122.	$TMPL['title'] = 'Admin - '.$resultTitle[0].'';
123. 
124.	$skin = new skin('admin/content');
125.	return $skin->make();
126.}
127.?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.