salve scrivo tanto per scrivere tanto sicuramente nessuno risponde, comunque ho trovato uno script che è molto interessante, per il login, funziona semplicemente con le sessioni maledetto tema che non riesco a capire in nessun modocomunque lo script inserisce le sessioni nel database . adesso e datanto che volevo fare un lavoro del genere, per sicurezza comunque ho provato a mdificare lo script a i parametri chemiservon a me, e mi da sempre errore, cioe risuta sempre che i datiinseriti non sono corretti, io posto il codice magari qualcuno mi da una mano ne sarei grato
aut.lib.php
home.phpCodice PHP:
$_AUTH = array(
"TRANSICTION METHOD" => AUTH_USE_COOKIE
);
function auth_set_option($opt_name, $opt_value){
global $_AUTH;
$_AUTH[$opt_name] = $opt_value;
}
function auth_get_option($opt_name){
global $_AUTH;
return is_null($_AUTH[$opt_name])
? NULL
: $_AUTH[$opt_name];
}
function auth_clean_expired(){
global $_CONFIG;
$result = mysql_query("SELECT creation_date FROM ".$_CONFIG['table_sessioni']." WHERE uid='".auth_get_uid()."'");
if($result){
$data = mysql_fetch_array($result);
if($data['creation_date']){
if($data['creation_date'] + $_CONFIG['expire'] <= time()){
switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_COOKIE:
setcookie('uid');
break;
case AUTH_USE_LINK:
global $_GET;
$_GET['uid'] = NULL;
break;
}
}
}
}
mysql_query("
DELETE FROM ".$_CONFIG['table_sessioni']."
WHERE creation_date + ".$_CONFIG['expire']." <= ".time()
);
}
function auth_get_uid(){
$uid = NULL;
switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_COOKIE:
global $_COOKIE;
$uid = $_COOKIE['uid'];
break;
case AUTH_USE_LINK:
global $_GET;
$uid = $_GET['uid'];
break;
}
return $uid ? $uid : NULL;
}
function auth_get_status(){
global $_CONFIG;
auth_clean_expired();
$uid = auth_get_uid();
if(is_null($uid))
return array(100, NULL);
$result = mysql_query("SELECT U.name as name, U.surname as surname, U.username as username
FROM ".$_CONFIG['table_sessioni']." S,".$_CONFIG['table_utenti']." U
WHERE S.user_id = U.id and S.uid = '".$uid."'");
if(mysql_num_rows($result) != 1)
return array(100, NULL);
else{
$user_data = mysql_fetch_assoc($result);
return array(99, array_merge($user_data, array('uid' => $uid)));
}
}
function auth_login($uname, $passw){
global $_CONFIG;
$result = mysql_query("
SELECT *
FROM ".$_CONFIG['table_utenti']."
WHERE username='".$uname."' and password=MD5('".$passw."')"
);
if(mysql_num_rows($result) != 1){
return array(AUTH_INVALID_PARAMS, NULL);
}else{
$data = mysql_fetch_array($result);
return array(AUTH_LOGEDD_IN, $data);
}
}
function auth_generate_uid(){
list($usec, $sec) = explode(' ', microtime());
mt_srand((float) $sec + ((float) $usec * 100000));
return md5(uniqid(mt_rand(), true));
}
function auth_register_session($udata){
global $_CONFIG;
$uid = auth_generate_uid();
mysql_query("
INSERT INTO ".$_CONFIG['table_sessioni']."
(uid, user_id, creation_date)
VALUES
('".$uid."', '".$udata['id']."', ".time().")
"
);
if(!mysql_insert_id()){
return array(AUTH_LOGEDD_IN, $uid);
}else{
return array(AUTH_FAILED, NULL);
}
}
function auth_logout(){
global $_CONFIG;
$uid = auth_get_uid();
if(is_null($uid)){
return false;
}else{
mysql_query("
DELETE FROM ".$_CONFIG['table_sessioni']."
WHERE uid = '".$uid."'"
);
return true;
}
}
Codice PHP:ist($status, $user) = auth_get_status();
if($status == AUTH_LOGGED & auth_get_option("TRANSICTION METHOD") == AUTH_USE_LINK){
$link = "?uid=".$_GET['uid'];
}else $link = '';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Documento senza titolo</title>
<link href="stili-css-admin-pannell/help-admin.css" rel="stylesheet" type="text/css" />
<script type="text/javascript">
<!--
function scambio(id){
if (document.getElementById){
if(document.getElementById(id).style.display == 'none'){
document.getElementById(id).style.display = 'block';
} else {
document.getElementById(id).style.display = 'none';
}
}
}
-->
</script>
</head>
<body>
<div id="logotitle">:<?php //echo "[img]$path_site/admin/logo/$logosito[/img]"; ?></div>
<script type="text/javascript" src="../script-javascript/ahahText.js"></script>
<div id='result' class="risultato"></div>
<?php
switch($status){
case AUTH_LOGGED:
?>
[b]Sei loggato con il nome di <?=$user["nome"];?> [url="logout.php<?=$link?>"]Logout[/url][/b]
<?php
break;
case AUTH_NOT_LOGGED:
?>
<form name=""id='formName' method=""action="javascript:completeAHAH.likeSubmit('<? echo"inc/login.php";?>', 'POST', 'formName', 'result');" enctype='multipart/form-data'>
<table id="bordologin">
<tr>
<td>
<div class="ipadress"><?php echo"".date("j F Y g:i:s a").""; ?></div>
<div id="tableformlogin">
<table id="formlogin">
<tr>
<td>[b]Login:[/b]</td><td><input type="text" name="uname" class="inputformlogin"/></td>
</tr>
<tr>
<td>[b]Password:[/b]</td><td><input type="password" name="passw" class="inputformlogin" /></td>
</tr>
<tr>
<td></td><td><input type="submit" name="" value="accedi" class="yellowbutton" /></td>
</tr>
</table>
</div>
<div class="ipadress"><?php echo"".$_SERVER['REMOTE_ADDR'].""; ?></div>
</td>
</tr>
</table>
</form>
<?php
break;
}
e infine il login.phpa dimenticavo il config.php nn si sa mai magari qual cuno decide di aiutarmi e poi non trova il config e cambia ideaCodice PHP:include_once("config.php");
include_once("auth.lib.php");
list($status, $user) = auth_get_status();
if($status == AUTH_NOT_LOGGED){
$uname = strtolower(trim($_POST['uname']));
$passw = strtolower(trim($_POST['passw']));
if($uname == "" or $passw == ""){
$status = AUTH_INVALID_PARAMS;
}else{
list($status, $user) = auth_login($uname, $passw);
if(!is_null($user)){
list($status, $uid) = auth_register_session($user);
}
}
}
switch($status){
case AUTH_LOGGED:
header("Refresh: 5;URL=home.php");
echo '<div align="center">Sei gia connesso ... attendi il reindirizzamento</div>';
break;
case AUTH_INVALID_PARAMS:
header("Refresh: 5;URL=../login.php");
echo '<div align="center">Hai inserito dati non corretti ... attendi il reindirizzamento</div>';
break;
case AUTH_LOGEDD_IN:
switch(auth_get_option("TRANSICTION METHOD")){
case AUTH_USE_LINK:
header("Refresh: 5;URL=home.php?uid=".$uid);
break;
case AUTH_USE_COOKIE:
header("Refresh: 5;URL=home.php");
setcookie('uid', $uid, time()+3600*365);
break;
case AUTH_USE_SESSION:
header("Refresh: 5;URL=home.php");
$_SESSION['uid'] = $uid;
break;
}
echo '<div align="center">Ciao '.$user['nome'].' ... attendi il reindirizzamento</div>';
break;
case AUTH_FAILED:
header("Refresh: 5;URL=home.php");
echo '<div align="center">Fallimento durante il tentativo di connessione ... attendi il reindirizzamento</div>';
break;
}
Codice PHP:$_CONFIG['host'] = "localhost";
$_CONFIG['user'] = "root";
$_CONFIG['pass'] = "maurizio";
$_CONFIG['dbname'] = "prova";
$_CONFIG['table_sessioni'] = "sessioni";
$_CONFIG['table_utenti'] = "utenti";
$_CONFIG['expire'] = 60;
//--------------
define('AUTH_LOGGED', 99);
define('AUTH_NOT_LOGGED', 100);
define('AUTH_USE_COOKIE', 101);
define('AUTH_USE_LINK', 103);
define('AUTH_INVALID_PARAMS', 104);
define('AUTH_LOGEDD_IN', 105);
define('AUTH_FAILED', 106);
$conn = mysql_connect($_CONFIG['host'], $_CONFIG['user'], $_CONFIG['pass']) or die('Impossibile stabilire una connessione');
mysql_select_db($_CONFIG['dbname']);
perdonate la mia ignioranza
Rispondi quotando