HI
First of all, can I make this kind of topic. I would like to make CMS but I need a lot of help. I'll post my problems and hopefully I get solutions and at the end I'm willing to share my code. I already know that there are a lot of great CMS already made, but I need one special. All I want is to simply add content to site, make simple presentation site. So let's start.
I already created simple php code, where is index page then admin section. There are no users or anything, just simply add, modify or delete content. Now I have one code, with which I would like to protect admin section with simple username and password. I found it somewhere, but I can't get it to work.
This is original code
PHP Code:
<?php
/* Config Section */
$pass = 'demo'; // Set the password.
$cookiename = 'cmscookie'; // Optional change: Give the cookie a name. Default is cmscookie
$expirytime = time()+3600; // Optional change: Set an expiry time for the password (in seconds). Default is 1 hour.
$msg = 'Password incorrect.'; // Optional change: Error message displayed when password is incorrect. Default is "Password incorrect".
/* End Config */
if (isset($_REQUEST['logout'])) {
setcookie($cookiename,'',time() - 3600); // remove cookie/password
if (substr($_SERVER['REQUEST_URI'],-12)=='?logout=true') { // if there is '?logout=true' in the URL
$url=str_replace('?logout=true','',$_SERVER['REQUEST_URI']); // remove the string '?logout=true' from the URL
header('Location: '.$url); // redirect the browser to original URL
}
show_login_page('');
exit();
}
$logout_button='<form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="submit" name="logout" value="Logout" /></form>';
$logout_text='<a href="'.$_SERVER['REQUEST_URI'].'?logout=true">Logout</a>';
/* End Logout Stuff */
/* FUNCTIONS */
$encrypt_pass=md5($pass); // encrypt password
function setmycookie() {
global $cookiename,$encrypt_pass,$expirytime;
setcookie($cookiename,$encrypt_pass,$expirytime);
}
function show_login_page($msg) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Required</title>
</head>
<body>
<div>
<form action="" method="POST">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Login">
<input type="hidden" name="sub" value="sub">
</form>
<div class=error><?=$msg?></div>
</div>
</body>
</html>
<?php }
/* END FUNCTIONS */
$errormsg='';
if (substr($_SERVER['REQUEST_URI'],-7)!='check.php') {// if someone tries to request check.php
if (isset($_POST['sub'])) { // if form has been submitted
$submitted_pass=md5($_POST['password']); // encrypt submitted password
if ($submitted_pass<>$encrypt_pass) { // if password is incorrect
$errormsg=$msg;
show_login_page($errormsg);
exit();
} else { // if password is correct
setmycookie();
}
} else {
if (isset($_COOKIE[$cookiename])) { // if cookie isset
if ($_COOKIE[$cookiename]==$encrypt_pass) { // if cookie is correct
// do nothing
} else { // if cookie is incorrect
show_login_page($errormsg);
exit();
}
} else { // if cookie is not set
show_login_page($errormsg);
exit();
}
}
} else {
echo 'Illegal Access';
}
?>
and this is my modification. I added mysql connection and added username. Now I can login it but it seems I can't set cookie. Whats wrong?
PHP Code:
<?php
$host = 'localhost';
$dbusname = 'root';
$dbuspass = '';
$dbname = '8';
mysql_connect($host, $dbusname, $dbuspass) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());
$result = mysql_query("SELECT * FROM admin");
$data = mysql_fetch_array($result);
$user = $data['username']; // Set the username.
$pass = $data['password']; // Set the password.
/* Config Section */
/*$user = 'admin';
$pass = 'pass'; */
$cookiename = '8cookie'; // Optional change: Give the cookie a name. Default is *cookie
$expirytime = time()+3600; // Optional change: Set an expiry time for the password (in seconds). Default is 1 hour.
$msg = 'Password incorrect.'; // Optional change: Error message displayed when password is incorrect. Default is "Password incorrect".
/* End Config */
/* Logout Stuff - Sept 5, 2005 */
if (isset($_REQUEST['logout'])) {
setcookie($cookiename,'',time() - 3600); // remove cookie/username/password
if (substr($_SERVER['REQUEST_URI'],-12)=='?logout=true') { // if there is '?logout=true' in the URL
$url=str_replace('?logout=true','',$_SERVER['REQUEST_URI']); // remove the string '?logout=true' from the URL
header('Location: '.$url); // redirect the browser to original URL
}
show_login_page('');
exit();
}
$logout_button='<form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="submit" name="logout" value="Logout" /></form>';
$logout_text='<a href="'.$_SERVER['REQUEST_URI'].'?logout=true">Logout</a>';
/* End Logout Stuff */
/* FUNCTIONS */
$encrypt_user=md5($user); // encrypt username
$encrypt_pass=md5($pass); // encrypt password
function setmycookie() {
global $cookiename,$encrypt_user,$encrypt_pass,$expirytime;
setcookie($cookiename,$encrypt_user,$encrypt_pass,$expirytime);
}
function show_login_page($msg) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Authorization Required</title>
</head>
<body>
<div>
<form action="" method="POST">
Username: <input type="username" name="username" size="20">
Password: <input type="password" name="password" size="20">
<input type="submit" value="Login">
<input type="hidden" name="sub" value="sub">
</form>
<div class=error><?=$msg?></div>
</div>
</body>
</html>
<?php }
/* END FUNCTIONS */
$errormsg='';
if (substr($_SERVER['REQUEST_URI'],-7)!='check2.php') {// if someone tries to request check2.php
if (isset($_POST['sub'])) { // if form has been submitted
$submitted_user=md5($_POST['username']); // encrypt submitted username
$submitted_pass=md5($_POST['password']); // encrypt submitted password
if ($submitted_user<>$encrypt_user || $submitted_pass<>$encrypt_pass) { // if password is incorrect
echo "Wrong username or password";
$errormsg=$msg;
show_login_page($errormsg);
exit();
} else { // if password is correct
setmycookie();
}
} else {
if (isset($_COOKIE[$cookiename])) { // if cookie isset
if ($_COOKIE[$cookiename]==$encrypt_user & $_COOKIE[$cookiename]==$encrypt_pass) { // if cookie is correct
// do nothing
} else { // if cookie is incorrect
show_login_page($errormsg);
exit();
}
} else { // if cookie is not set
show_login_page($errormsg);
exit();
}
}
} else {
echo 'Illegal Access';
}
?>
Sorry because of the big code...
Now this should work like when I want to access one page, login form shows up, and I login and continue to page that I wanted to access and I can simply access also other pages for admin without login it again. My modified script also shows login form, login works but when I want to access other pages I have to login again. Probably something wrong with setting cookie. If anybody knows any other good solution, I already know for session, but I don't like them, also problem is that I have to include this file to protect some other file, I'm more into if($admin){ continue ...
Then I also like simple and clean links and not index.php?id=1..., so I find solution with mod rewrite. Something like
Code:
RewriteEngine on
RewriteRule ^new$ new.html
This is very good, but is there an option to somehow connect this with mysql database so that I don't have to manually update htaccess file everytime I add page?? Or something similar
August 4th, 2006, 02:22 PM
