View previous topic :: View next topic |
Author |
Message |
nel`chee
Joined: 08 Jul 2004 Posts: 2087 Location: Rijeka
|
Posted: 27.12.2005 22:22 Post subject: nakon logina prazna stranica |
|
|
Code: | include 'form_auth.php';
if (form_authenticate() !== true) die();
// all checked, ok. |
nakon ovoga ide sadrzaj. medjutim, dobijem bijelu stranicu i moram refreshat i onda je sve ok. zasto i kako? |
_________________ ♥ art & design portfolio ♥ free Photoshop brushes stuff ♥ sketchblog ♥ facebook ♥ |
|
Back to top |
|
|
lekke
Joined: 17 Jun 2004 Posts: 860 Location: 25th floor
|
Posted: 27.12.2005 22:41 Post subject: |
|
|
if (form_authenticate() !== true) die(); |
_________________ You need more bass. |
|
Back to top |
|
|
Sulien
Joined: 04 Jan 2004 Posts: 2905 Location: Zagreb
|
Posted: 27.12.2005 23:53 Post subject: |
|
|
Lekke, pa ako funkcija vraća bool onda nema veze jesu dva znaka li jedan.
A ti nam Nel'chee nisi dala dovoljno informacija. Samo vidovnjak može iz jednog include-a i jednog poziva funkcije shvatiti što se tu dešava
Last edited by Sulien on 28.12.2005 00:02; edited 1 time in total |
|
|
Back to top |
|
|
nel`chee
Joined: 08 Jul 2004 Posts: 2087 Location: Rijeka
|
Posted: 27.12.2005 23:55 Post subject: |
|
|
i kad maknem to isto je.
poanta je sto kad refresham sve bude u redu i dalje je sve okej, samo taj prvi put kad se ulogiram dodje prazno.
ovaj if se poziva svaki put.
ocete cijeli form_auth.php ? ima toga dosta |
_________________ ♥ art & design portfolio ♥ free Photoshop brushes stuff ♥ sketchblog ♥ facebook ♥ |
|
Back to top |
|
|
nel`chee
Joined: 08 Jul 2004 Posts: 2087 Location: Rijeka
|
Posted: 27.12.2005 23:57 Post subject: |
|
|
Code: | <?php
function get_key () {
global $HTTP_COOKIE_VARS;
if (isset($HTTP_COOKIE_VARS['AUTHKEY'])) {
return $HTTP_COOKIE_VARS['AUTHKEY'];
}
return false;
}
function generate_key($userid) {
$secret = 'nekatajnarijec';
$user_key = md5($userid);
$checksum = md5 ($user_key . $secret);
$skey = $user_key . ',' . $checksum;
return $skey;
}
function store_key($key, $userid) {
setcookie('AUTHKEY', $key, time() + 3600);
$keyfile = '../tmp/authkey_' . $key;
if(file_exists($keyfile)) return false;
$fp = fopen($keyfile, 'w');
if (!(fwrite($fp, $userid)))
return false;
fclose ($fp);
return true;
}
function ckeck_key($key) {
$secret = 'nekatajnarijec';
list($user_key, $checksum) = explode(',', $key);
if(md5($user_key . $secret) != $checksum)
return false;
$keyfile = '../tmp/authkey_' . $key;
if(!(file_exists($keyfile)))
return false;
return true;
}
function show_auth_form ($err='')
{
global $HTTP_POST_VARS;
$tmpl = <<<EOT
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hr" lang="hr">
<head>
<title>Login</title>
<link rel="Stylesheet" type="text/css" href="../racunalstvo.css" />
</head>
<body>
<form action="%s" method="post">
<div style="text-align: center">
<h1>Log in</h1>
<span style="color: red">%s</span><br />
<table class="login">
<tr><td>Username</td><td><input class="textfield" type="text" name="u" size="15" value="" /></td></tr>
<tr><td>Password</td><td><input class="textfield" type="password" name="p" size="15" value="" /></td></tr>
<tr><td></td><td><input type="submit" value="Enter" class="button" /></td></tr>
</table>
</div>
</form>
</body>
</html>
EOT;
$page = @sprintf($tmpl, $GLOBALS['PHP_SELF'], $err);
echo $page;
}
function authorize_user ($user, $pass)
{
include 'config.php';
if ($user !== $username) {
write_log($user, $pass, 0);
return false;
}
if ($pass !== $password) {
write_log($user, $pass, 0);
return false;
}
return true;
}
function write_log($user, $pass, $sucess) {
$log = '../news/login.log';
if ($sucess==1) $entry = "Login: $user [".$_SERVER['REMOTE_ADDR']."] logged in at: ".date("Y/m/d H:i:s");
else $entry = "Error: $user [".$_SERVER['REMOTE_ADDR']."] tried to log in with password $pass at: ".date("Y/m/d H:i:s");
if (file_exists($log)) {
$file = fopen($log, 'ab');
fwrite($file, "\n$entry", strlen("\n$entry"));
fclose($file);
} else {
$file = fopen($log, 'ab');
fwrite($file, $entry, strlen($entry));
fclose($file);
chmod($log, 0666);
}
}
function form_authenticate () {
global $HTTP_POST_VARS;
$skey = get_key(); // cheking the key
if($skey !== false) {
if (ckeck_key($skey)) {
return true;
}
}
if (count($HTTP_POST_VARS) == 0) {
show_auth_form();
return false;
} else {
$user = $HTTP_POST_VARS['u'];
$pass = $HTTP_POST_VARS['p'];
if(empty($pass) || empty($pass)) {
show_auth_form('Please enter your username and password');
return false;
}
if (authorize_user($user, $pass) !== true) {
show_auth_form('Login failed, please try again.');
return false;
}
}
write_log($user, $pass, 1);
if(!(store_key(generate_key($user), $user))) {
return false;
}
return true;
}
?> |
|
_________________ ♥ art & design portfolio ♥ free Photoshop brushes stuff ♥ sketchblog ♥ facebook ♥ |
|
Back to top |
|
|
Sulien
Joined: 04 Jan 2004 Posts: 2905 Location: Zagreb
|
Posted: 28.12.2005 00:13 Post subject: |
|
|
Uh... ružno do bola. A da rađe koristiš session? Iskreno nije mi ni dalje jasno što refresh napravi da stvar prođe... imaš log funkciju, iskoristi je za debugging.
Ova skripta loše emulira rad sessiona i pola njene funkcionalnosti sasvim je bespotrebna |
|
|
Back to top |
|
|
nel`chee
Joined: 08 Jul 2004 Posts: 2087 Location: Rijeka
|
|
Back to top |
|
|
lekke
Joined: 17 Jun 2004 Posts: 860 Location: 25th floor
|
Posted: 28.12.2005 08:14 Post subject: |
|
|
Sulien wrote: | Lekke, pa ako funkcija vraća bool onda nema veze jesu dva znaka li jedan.
A ti nam Nel'chee nisi dala dovoljno informacija. Samo vidovnjak može iz jednog include-a i jednog poziva funkcije shvatiti što se tu dešava |
Stvarno ne znam ima li veze ili ne, ali mi se cinilo da koristenje "!==" invertira ponasanje if uvjeta - "bijela stranica" nije nista drugo nego die() bez parametara. A koliko vidim, tih "!==" ima jos ohoho po kodu. No... vidio sam tu neke tablice pa sam prestao gledat |
_________________ You need more bass. |
|
Back to top |
|
|
retro_one
Joined: 16 Sep 2003 Posts: 880 Location: DUBRAVA.
|
Posted: 28.12.2005 10:19 Post subject: |
|
|
!== provjerava uz vrijednost i tip varijable.
@nelchee: zast koristis $HTTP_POST_VARS umjesto $_POST? |
_________________ Just your average eccentric programmer. |
|
Back to top |
|
|
Sulien
Joined: 04 Jan 2004 Posts: 2905 Location: Zagreb
|
Posted: 28.12.2005 12:46 Post subject: |
|
|
lekke wrote: | Stvarno ne znam ima li veze ili ne, ali mi se cinilo da koristenje "!==" invertira ponasanje if uvjeta |
Pa da. To je u stvari užasno loš način da se napiše
Code: | if(!form_authenticate()) die(); |
Meni se ne čini da je ovo Nel'chee napisala, barem ne po HTML markupu. Prvu polovicu koda sigurno nije.
A vidi ovo
Code: | if(empty($pass) || empty($pass)) |
i ovo
ovo već liči na Nel'chee
i ovo
http://php.linux.hr/session |
|
|
Back to top |
|
|
nel`chee
Joined: 08 Jul 2004 Posts: 2087 Location: Rijeka
|
Posted: 28.12.2005 17:17 Post subject: |
|
|
Sulien wrote: | Meni se ne čini da je ovo Nel'chee napisala, barem ne po HTML markupu. Prvu polovicu koda sigurno nije. |
tu si u pravu
Quote: | ovo već liči na Nel'chee
i ovo
|
tocno, taj log feature sam dodala (i damn da idem maknut binary )
damn Sulien, "poznas me po kodu"
me go check |
_________________ ♥ art & design portfolio ♥ free Photoshop brushes stuff ♥ sketchblog ♥ facebook ♥ |
|
Back to top |
|
|
|