|
Bartek
Billie Joe Armstrong
| Dołączył: 12 Mar 2006 |
| Posty: 516 |
Przeczytał: 0 tematów
|
Ostrzeżeń: 1/5
|
| Skąd: Radlin |
|
|
 Wysłany: Sob 21:11, 15 Kwi 2006 |
|
 |
|
|
|
Skrypt do zabezpieczenie swojej strony hasłem Panel Admina!!
admin.php
<?php
include "auth.inc.php";
verifyAccess(0);
?>
<html>
<style>
TD.HEAD { font-family : Arial; font-weight: bold; font-size: 9pt; color: white; background: black; }
TD.ROW { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: white; }
TD.FOOT { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: #DDDDDD; text-align:center}
</style>
<script>
function editUser(n) {
url = "admin_edituser.php?name="+n;
var dummy = window.open(url,"EditUser","width=300,height=130");
}
function delUser(n) {
url = "admin_deluser.php?name="+n;
var dummy = window.open(url,"DelUser","width=300,height=130");
}
function addUser() {
url = "admin_adduser.php";
var dummy = window.open(url,"AddUser","width=300,height=160");
}
function delChecked() {
document.forms[0].submit();
}
</script>
<body>
<table border=1 width=400>
<tr><td colspan=4 align=center><font face="Arial" size=3><b>Authorizer 1.0 - User admin</b></font></td></tr>
<form action="admin_delchecked.php" method=post>
<tr><td class="HEAD" width=20> </td><td class="HEAD" width=230>Username</td><td class="HEAD" width=50>Level</td><td class="HEAD" width=100>Action</td></tr>
<?php
$userlist = file("users.inc.php");
for ($i=1; $i<count($userlist); $i++) {
list($n,$p,$a) = explode(':',chop($userlist[$i]));
echo "<tr>";
echo "<td class=\"ROW\"><input type=checkbox name=\"user[]\" value=\"$n\"></td><td class=\"ROW\">$n</td><td class=\"ROW\">$a</td><td class=\"ROW\" align=center><a href=\"javascript: editUser('$n');\">Edit</a> - <a href=\"admin_deluser.php?name=$n\">Delete</a></td>";
echo "</tr>\n";
}
?>
</form>
</table>
<table border=1 width=400>
<tr><td class="FOOT" width=133><a href="javascript: delChecked();">Delete Checked</a></td><td class="FOOT" width=134><a href="javascript: addUser();">Add User</a></td><td class="FOOT" width=133><a href="auth_logout.php">Logout</a></td></tr>
</table>
<font size=1 face="Arial">Authorizer 1.0 ©2001 B.Dijkstra</font>
</body>
</html>
|
admin_adduser.php
<?php
include "auth.inc.php";
verifyAccess(0);
?>
<html>
<head>
<title>Add User</title>
<style>
TD.HEAD { font-family : Arial; font-weight: bold; font-size: 9pt; color: white; background: black; }
TD.ROW { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: white; }
TD.FOOT { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: #DDDDDD; text-align:center}
</style>
</head>
<body>
<font face="Arial" size=2>
<?php
if (!isset($submit)) {
?>
<table border=1 width="95%">
<tr><td colspan=2 align=center class="HEAD"><b>Add User</b></td></tr>
<form>
<tr><td class="ROW">Username </td><td class="ROW"> <input name="name" size=10></td></tr>
<tr><td class="ROW">Password </td><td class="ROW"> <input name="pass" size=10></td></tr>
<tr><td class="ROW">Access Level </td><td class="ROW"> <input name="level" size=10 value></td></tr>
<tr><td colspan=2 class="FOOT"><input type=submit name="submit" value=" Set "></td></tr>
</form>
</table>
<?php
} else {
$userlist = file("users.inc.php");
$done = false;
$auth = false;
$found = false;
$i = 0;
while ((!$found) && ($i<count($userlist))) {
$i++;
list($n,$p,$a) = explode(':',$userlist[$i]);
$found = ($n==$name);
}
if ($found) {
echo "Error: Username <i>$name</i> already exists<br><br>";
echo "<a href=\"javascript: history.back();\">Back</a>";
} else {
$p = md5($name.$pass);
$a = $level;
$i = count($userlist);
$userlist[$i] = implode(':',array($name,$p,$a));
sort($userlist);
$fd = fopen("users.inc.php","w");
fputs($fd,"<?php die(\"Access restricted\"); ?>\n");
for ($i=1; $i<count($userlist); $i++) {
fputs($fd,chop($userlist[$i])."\n");
}
fclose($fd);
echo "<script>window.opener.document.location.reload(); window.close();</script>";
}
}
?>
</font>
</body>
</html>
|
admin_delchecked.php
<?php
include "auth.inc.php";
verifyAccess(0);
if (isset($user)) {
$userlist = file("users.inc.php");
$fd = fopen("users.inc.php","w");
fputs($fd, "<?php die(\"Access Restricted\"); ?>\n");
for ($i=1; $i<count($userlist); $i++) {
list($n,$p,$a) = explode(':',$userlist[$i]);
if (!in_array($n,$user)) {
fputs($fd,$userlist[$i]);
}
}
fclose($fd);
}
header("Location: $HTTP_REFERER");
?>
|
admin_deluser.php
<?php
include "auth.inc.php";
verifyAccess(0);
?>
<html>
<head>
<title>Edit User <?php echo $name; ?></title>
<style>
TD.HEAD { font-family : Arial; font-weight: bold; font-size: 9pt; color: white; background: black; }
TD.ROW { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: white; }
TD.FOOT { font-family : Arial; font-weight: normal; font-size: 9pt; color: black; background: #DDDDDD; text-align:center}
</style>
</head>
<body>
<font face="Arial" size=2>
<?php
if (!isset($submit)) {
?>
<table border=1 width="95%">
<tr><td colspan=2 class="HEAD"><b>Edit user <i><? echo $name; ?></i></b></td></tr>
<form>
<tr><td class="ROW">New Password </td><td class="ROW"> <input name="pass" size=10></td></tr>
<tr><td class="ROW">Access Level </td><td class="ROW"> <input name="level" size=10 value></td></tr>
<tr><td colspan=2 class="FOOT"><input type=submit name="submit" value=" Set "></td></tr>
<input type=hidden name="name" value="<? echo $name; ?>">
</form>
</table>
<?php
} else {
$userlist = file("users.inc.php");
$done = false;
$auth = false;
$found = false;
$i = 0;
while ((!$found) && ($i<count($userlist))) {
$i++;
list($n,$p,$a) = explode(':',$userlist[$i]);
$found = ($n==$name);
}
if ($pass!="") $p = md5($n.$pass);
if ($level!="") $a = $level;
$userlist[$i] = implode(':',array($n,$p,$a));
$fd = fopen("users.inc.php","w");
fputs($fd,"<?php die(\"Access restricted\"); ?>\n");
for ($i=1; $i<count($userlist); $i++) {
fputs($fd,chop($userlist[$i])."\n");
}
fclose($fd);
echo "<center><b>changes made...</b><br><br><a href=\"javascript: window.opener.document.location.reload(); window.close();\">close</a></center>";
}
?>
</font>
</body>
</html>
|
auth.inc.php
<?php
function authUser($name, $pass) {
$userlist = file("users.inc.php");
$done = false;
$auth = false;
$found = false;
$i = 1;
while (!$done && !$found) {
list($n,$p,$a) = explode(':',$userlist[$i]);
$found = ($n==$name);
$auth = $found && ($p == md5($name.$pass));
$done = $auth || ($i>=count($userlist));
$i++;
}
return $auth;
}
function verifyAccess($minlevel) {
global $HTTP_COOKIE_VARS;
$userlist = file("users.inc.php");
$done = false;
$auth = false;
$found = false;
$i = 1;
list($name,$pass) = explode(':',$HTTP_COOKIE_VARS["AUTHORIZER"]);
while (!$done) {
list($n,$p,$a) = explode(':',$userlist[$i]);
$found = ($name == $n) && ($n!="");
$auth = $found && ($pass == $p) && ($a<=$minlevel);
$done = $found || ($i>=count($userlist));
$i++;
}
if (!$auth) {
readfile("auth_login.inc.html");
die("");
}
}
?>
|
auth_login.php
<?php
include "auth.inc.php";
if ( authUser($username,$userpass) ) {
$exp = gmdate ("M d Y H:i:s", time()-3600);
setcookie("AUTHORIZER",$username.":".md5($username.$userpass),$exp." GMT");
}
header("Location: $HTTP_REFERER");
?>
|
auth_login.inc.html
<html>
<body>
<font face="Arial" size=4><b>Sample Login Form</b></font><br><br>
<table width=400 border=1>
<form action="auth_login.php" method=post>
<tr><td bgcolor=black><font face="Arial" color=white size=2><b>Login<b></font></td></tr>
<tr><td><font face="Arial" color=black size=2>Name <input name="username" value="" size=10> Password <input name="userpass" type=password value="" size=10></font></td></tr>
<tr><td><font face="Arial" color=black size=2><input name=submit type=submit value="Login"> <input type=reset value="Clear"></font></td></tr>
</form>
</table>
<font size=1 face="Arial">Authorizer 1.0 ©2001 B.Dijkstra</font>
</body>
</html>
|
auth_logout.php
<?php
setcookie("AUTHORIZER");
header("Location: $HTTP_REFERER");
?>
|
users.inc.php
<?php die("Access restricted"); ?>
admin:f6fdffe48c908deb0f4c3bd36c032e72:0
To jest przykładowe zakodowanie strony
|
|
