header("Location: $dest[?]");

**boomboom69** · 03-08-2004, 19:06

login.php

codice:

<?php
function authUser($username, $password, $archive) {
         $pass = md5($username.$password);
         $userlist = file($archive);
         array_shift($userlist); // salta la protezione
         foreach($userlist as $user) {
                 list($n, $p, $d) = explode(":", trim($user));
                 if($username == trim($n) && $pass == trim($p)) {
                    return $d;
                 }
         }
         return false;
}

$archive = "users.inc.php";
if(isset($_POST['login'])) {
   $username = htmlentities(trim($_POST['username']));
   $password = htmlentities(trim($_POST['password']));
   if($username != '' && $password != '' && ($dest = authUser($username, $password, $archive)) !== false) {
      header("Location: $dest");
      exit();
   }
}
echo "
      <form action=\"".basename($_SERVER['PHP_SELF'])."\" method=\"post\">
       Username <input type=\"text\" name=\"username\">

       Password <input type=\"password\" name=\"password\">

       <center><input type=\"submit\" name=\"login\" value=\"login\">
      </form>";
?>

adduser.php

codice:

<?php
function check_user($username, $archive) {
         $userlist = file($archive);
         array_shift($userlist); // salta la protezione
         foreach($userlist as $user) {
                 list($n, $p, $d) = explode(":", trim($user));
                 if($username == trim($n)) {
                    return true;
                 }
         }
         return false;
}

$archive = "users.inc.php";
$protection = "<? die(\"Accesso riservato\"); ?>\n";
if(isset($_POST['submit'])) {
   $errors = array();
   $username = isset($_POST['username']) && trim($_POST['username']) != '' ? htmlentities(trim($_POST['username'])) : false;
   $password = isset($_POST['password']) && trim($_POST['password']) != "" ? htmlentities(trim($_POST['password'])) : false;
   $dest = isset($_POST['dest']) && trim($_POST['dest']) != "" ? htmlentities(trim($_POST['dest'])) : false;

   if($username === false) {
      $errors[] = "Il campo username è obbligatorio";
   } else if(check_user($username, $archive) === true) {
      $errors[] = "Username già presente nel database";
   }

   if($password === false) {
      $errors[] = "Il campo password è un campo obbligatorio";
   }

   if($dest === false) {
      $errors[] = "Il campo destinazione è obbligatorio";
   }

   if(count($errors) > 0) {
      echo implode("
\n", $errors)."

";
   } else {
      $dati = array($username, md5($username.$password), $dest);
      $addline = (file_exists($archive) ? "" : $protection).implode(":", $dati)."\n";
      $fd = fopen($archive, "a") or die("Errore nell'apertura dell'archivio");
      fputs($fd, $addline);
      fclose($fd);
      echo "$username inserito nell'archivio: $username -&gt; $dest
";
   }

}

echo "
      <form action=\"".basename($_SERVER['PHP_SELF'])."\" method=\"post\">
       <input type=\"text\" name=\"username\" size=10>
       <input type=\"password\" name=\"password\" size=10>
       <input type=\"text\" name=\"dest\" value=\".php\">
       <input type=submit name=\"submit\" value=\" Set \">
      </form>";
?>

deluser.php

codice:

<?php
$archive = "users.inc.php";
$protection = "<? die(\"Accesso riservato\"); ?>\n";
if(isset($_POST['submit'])) {
   $errors = array();
   if(!isset($_POST['username']) || count($_POST['username']) <= 0) {
       $errors[] = "Procedura non valida o utenti non specificati";
   } else if(!is_array($_POST['username'])) {
       $errors[] = "Dati non validi";
   } else if(@!file_exists($archive)) {
       $errors[] = "Archivio non trovato";
   } else {
       $usernames = array();
       $del_users = array();
       $undel_users = array();
       foreach($_POST['username'] as $user) {
               $usernames[] = htmlentities($user);
       }
       $userlist = file($archive);
       array_shift($userlist); // rimuove la protezione
       foreach($userlist as $key=>$user) {
               list($n, $p, $d) = explode(":", trim($user));
               if(in_array(trim($n), $usernames)) {
                  $del_users[$key] = trim($n);
               }
       }
       $undel_users = array_diff($usernames, $del_users);
   }

   if(count($errors) > 0) {
      echo implode("
\n", $errors);
   } else {
      if(count($undel_users) > 0) {
         echo "Utenti non trovati:".implode(", ", $undel_users);
      } else if(count($del_users) > 0) {
         foreach( $del_users as $key=>$value) {
                  unset($userlist[$key]);
         }
         $fp = fopen($archive, "w") or die("Errore nell'apertura dell'archivio");
         fputs($fp, $protection.implode("", $userlist));
         fclose($fp);
         echo "Utenti cancellati dall'archivio:".implode(", ", $del_users);
      }
   }
}

echo "
      <form action=\"".basename($_SERVER['PHP_SELF'])."\" method=\"post\">";
      if(@file_exists($archive)) {
          $userlist = file($archive);
          array_shift($userlist);
          foreach($userlist as $user) {
                 list($n, $p, $d) = explode(":", trim($user));
                 echo "$n <input type=\"checkbox\" name=\"username[]\" value=\"$n\">
\n";
          }
      }
echo "
       <input type=\"submit\" name=\"submit\" value=\"cancella i valori selezionati\">
      </form>";
?>

users.inc.php

codice:

<? die("Accesso riservato"); ?>
a:6d940e785d9e49adfd80b8b5464cecc4:a.php
c:e0323a9039add2978bf5b49550572c7c:c.php

Discussione: header("Location: $dest[?]");

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio