dragno_12dk Posted May 12, 2015 Share Posted May 12, 2015 Hello, I have been working on relocating an HTML form from an admin panel over to a new page where anyone can access. However the action will produce a 403 because they cant access the admin panel. so essentially I am trying to scrap the old admin panel to make it into an upload area... Anyways, What I am trying to do is simply remove the login requirement from a page so anyone may access it. However I keep breaking the page when I try to remove the login... here is the PHP where I am trying to remove the password / login requirements so that anyone can access. any help would be awesome!!! <?php 2.function PageMain() { 3. global $TMPL; 4. 5. $time = time()+86400; 6. $exp_time = time()-86400; 7. 8. $TMPL['loginForm'] = ' 9. <form action="/index.php?a=admin" method="post"> 10. Username: <input type="text" name="username" value="admin" /><br /> 11. Password: <input type="password" name="password" value="password" /><br /><br /> 12. <input type="submit" value="Log In" name="login"/> 13. </form> 14. <div class="addurlSmall">Note: The password is case-sensitive.</div>'; 15. 16. if(isset($_POST['login'])) { 17. header("Location: /index.php?a=admin"); 18. $username = $_POST['username']; 19. $password = $_POST['password']; 20. 21. setcookie("username", $username, $time); 22. setcookie("password", $password, $time); 23. 24. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); 25. } elseif(isset($_COOKIE['username']) && isset($_COOKIE['password'])) { 26. $query = sprintf('SELECT * from users where username = "%s" and password ="%s"', mysql_real_escape_string($_COOKIE['username']), md5(mysql_real_escape_string($_COOKIE['password']))); 27. 28. if(mysql_fetch_row(mysql_query($query))) { 29. $TMPL['success'] = '<div class="success">Welcome <strong>'.$_COOKIE['username'].'</strong>, <a href="/index.php?a=admin&logout=1">Log Out</a></div>'; 30. $TMPL['rowsTitle'] = '<h3>Top 15 Keywords</h3><div class="addurlSmall">Delete one or more keywords by clicking the <strong>X</strong> sign.<br /><br /></div>'; 31. $TMPL['loginForm'] = ''; 32. 33. $TMPL_old = $TMPL; $TMPL = array(); 34. $skin = new skin('admin/ads'); $ads = ''; 35. $query = 'SELECT ad1,ad2,ad3 from users'; 36. $result = mysql_query($query); 37. if(isset($_POST['ads1']) || isset($_POST['ads2']) || isset($_POST['ads3'])) { 38. $query = 'UPDATE `users` SET ad1 = \''.$_POST['ads1'].'\', ad2 = \''.$_POST['ads2'].'\', ad3 = \''.$_POST['ads3'].'\' WHERE username = \''.$_COOKIE['username'].'\''; 39. mysql_query($query); 40. header("Location: /index.php?a=admin"); 41. } 42. while($TMPL = mysql_fetch_assoc($result)) { 43. $ads .= $skin->make(); 44. } 45. 46. $skin = new skin('admin/rows'); $all = ''; 47. $query = 'SELECT id,keyword, count from keywords WHERE keyword !="Search..." ORDER BY count DESC LIMIT 0,15'; 48. $result = mysql_query($query); 49. while($TMPL = mysql_fetch_assoc($result)) { 50. $all .= $skin->make(); 51. } 52. if(isset($_GET['delete'])) { 53. $delQuery = 'DELETE from `keywords` where id = '.$_GET['delete'].''; 54. mysql_query($delQuery); 55. header("Location: /index.php?a=admin"); 56. } 57. 58. $skin = new skin('admin/remove'); $remove = ''; 59. 60. if(isset($_POST['remove'])) { 61. $query = 'DELETE from web WHERE id = "'.$_POST['remove'].'"'; 62. mysql_query($query); 63. header("Location: /index.php?a=admin"); 64. } 65. $remove .= $skin->make(); 66. 67. $skin = new skin('admin/title'); $title = ''; 68. 69. $queryTitle = "SELECT title from users where id = '1'"; 70. $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); 71. $TMPL['currentTitle'] = $resultTitle[0]; 72. 73. if(isset($_POST['title'])) { 74. $query = 'UPDATE `users` SET title = \''.$_POST['title'].'\' WHERE username = \''.$_COOKIE['username'].'\''; 75. mysql_query($query); 76. header("Location: /index.php?a=admin"); 77. } 78. $siteTitle .= $skin->make(); 79. 80. $skin = new skin('admin/add'); $title = ''; 81. 82. if(isset($_POST['addtitle']) && isset($_POST['addurl']) && isset($_POST['adddesc'])) { 83. $url = parse_url($_POST['addurl']); 84. $date = date("d M Y"); 85. $query = "INSERT INTO `web` (`url` , `title` , `description`, `date`) VALUES ('http://".$url['host']."', '".$_POST['addtitle']."', '".$_POST['adddesc']."', '".$date."')"; 86. mysql_query($query); 87. header("Location: /index.php?a=admin"); 88. } 89. $add .= $skin->make(); 90. 91. $skin = new skin('admin/password'); $password = ''; 92. if(isset($_POST['pwd'])) { 93. $pwd = md5($_POST['pwd']); 94. $query = 'UPDATE `users` SET password = \''.$pwd.'\' WHERE username = \''.$_COOKIE['username'].'\''; 95. mysql_query($query); 96. header("Location: /index.php?a=admin"); 97. } 98. $password .= $skin->make(); 99. 100. $TMPL = $TMPL_old; unset($TMPL_old); 101. $TMPL['add'] = $add; 102. $TMPL['rows'] = $all; 103. $TMPL['ads'] = $ads; 104. $TMPL['remove'] = $remove; 105. $TMPL['password'] = $password; 106. $TMPL['siteTitle'] = $siteTitle; 107. 108. if(isset($_GET['logout']) == 1) { 109. setcookie('username', '', $exp_time); 110. setcookie('password', '', $exp_time); 111. header("Location: /index.php?a=admin"); 112. } 113. } else { 114. $TMPL['error'] = '<div class="error">Invalid username or password. Remember that the password is case-sensitive.</div>'; 115. unset($_COOKIE['username']); 116. unset($_COOKIE['password']); 117. } 118. } 119. $queryTitle = "SELECT title from users where id = '1'"; 120. $resultTitle = mysql_fetch_row(mysql_query($queryTitle)); 121. 122. $TMPL['title'] = 'Admin - '.$resultTitle[0].''; 123. 124. $skin = new skin('admin/content'); 125. return $skin->make(); 126.} 127.?> Quote Link to comment Share on other sites More sharing options...
piearcy Posted May 12, 2015 Share Posted May 12, 2015 Just looking over it quickly I'm assuming the function PageMain is being called elsewhere and this is what is breaking your page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.