Scripts
LoginSysteem V1.1; Sessies + Admin
Hoe te installeren? Je maakt alle bestanden aan, daarna open je install.php in je browser. Daar staat dan hoe je config.php eruit moet zien, en hoe je verder moet. Druk op Installeer! en MySQL tabellen inclusief adminaccount worden aangemaakt. Nu kan je install.php verwijderen Hoe te gebruiken? Op de pagina die je wilt beveiligen include je beveiliging-X.php. Ipv de X kan je letter a, m of n doen. a = Administratorrechten voor nodig m = Moderatorrechten voor nodig n = Voor alle members toegankelijk Ik heb er een kleine stylesheet bij gedaan om het er wat leuker uit te laten zien Veranderingen Versie 1.01 1. De admin kan de statussen wijzigen 2. Er is een betere email checker [Script van Bas] 3. Bug 'Niet meer terug kunnen na registreren met fout' is eruit op aandringen van thijs Veranderingen Versie 1.1 [05-10-2005] 1. Wachtwoord vergeten functie en wachtwoord wijzigen functie ingebouwd 2. Bij registreren moet je nu aan een aantal voorwaarden qua lengte van username en password doen 3. Bij registreren worden alle foutmeldingen tegelijk weergeven 4. Er is 1 rank bij, nu alle ranken in volgorde van hoogste naar laagste: a, m, n 5. Er is een ledenlijst bijgekomen die de members kunnen bekijken Volgende Versie Ik heb het nu behoorlijk druk met school dus het zal nog wel even duren voordat er een compleet nieuwe versie uitkomt. Wel kan het zijn dat ik na reacties wat bugs eruit ga halen..
loginsysteem-v11-sessies-admin
--[-- install.php --]--
[code]<?
if($_POST['submit'])
{
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
$md5 = md5($password);
$email = addslashes($_POST['email']);
if($username == "" || $password == "")
{
echo "Niet alles ingevuld...<br><br><a href=\"javascript:history.back(-1)\">Terug</a>";
}
else
{
include("config.php");
mysql_query("DROP TABLE IF EXISTS `inlogsysteem`");
mysql_query("
CREATE TABLE `inlogsysteem` (
`id` int(8) NOT NULL auto_increment,
`username` varchar(40) NOT NULL,
`password` varchar(40) NOT NULL,
`email` varchar(255) NOT NULL,
`status` char(1) NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM
");
mysql_query("INSERT INTO `inlogsysteem` (`id`,`username`,`password`,`email`,`status`) VALUES ('','".$username."','".$md5."','".$email."','a')");
header("Location: index.php");
}
}
else
{
?>
<html>
<head>
<title>Install</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p>
Maak EERST een config.php aan zoals hieronder:<br><br>
<? <br>
ob_start(); <br>
session_start(); <br>
mysql_connect("localhost","USERNAME","PASSWORD"); <br>
mysql_select_db("DATABASE");<br>
?><br>
</p>
<p>Daarna pas dit hieronder:</p>
<table border="0" cellspacing="0" cellpadding="0">
<form action="<? $_SERVER['PHP_SELF'] ?>" method="post">
<tr>
<td><b>Logingegevens Admin</b></td>
<td> </td>
</tr>
<tr>
<td>Admin naam:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Admin password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td>Admin email:</td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" name="submit" value="Installeer!"></td>
</tr>
</form>
</table>
</body>
</html>
<?
}
ob_end_flush();
?>[/code]
--[-- admin.php --]--
[code]<?
include("beveiliging-a.php");
?>
<html>
<head>
<title>Admin</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p>Welkom bij het ControlPanel voor de Administrator</p>
<p>
<b>Uitleg Statussen:</b><br>
Status 'a' = Administratorrechten<br>
Status 'm' = Moderator<br>
Status 'n' = Normale member<br>
</p>
<?
function afk_str($string, $lengte)
{
return strlen($string) > $lengte ? substr($string, 0, $lengte).'..' : $string;
}
function home()
{
$sql = "SELECT * FROM `inlogsysteem`";
$query = mysql_query($sql);
echo "
<table border=\"0\" cellpadding=\"1\" cellspacing=\"0\" width=\"700\">
<tr>
<td><b>ID</b></td><td><b>Username</b></td><td><b>Email</b></td><td><b>Status/Rank</b></td><td> </td><td> </td>
</tr>
<tr>
<td> </td><td> </td><td> </td><td> </td><td> </td><td> </td>
</tr>
";
while($rij = mysql_fetch_assoc($query))
{
echo "
<tr>
<td>".$rij['id']."</td><td>".$rij['username']."</td><td><a href=\"mailto:".$rij['email']."\" title=\"".$rij['email']."\">".afk_str($rij['email'],30)."</td><td>".$rij['status']."</td>";
if($rij['status'] == "a")
{
echo "<td> </td>";
}
else
{
echo "<td><a href=\"?action=deluser&id=".$rij['id']."&rank=".$rij['status']."\" style=\"color:#FF0000;\">Delete Member</a></td>";
}
echo "<td><a href=\"?action=wijzig_status&id=".$rij['id']."&rank=".$rij['status']."\">Wijzig Rank</a></td>";
echo "</tr>";
}
echo "</table>";
}
function wijzig_status()
{
$id = $_GET['id'];
$rank = $_GET['rank'];
if($_POST['wijzig'])
{
$sql = "UPDATE `inlogsysteem` SET `status` = '".$_POST['status']."' WHERE `id` = '".$id."'";
mysql_query($sql) or die(mysql_error());
header("Location: admin.php");
}
else
{
echo "<form action=\"\" method=\"post\">";
echo "Je hebt de member met ID nr. ".$id." en<br> als rank ".ucfirst($rank)." geselecteerd<br><br>";
echo "Rank <select name=\"status\" style=\"width:50px;\">
<option value=\"".$rank."\"> </option>
<option value=\"a\">a</option>
<option value=\"m\">m</option>
<option value=\"n\">n</option>
</select><br>
";
echo "<input type=\"submit\" name=\"wijzig\" value=\"Wijzig Rank\">";
echo "</form>";
}
}
function deluser()
{
$id = $_GET['id'];
$rank = $_GET['rank'];
if($rank == "a" || $id == "1")
{
echo "
<script>
window.alert('De Admin kan niet verwijderd worden');
window.location = 'admin.php';
</script>
";
}
else
{
mysql_query("DELETE FROM `inlogsysteem` WHERE `id` = '".$id."'");
header("Location: ".$_SERVER['PHP_SELF']."");
}
}
switch($_GET['action'])
{
case "wijzig_status";
wijzig_status();
break;
case "deluser";
deluser();
break;
case "wijzig_pass";
wijzig_pass();
break;
default;
home();
break;
}
?>
</body>
</html>
<?
ob_end_flush();
?>[/code]
--[-- beveiliging-a.php --]--
[code]<?
include("config.php");
if($_SESSION['login'] !== "1")
{
header("Location: login.php");
}
elseif($_SESSION['login'] == "1" && $_SESSION['status'] !== "a")
{
header("Location: errors.php?p=geen_admin");
}
?>[/code]
--[-- beveiliging-m.php --]--
[code]<?
include("config.php");
if($_SESSION['login'] !== "1")
{
header("Location: login.php");
}
elseif($_SESSION['login'] == "1" && $_SESSION['status'] !== "m")
{
if($_SESSION['login'] == "1" && $_SESSION['status'] !== "a")
{
header("Location: errors.php?p=geen_moderator");
}
}
?>[/code]
--[-- beveilging-n.php --]--
[code]<?
include("config.php");
if($_SESSION['login'] !== "1")
{
header("Location: login.php");
}
?>[/code]
--[-- errors.php --]--
[code]<?
if($_GET['p'] == "geen_admin")
{
?>
<html>
<head>
<title>Error!</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p>Je hebt geen Admin-account</p>
<p> </p>
<p>Klik <a href="login.php">hier</a> om naar de loginpagina te gaan</p>
</body>
</html>
<?
}
if($_GET['p'] == "geen_moderator")
{
?>
<html>
<head>
<title>Error!</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p>Je hebt geen Moderator- of Adminaccount</p>
<p> </p>
<p>Klik <a href="login.php">hier</a> om naar de loginpagina te gaan</p>
</body>
</html>
<?
}
?>[/code]
--[-- index.php --]--
[code]<html>
<head>
<title>LoginSysteem V1.01</title>
<link rel="stylesheet" type="text/css" href="style.css">
<meta http-equiv="refresh" content="4; url=login.php">
</head>
<body>
<p align="left">Momentje... Je wordt doorgestuurd naar de Login pagina</p>
<?
if(file_exists("install.php"))
{
echo "Heb je het systeem al geinstalleerd? Zo niet, <a href=\"install.php\">Installeer Nu!</a>";
}
else
{
echo"";
}
?>
</body>
</html>[/code]
--[-- ledenlijst.php --]--
[code]<?
include("beveiliging-n.php");
?>
<html>
<head>
<title>Ledenlijst</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<p><b>De Ledenlijst</b></p>
<table border="0" cellpadding="1" cellspacing="0" width="70%">
<tr>
<td>Username</td>
<td>Rank</td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<?
$query = mysql_query("SELECT * FROM `inlogsysteem`");
while($rij = mysql_fetch_assoc($query))
{
echo "
<tr>
<td>".ucfirst($rij['username'])."</td>
<td>";
if($rij['status'] == "a") { echo "<span style=\"color:#F00000;\"><b>Admin</b></span>"; }
if($rij['status'] == "m") { echo "<span style=\"color:#102030;\"><b>Moderator</b></span>"; }
if($rij['status'] == "n") { echo "Normale Member"; }
echo "</td>
</tr>
";
}
?>
</table>
</body>
</html>[/code]
--[-- login.php --]--
[code]<?
include("config.php");
?>
<html>
<head>
<title>Login</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<?
if($_GET['p'] == "uitloggen")
{
$_SESSION = array();
header("Location: ".$_SERVER['PHP_SELF']."");
}
elseif($_GET['p'] == "wijzig_pass")
{
if($_POST['wijzig_pass'])
{
if(strlen($_POST['password']) < 6 || strlen($_POST['password']) > 40)
{
echo "<b><i>Het wachtwoord is minder als 6 of meer als 40 tekens</i></b><br><br>";
echo "Klik <a href=\"javascript:history.back(-1)\">hier</a> om terug te gaan";
}
else
{
$sql = "UPDATE `inlogsysteem` SET `password` = '".md5($_POST['password'])."' WHERE `id` = '".$_SESSION['id']."'";
mysql_query($sql);
header("Location: ".$_SERVER['PHP_SELF']."");
}
}
else
{
echo "<table border=\"0\" cellpadding=\"1\" cellspacing=\"0\">";
echo "<form action=\"\" method=\"post\">";
echo "<a href=\"".$_SERVER['PHP_SELF']."\">Terug</a><br><br>";
echo "
<tr>
<td>Nieuwe Password</td>
<td><input type=\"password\" name=\"password\"></td>
</tr>
<tr>
<td> </td>
<td align=\"right\"><input type=\"submit\" name=\"wijzig_pass\" value=\"Wijzig!\"></td>
</tr>
";
echo "</form>";
echo "</table>";
echo "<span style=\"font-size:8pt;\">* Niet op 'Enter' drukken maar<br> met de muis klikken op 'Wijzig!'</span>";
}
}
elseif($_SESSION['login'] == "1" && $_SESSION['status'] == "a")
{
echo "Welkom ".ucfirst($_SESSION['naam'])." !<br><br>";
echo "[Admin]<br><br>";
echo "<a href=\"admin.php\" target=\"_blank\">Admin Locatie</a><br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=wijzig_pass\">Wijzig Password</a><br><br>";
echo "<a href=\"ledenlijst.php\"><b>Ledenlijst</b><br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=uitloggen\">Uitloggen</a>";
}
elseif($_SESSION['login'] == "1" && $_SESSION['status'] == "m")
{
echo "Welkom ".ucfirst($_SESSION['naam'])." !<br><br>";
echo "[Moderator]<br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=wijzig_pass\">Wijzig Password</a><br><br>";
echo "<a href=\"ledenlijst.php\"><b>Ledenlijst</b><br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=uitloggen\">Uitloggen</a>";
}
elseif($_SESSION['login'] == "1" && $_SESSION['status'] == "n")
{
echo "Welkom ".ucfirst($_SESSION['naam'])." !<br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=wijzig_pass\">Wijzig Password</a><br><br>";
echo "<a href=\"ledenlijst.php\"><b>Ledenlijst</b><br><br>";
echo "<a href=\"".$_SERVER['PHP_SELF']."?p=uitloggen\">Uitloggen</a>";
}
else
{
if($_POST['login'])
{
$username = addslashes($_POST['username']);
$md5_ww = md5($_POST['password']);
$sql = "SELECT * FROM `inlogsysteem` WHERE `username` = '".$username."' AND `password` = '".$md5_ww."'";
$query = mysql_query($sql);
if(mysql_num_rows($query) == 1)
{
$username = addslashes($_POST['username']);
$md5_ww = md5($_POST['password']);
$statussql = "SELECT * FROM `inlogsysteem` WHERE `username` = '".$username."' AND `password` = '".$md5_ww."'";
$statusquery = mysql_query($statussql);
$status = mysql_fetch_assoc($statusquery);
if($status['status'] == "n")
{
$_SESSION['login'] = "1";
$_SESSION['status'] = "n";
$_SESSION['naam'] = $username;
$_SESSION['id'] = $status['id'];
}
elseif($status['status'] == "m")
{
$_SESSION['login'] = "1";
$_SESSION['status'] = "m";
$_SESSION['naam'] = $username;
$_SESSION['id'] = $status['id'];
}
elseif($status['status'] == "a")
{
$_SESSION['login'] = "1";
$_SESSION['status'] = "a";
$_SESSION['naam'] = $username;
$_SESSION['id'] = $status['id'];
}
header("Location: ".$_SERVER['PHP_SELF']."");
}
else
{
echo "Gebruikersnaam en/of wachtwoord verkeerd<br><br>";
}
}
echo "
<table border=\"0\">
<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">
<tr>
<td>Username</td>
<td><input type=\"text\" name=\"username\" size=\"15\"></td>
</tr>
<tr>
<td>Password</td>
<td><input type=\"password\" name=\"password\" size=\"15\"></td>
</tr>
<tr>
<td align=\"right\"><input type=\"button\" name=\"registreer\" value=\"Registreer!\" onClick=\"window.open('registreer.php','Registreer_Popup','width=250,height=300,scrollbars=yes')\"></td>
<td align=\"right\"><input type=\"submit\" name=\"login\" value=\"Login!\"></td>
</tr>
</form>
</table>
";
}
ob_end_flush();
?>[/code]
--[-- registreer.php --]--
[code]<?
include("config.php");
?>
<html>
<head>
<title>Registreer</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<?
function check_mail($email)
{
$email_host = explode("@",$email);
$email_host = $email_host['1'];
$email_domein = gethostbyname($email_host);
if($email_domein !== $email_host && eregi("^[0-9a-z]([-_.~]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-z]{2,4}$",$email))
{
$geldig = 1;
}
return $geldig;
}
if($_POST['registreer'])
{
$username_query = mysql_query("SELECT * FROM `inlogsysteem` WHERE `username` = '".addslashes($_POST['username'])."'");
$email_query = mysql_query("SELECT * FROM `inlogsysteem` WHERE `email` = '".addslashes($_POST['email'])."'");
$check_email = check_mail($_POST['email']);
if($_POST['username'] == "" || $_POST['password'] == "" || $_POST['password2'] == "" || $_POST['email'] == "" || $_POST['password'] !== $_POST['password2'] || mysql_num_rows($username_query) >= 1 || mysql_num_rows($email_query) >= 1 || $check_email !== 1 || strlen($_POST['password']) < 6 || strlen($_POST['username']) < 6 || strlen($_POST['password']) > 40 || strlen($_POST['username']) > 40)
{
echo "<a href=\"javascript:history.back(-1)\">Terug</a><br><br>";
echo "<ol>";
if($_POST['username'] == "")
{
echo "<li>Bij <b>USERNAME</b> is niks ingevuld</li>";
}
if($_POST['password'] == "")
{
echo "<li>Bij <b>PASSWORD</b> is niks ingevuld</li>";
}
if($_POST['password2'] == "")
{
echo "<li>Bij <b>PASSWORD [Bevestiging]</b> is niks ingevuld</li>";
}
if($_POST['email'] == "")
{
echo "<li>Bij <b>EMAIL</b> is niks ingevuld</li>";
}
if($_POST['password'] !== $_POST['password2'])
{
echo "<li>De <b>PASSWORDS</b> zijn niet gelijk</li>";
}
if(mysql_num_rows($username_query) >= 1)
{
echo "<li>De <b>USERNAME</b> is al in gebruik</li>";
}
if(mysql_num_rows($email_query) >= 1)
{
echo "<li>De <b>EMAIL</b> is al geregistreerd</li>";
}
if($check_email !== 1)
{
echo "<li>Geen geldige <b>EMAIL</b> ingevuld</li>";
}
if(strlen($_POST['password']) < 6)
{
echo "<li><b>PASSWORD</b> is minder dan 6 tekens</li>";
}
if(strlen($_POST['username']) < 6)
{
echo "<li><b>USERNAME</b> is minder dan 6 tekens</li>";
}
if(strlen($_POST['password']) > 40)
{
echo "<li><b>PASSWORD</b> is meer dan 40 tekens</li>";
}
if(strlen($_POST['username']) > 40)
{
echo "<li><b>USERNAME</b> is meer dan 40 tekens</li>";
}
echo "</ol>";
}
else
{
$username = addslashes($_POST['username']);
$md5_ww = md5($_POST['password']);
$email = addslashes($_POST['email']);
$status = "n";
mysql_query("INSERT INTO `inlogsysteem` (`username`, `password`, `email`, `status`) VALUES ('".$username."','".$md5_ww."','".$email."','".$status."')");
echo "
Je kunt nu inloggen
<br><br><br><br>
<a href='javascript:window.close()'>Sluit venster</a>
";
}
}
else
{
echo "
<table border=\"0\">
<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">
<tr>
<td>Username</td>
<td><input type=\"text\" name=\"username\" size=\"15\"></td>
</tr>
<tr>
<td>Password</td>
<td><input type=\"password\" name=\"password\" size=\"15\"></td>
</tr>
<tr>
<td>Password [Bevestiging]</td>
<td><input type=\"password\" name=\"password2\" size=\"15\"></td>
</tr>
<tr>
<td>Email</td>
<td><input type=\"text\" name=\"email\" size=\"15\"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td> </td>
<td align=\"right\"><input type=\"submit\" name=\"registreer\" value=\"Registreer!\"></td>
</tr>
</form>
</table><br>
<span style=\"font-size:8pt;\">* Username en Password mogen beiden niet minder als 6 en niet meer als 40 karakters bevatten.</span><br><br>
<span style=\"font-size:8pt;\">** Alle velden dienen ingevuld te worden!</span>
";
}
ob_end_flush();
?>[/code]
--[-- wachtwoord-vergeten.php --]--
[code]<?
include("config.php");
?>
<html>
<head>
<title>Wachtwoord vergeten</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?
function generator()
{
$karakters = array_merge(range('a','z'),range('A','Z'),range(0,9));
shuffle($karakters);
$karakters = implode('',$karakters);
return substr($karakters,0,12);
}
if($_POST['generate'])
{
if($_POST['username'] !== "" || $_POST['email'] !== "")
{
$query = mysql_query("SELECT `id` FROM `inlogsysteem` WHERE `email` = '".addslashes($_POST['email'])."' AND `username` = '".addslashes($_POST['username'])."'");
if(mysql_num_rows($query) == 1)
{
$password = generator();
mail($_POST['email'],"Nieuw Password",$password,"From: LoginSysteem V1.1 <[email protected]>");
$sql = "UPDATE `inlogsysteem` SET `password` = '".md5($password)."' WHERE `email` = '".addslashes($_POST['email'])."'";
mysql_query($sql);
echo "Check je Emailbox voor het nieuwe password, je kan inloggen met dit password en daarna kan je het password wijzigen als je ingelogd bent<br><br>Klik <a href=\"login.php\">hier</a> om naar de Loginpagina te gaan";
}
else
{
echo "Username hoort niet bij Email<br><br><a href=\"javascript:history.back(-1)\">Terug</a>";
}
}
else
{
echo "Niet alles ingevuld<br><br><a href=\"javascript:history.back(-1)\">Terug</a>";
}
}
else
{
?>
<table border="0" cellpadding="1" cellspacing="0">
<form action="<? $_SERVER['PHP_SELF'] ?>" method="post">
<tr>
<td>Email:</td>
<td><input type="text" name="email"></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td> </td>
<td align="right"><input type="submit" name="generate" value="Maak nieuw password!" style="width:170px;"></td>
</tr>
</form>
</table>
<?
}
?>
</body>
</html>[/code]
--[-- style.css --]--
[code]/* LoginSysteem V1.1 */
body {
background-color:#FFFFFF;
font-family:Tahoma, Arial, sans-serif;
font-size:10pt;
color:#666666;
text-decoration:none;
}
input, textarea, select {
background-color:#FFFFFF;
border:1px solid #DEDEDE;
font-family:Tahoma, Arial, sans-serif;
font-size:10pt;
color:#666666;
text-decoration:none;
}
td {
font-family:Tahoma, Arial, sans-serif;
font-size:10pt;
color:#666666;
text-decoration:none;
}
a:link,a:visited,a:active {
color:#666666;
text-decoration:underline;
}
a:hover {
color:#000099;
text-decoration:none;
}[/code]
Reacties
0