login en logout
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---------Loginscript--------------
<!-- session start + database connection -->
<?php
if (isset($_POST['submit'])) {
$errors = array();
if (!empty($_POST['username'])){
if (strlen(trim($_POST['username'])) <6 || strlen(trim($_POST['username'])) >20) {
$errors[0] = "Username niet de juiste lengte";
}
} else {
$errors[0] = "Username niet ingevoerd";
}
if (!empty($_POST['password'])){
if (strlen(trim($_POST['password'])) <6 || strlen(trim($_POST['password'])) >30) {
$errors[1] = "password niet de juiste lengte";
}
} else {
$errors[1] = "Password niet ingevoerd";
}
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$hashed_password = sha1($password);
if ( empty($errors) ) {
$query = "SELECT id_accounts, username, voornaam, rechten ";
$query .= "FROM accounts ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Database query failed: " . mysql_error());
}
$nummer = mysql_num_rows($result);
if ($nummer == 1) {
$found_user = mysql_fetch_array($result);
$_SESSION['id_accounts'] = $found_user['id_accounts'];
header("Location: admin.php");
} else {
$message = "<br />gebruikers naam niet kunnen vinden.<br />
probeer opnieuw.";
}
} else {
$message = "";
if (isset ($errors[0])){$message = "<br />" . $errors[0] . "<br />";}
if (isset ($errors[1])){$message = "<br />" . $errors[1] . "<br />";}
}
} else {
$username = "";
$password = "";
}
?>
<h1>Login</h1>
<form action="login.php" method="post" name="f1">
<table align="center">
<tr>
<th>Username:</th>
<td align="center"><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<th>Password:</th>
<td align="center"><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
<?php
if (!empty($message)){
echo "" . $message;
}
?>
<!-- session start + database connection -->
<?php
if (isset($_POST['submit'])) {
$errors = array();
if (!empty($_POST['username'])){
if (strlen(trim($_POST['username'])) <6 || strlen(trim($_POST['username'])) >20) {
$errors[0] = "Username niet de juiste lengte";
}
} else {
$errors[0] = "Username niet ingevoerd";
}
if (!empty($_POST['password'])){
if (strlen(trim($_POST['password'])) <6 || strlen(trim($_POST['password'])) >30) {
$errors[1] = "password niet de juiste lengte";
}
} else {
$errors[1] = "Password niet ingevoerd";
}
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$hashed_password = sha1($password);
if ( empty($errors) ) {
$query = "SELECT id_accounts, username, voornaam, rechten ";
$query .= "FROM accounts ";
$query .= "WHERE username = '{$username}' ";
$query .= "AND hashed_password = '{$hashed_password}' ";
$query .= "LIMIT 1";
$result = mysql_query($query);
if (!$result) {
die("Database query failed: " . mysql_error());
}
$nummer = mysql_num_rows($result);
if ($nummer == 1) {
$found_user = mysql_fetch_array($result);
$_SESSION['id_accounts'] = $found_user['id_accounts'];
header("Location: admin.php");
} else {
$message = "<br />gebruikers naam niet kunnen vinden.<br />
probeer opnieuw.";
}
} else {
$message = "";
if (isset ($errors[0])){$message = "<br />" . $errors[0] . "<br />";}
if (isset ($errors[1])){$message = "<br />" . $errors[1] . "<br />";}
}
} else {
$username = "";
$password = "";
}
?>
<h1>Login</h1>
<form action="login.php" method="post" name="f1">
<table align="center">
<tr>
<th>Username:</th>
<td align="center"><input type="text" name="username" maxlength="30" value="<?php echo htmlentities($username); ?>" /></td>
</tr>
<tr>
<th>Password:</th>
<td align="center"><input type="password" name="password" maxlength="30" value="<?php echo htmlentities($password); ?>" /></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" name="submit" value="Login" /></td>
</tr>
</table>
</form>
<?php
if (!empty($message)){
echo "" . $message;
}
?>
------------- logout script -------------------
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
2
3
4
5
6
7
8
9
10
11
12
13
<?php
session_start();
$_SESSION = array();
if(!isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
header("Location: index.php");
?>
session_start();
$_SESSION = array();
if(!isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
header("Location: index.php");
?>
Gewijzigd op 12/10/2010 22:21:58 door Karel de jong
code] en [/code] tags.
Gebruik s.v.p. [echo "" . $message; <-- wtf?
verder: is dat de enige code van logout.php? Als er meer is vergeet je de die() namelijk. IN principe is eht unsetten van die cookie ook redelijk onnodig.
Ik zal het nog wel op zn werking nalopen als je effe et geheel in code blokken propt.
Gewijzigd op 12/10/2010 21:29:12 door niek s
- SQL Injection mogelijk
- Geen Tables voor Forms
- Hoezo accolade's om variabelen die je niet buiten haken haalt? ;-)
- Je gaat niet dood na de header(). Hoe je het uiteindelijk inbakt is natuurlijk een tweede, maar kan goed zijn dat je daar naar wil kijken.