26-06-2006, 19:11
|
|
|
|
חבר מתאריך: 02.10.05
הודעות: 2,355
|
|
הנה חלק מ-LOGIN שלי (לא עם קוד אבטחה וכאלה.. LOGIN פשוט)
קוד PHP:
<?php //------------------------------------------------------------------------------------------------ //this script is part of worms portal //web tools with great moudles //login system //the name of the code is logger //programmed by nadav tenenbaum //begin 24.12.05 end 27.12.05 //version 2.1.0.0.1.0 //------------------------------------------------------------------------------------------------ //so... you are want to login... ok lets check thet //------------------------------------------------------------------------------------------------ //set vars //------------------------------------------------------------------------------------------------ $failed=FALSE; $err_msg=NULL; //------------------------------------------------------------------------------------------------ //check if user send form //------------------------------------------------------------------------------------------------ if($_SERVER['REQUEST_METHOD'] == 'POST') { function my_err($my_msg) { global $failed; global $err_msg; if ($failed == FALSE) { $failed=TRUE; $err_msg .="Eror(s): <br /> \n"; } $err_msg .= "$my_msg <br /> \n"; } //-------------------------------------------------------------------------------------------- //welcome to the kernel of the code //-------------------------------------------------------------------------------------------- //start chacking forms //-------------------------------------------------------------------------------------------- if(empty($_POST['client'])) { my_err("the client is empty"); } if(empty($_POST['pass'])) { my_err("the pass is empty"); } //-------------------------------------------------------------------------------------------- //include database class //-------------------------------------------------------------------------------------------- include_once 'db.php'; //-------------------------------------------------------------------------------------------- //process vars then they be ready for query //-------------------------------------------------------------------------------------------- $_POST['client'] = $link->escape($_POST['client']); $_POST['pass'] = sha1($_POST['pass']); //-------------------------------------------------------------------------------------------- //check if there was no failed //-------------------------------------------------------------------------------------------- if($failed == FALSE) { //---------------------------------------------------------------------------------------- //start sql stuff //---------------------------------------------------------------------------------------- $start=$link->query("SELECT `client`,`pass` FROM `clients` WHERE `client`='".$_POST['client']."' && `pass`='".$_POST['pass']."'"); $info=$link->fetch($start); //---------------------------------------------------------------------------------------- //is the data is right? //---------------------------------------------------------------------------------------- if($_POST['pass'] == $info['pass'] && $_POST['client'] == $info['client']) { if(!isset($_POST['cookie'])) { //-------------------------------------------------------------------------------- //start seesion //-------------------------------------------------------------------------------- session_start(); $_SESSION['client'] = $_POST['client']; $_SESSION['pass'] = $_POST['pass']; $_SESSION['ip'] = $_SERVER["REMOTE_ADDR"]; } else { setcookie("client", $_POST['client'], time()+60*60*24*367*3); setcookie("pass", $_POST['pass'], time()+60*60*24*367*3); } //------------------------------------------------------------------------------------- //yes it is! //------------------------------------------------------------------------------------- mysql_close(); header("Location:client.php"); exit; } else { //------------------------------------------------------------------------------------- //you are so cool... //------------------------------------------------------------------------------------- my_err("the client or the password are incorrect"); } } } ?>
_____________________________________
|