Логин система + Admin Panel

Автор: oXteR

Логин система Veryhappy

admin.php

<?php
ob_start();
session_start();
require("top.php");
if($_SESSION['logged'] != '73de8dhas7'){
header("location:login.php");
}


$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = str_replace("<?php /*&", "", str_replace("&*/?>", "", fread($_handle, filesize($_filename))));
fclose($_handle);


$_divide = explode("&", $_contents);

$_records = 0;
while($_divide[$_records] != ''){
$_records++;
}


$_array = 0;
while($_divide[$_array] != ''){
list($username5, $password5, $email5, $admin5) = explode(";", $_divide[$_array]);
if($_SESSION['username'] == $username5){
if($admin5 == '1' && $_SESSION['username'] == $username5){
$_SESSION['admin'] = 'df83hfg7ds';
}else{
header("location:login.php?do=admin");
exit;
}
}else{
if($_records <= $_array){
header("location:login.php");
exit;
}
}
$_array++;
}

if($_SESSION['admin'] == 'df83hfg7ds'){
$_array6 = 0;
echo "<center>";
echo "<br><b> Welcome to the Admin Control Panel!</b><br>";
echo "<br><a href=edit.php><b>Edit the main page</b></a><br><br>";
echo "<table>";
echo "<tr><td><b>Name</b></td><td><b>Password</b></td><td><b>E-Mail</b></td><td><b>Admin</b></td><td><b>Admin Options</b></td><td><b>Action</b></td></tr>";
while($_divide[$_array6] != ''){
list($username6, $password6, $email6, $admin6) = explode(";", $_divide[$_array6]);
echo "<tr><td>".$username6."</td><td>".$password6."</td><td><a href='mailto:$email6'>".$email6."</a></td><td>";
if($admin6 == '1'){
echo "Yes</td><td><a href='?do=take_right&user=".$username6."'>Take right</a>";
}else{
echo "No</td><td><a href='?do=give_right&user=".$username6."'>Give right</a>";
}
echo "</td><td><a href='?do=delete&user=".$username6."'>Delete</td></tr>";
$_array6++;
}
echo "</table>";
include("newuser.php");

if($_GET['do'] == 'delete'){
$_user = $_GET['user'];
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = fread($_handle, filesize($_filename));
fclose($_handle);

$_divide = explode("&", $_contents);

$_delete = 0;
while($_divide[$_delete] != ''){
list($username7, $password7, $email7, $admin7) = explode(";", $_divide[$_delete]);
if($username7 == $_user){
$_data = $username7.";".$password7.";".$email7.";".$admin7."&";
}
$_delete++;
}

$_string = str_replace($_data, "", $_contents);
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_string);
fclose($_handle);
header("location:admin.php");
}

if($_GET['do'] == 'give_right'){
$_user = $_GET['user'];
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents4 = fread($_handle, filesize($_filename));
fclose($_handle);

$_divide2 = explode("&", $_contents4);

$_right = 0;
while($_divide2[$_right] != ''){
list($username, $password, $email, $admin) = explode(";", $_divide2[$_right]);
if($username == $_user){
if($admin != '1'){
$_data = "&".$username.";".$password.";".$email.";1&";
$_old = "&".$username.";".$password.";".$email.";0&";
$_string = str_replace($_old, $_data, $_contents4);
}
}
$_right++;
}
if($_string != ''){
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_string);
fclose($_handle);
}
header("location:admin.php");
}

if($_GET['do'] == 'take_right'){
$_user2 = $_GET['user'];
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents2 = fread($_handle, filesize($_filename));
fclose($_handle);

$_divide3 = explode("&", $_contents2);

$_right2 = 0;
while($_divide3[$_right2] != ''){
list($username2, $password2, $email2, $admin2) = explode(";", $_divide3[$_right2]);
if($username2 == $_user2){
if($admin2 != '0'){
$_data2 = "&".$username2.";".$password2.";".$email2.";0&";
$_old2 = "&".$username2.";".$password2.";".$email2.";1&";
$_string2 = str_replace($_old2, $_data2, $_contents2);
}
}
$_right2++;
}
if($_string2 != ''){
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_string2);
fclose($_handle);
}
header("location:admin.php");
}
}else{
header("location:login.php");
}
?>

edit.php

<?php
ob_start();
require("top.php");
if($_SESSION['admin'] != 'df83hfg7ds'){
header("location:login.php?do=admin");
exit;
}
echo "<center><br><b><a href='admin.php'>Back to the Admin CP</a></b><br>";
echo "<form method=post action=" . $_SERVER['PHP_SELF'] . "><input type=hidden name=action value=1><textarea cols=60 rows=20 name=edit class=textarea>";
$file = "index.php";
$fh = fopen($file, 'r');
$theData = fread($fh, filesize($file));
echo $theData;
fclose($fh);
echo "</textarea><br><br><input type=submit value=Save class=black></form>";
if($_POST['action'] == '1')
{
$fh = fopen($file, 'w') or die("can't open file");

$stringData = $_POST['edit'];
fwrite($fh,stripslashes($stringData));
fclose($fh);
header("Location: edit.php");
}
echo "</center>";
?>

index.php

<?php
ob_start();
session_start();
require("top.php");
if (file_exists("setup.php")) {
header('Location:setup.php');
exit;
}
if($_SESSION['logged'] != '73de8dhas7'){
header("location:login.php");
exit;
}
echo "<br><center>";
echo "<b>Welcome :))).</b><br><br>This is the password protected page.";

?>

login.php

<?php
ob_start();
session_start();
require("top.php");
if (file_exists("setup.php")) {
header('Location:setup.php');
exit;
}
echo "<br><center>";
echo "<form method='post' action='".$_SERVER['PHP_SELF']."'>";
echo "<table>";
echo "<tr><th>Username:</th><th><input type='text' name='username' class=form value='".$_POST['username']."'></th></tr>";
echo "<tr><th>Password:</th><th><input type='password' name='password' class=form></th></tr>";
echo "<input type='hidden' name='action' value='1'>";
echo "</table>";
echo "<input type='submit' value='Login' class=black>";
echo "</form>";

if($_POST['action']=='1'){
$_username = $_POST['username'];
$_password = $_POST['password'];
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = fread($_handle, filesize($_filename));
fclose($_handle);
$_divide = explode("&", $_contents);
$_array = 0;
while($_divide[$_array] != ''){
list($username, $password, $email, $admin) = explode(";", $_divide[$_array]);

if($username == $_username){
if($password == $_password){
// Set sessions and redirect
$_SESSION['logged'] = '73de8dhas7';
$_SESSION['username'] = $_username;
if ($admin == '1'){
$_SESSION['admin'] = 'df83hfg7ds';
}
header("location:index.php");
}else{
$_echo = "<br><b>Your username or password is incorrect</b><br>";
}
}else{
$_echo = "<br><b>Your username or password is incorrect</b><br>";
}

$_array++;
}

echo $_echo;

}

if($_GET['do'] == 'logout'){
$_SESSION['logged'] = '';
$_SESSION['username'] = '';
$_SESSION['admin'] = '';
header("location:login.php?do=alogout");
}
if($_GET['do'] == 'alogout'){
echo "<br><br><b>You have logged out</b><br>";
}
if($_GET['do'] == 'admin'){
echo "<br><b>Error: You're not an Admin!</b><br>";
}

if($_GET['do'] == 'new'){
echo "<br><b>Congratulations! Your account has been created!</b><br>";
}
?>

logindata.php оставяме празно !

members.php

<?php
ob_start();
session_start();
require("top.php");
if (file_exists("setup.php")) {
header('Location:setup.php');
exit;
}
$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = str_replace("<?php /*&", "", str_replace("&*/?>", "", fread($_handle, filesize($_filename))));
fclose($_handle);

$_divide = explode("&", $_contents);
$_records = 0;
while($_divide[$_records] != ''){
$_records++;
}
$_array = 0;
echo "<br><center>";
echo "<table>";
echo "<tr><td><b><center>Username</b></center></td><td><b><center>E-Mail</b></center></td></tr>";
while($_divide[$_array] != ''){
list($username5, $password5, $email5, $admin5) = explode(";", $_divide[$_array]);
echo "<tr><td>".$username5."</td><td><a href=mailto:".$email5.">".$email5."</a></td>";
$_array++;
}
echo "</table>";
?>

newuser.php

<?php
ob_start();
session_start();
if($_SESSION['admin'] != 'df83hfg7ds'){
header("location:login.php?do=admin");
exit;
}
echo "<center>";
echo "<form method='post' action='".$_SERVER['PHP_SELF']."'>";
echo "<table>";
echo "<tr><th><b>Username</b></th><th><b>Password</b></th><th><b>E-Mail</b></th><th><b>Admin (yes | no)</b></th></tr>";
echo "<tr><th><input type='text' name='username' class=form value='".$_POST['username']."'></th><th><input type='text' name='password' class=form value='".$_POST['password']."'></th><th><input type='text' name='email' class=form value='".$_POST['email']."'></th><th><input type='text' name='admin' class=form value='".$_POST['admin']."'></th></tr>";
echo "<input type='hidden' name='action' value='1'>";
echo "</table>";
echo "<input type='submit' value='Create New User' class=black>";
echo "</form>";
if($_POST['action'] == '1'){

$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = fread($_handle, filesize($_filename));
fclose($_handle);

$_divide = explode("&", $_contents);

if($_POST['username'] == '' || $_POST['password'] == '' || $_POST['email'] == '' || $_POST['admin'] == ''){
$_echo = "<br><b>Fill in all the fields!</b><br>";
}else{
$_array = 0;
while($_divide[$_array] != ''){
list($_username, $_password, $_email, $_admin) = explode(";", $_divide[$_array]);
if($_username == $_POST['username']){
$_echo = "<br><b>Username already exists</b><br>";
}
$_array++;
}
if($_echo != '<br><b>Username already exists</b><br>'){
if ((ereg('[^A-Za-z0-9]', $_POST['username'])) || (ereg('[^A-Za-z0-9]', $_POST['password']))){
$_echo = "<br><b>Please erase any illegal characters from the username and password fields (Space,._-/\{}, etc)";
}else{
if($_POST['admin'] == no){

$_data = $_POST['username'].";".$_POST['password'].";".str_replace(";", "", str_replace("<", "", str_replace(">", "", $_POST['email']))).";0&";
$_contents = str_replace("*/?>", "", $_contents);
$_data = $_contents.$_data."*/?>";
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_data);
fclose($_handle);
$_echo = "<br><b>Done.</b>";
header("location:admin.php");
}
if($_POST['admin'] == yes){

$_data = $_POST['username'].";".$_POST['password'].";".str_replace(";", "", str_replace("<", "", str_replace(">", "", $_POST['email']))).";1&";
$_contents = str_replace("*/?>", "", $_contents);
$_data = $_contents.$_data."*/?>";
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_data);
fclose($_handle);
$_echo = "<br><b>Done</b>";
header("location:admin.php");
}else{
$_echo = "<br><b>Admin values are <u>yes</u> or <u>no</u></b><br>";
}
}
}
}
}
echo $_echo;
?>

register.php

<?php
ob_start();
session_start();
require("top.php");
if (file_exists("setup.php")) {
header('Location:setup.php');
exit;
}
if($_SESSION['logged'] == '73de8dhas7'){
echo "<center><br><b><u>Error</u>: <i>You are already registered!!!</i></b></center>";
exit;
}
echo "<br><center>";
echo "<form method='post' action='".$_SERVER['PHP_SELF']."'>";
echo "<table>";
echo "<tr><th>Username:</th><th><input type='text' name='username' class=form value='".$_POST['username']."'></th></tr>";
echo "<tr><th>Password:</th><th><input type='password' name='password' class=form ></th></tr>";
echo "<tr><th>Confirm password:</th><th><input type='password' name='confirmpassword' class=form ></th></tr>";
echo "<tr><th>Email:</td><th><input type='text' name='email' class=form value='".$_POST['email']."'></th></tr>";
echo "<input type='hidden' name='action' value='1'>";
echo "</tr></table>";
echo "<input type='submit' value='Register' class=black>";
echo "</form>";
if($_POST['action'] == '1'){

$_filename = "logindata.php";
$_handle = fopen($_filename, "r");
$_contents = fread($_handle, filesize($_filename));
fclose($_handle);

$_divide = explode("&", $_contents);

if($_POST['username'] == '' || $_POST['password'] == '' || $_POST['email'] == ''){
$_echo = "<br><b>Fill in all the fields!</b><br>";
}else{
if($_POST['password'] != $_POST['confirmpassword']){
$_echo = "<br><b>Passwords do not match</b><br>";
}else{
$_array = 0;
while($_divide[$_array] != ''){
list($_username, $_password, $_email, $_admin) = explode(";", $_divide[$_array]);
if($_username == $_POST['username']){
$_echo = "<br><b>Username has been taken</b><br>";
}
$_array++;
}
if($_echo != '<br><b>Username has been taken.</b><br>'){
if ((ereg('[^A-Za-z0-9]', $_POST['username'])) || (ereg('[^A-Za-z0-9]', $_POST['password']))){
$_echo = "<br><b>Please erase any illegal characters from the username and password fields (Space,._-/\{}, etc)";
}else{
$_data = $_POST['username'].";".$_POST['password'].";".str_replace(";", "", str_replace("<", "", str_replace(">", "", $_POST['email']))).";0&";
$_contents = str_replace("*/?>", "", $_contents);
$_data = $_contents.$_data."*/?>";
$_filename = 'logindata.php';
$_handle = fopen($_filename, 'w');
fwrite($_handle, $_data);
fclose($_handle);
$_echo = "<br><b>Done</b><br>";
header("location:login.php?do=new");
}
}
}
}
echo $_echo;
}
?>

top.php

<link rel="stylesheet" type="text/css" href="style.css" />
<?php
session_start();
echo "<html><head><title>PHP Login System - CS Mod by The 008</title><meta http-equiv=Content-Type content=\"text/html; charset=windows-1251\"></head>\n";
echo "<center><br><br><br><font size=2>";
if($_SESSION['logged'] != '73de8dhas7')
{
echo "<a href=login.php><img src=images/login.gif></a><a href=register.php><img src=images/register.gif></a><a href=members.php><img src=images/members.gif></a>";
}
if($_SESSION['logged'] == '73de8dhas7' )
{
echo "<a href=index.php><img src=images/main.gif></a><a href=members.php><img src=images/members.gif></a>";
if($_SESSION['admin'] == 'df83hfg7ds')
{
echo "<a href=admin.php><img src=images/admincp.gif></a>";
}
echo "<a href=login.php?do=logout><img src=images/logout.gif></a>";
}
echo "<br><br></font></center>";
?>

style.css

<style type="text/css">
<!--
html, body {
height: 100%;
padding: 2px 15px 2px 15px;
margin-left: auto;
margin-right: auto;
margin-bottom: 10px;
}
table { border-collapse: collapse;
margin-left: auto;
margin-right: auto;
margin-bottom: 10px;
}
body {
background: #4C5844;;
font-family: Tahoma;
font-size: 12px;
color: white;
}
th { padding: 2px 15px 2px 15px;
background-color: #4C5844;
text-decoration: none;
text-align: center;
font-size: 12px;
border: solid #889180 0px;}
td { padding: 2px 15px 2px 15px;
text-align: center;
font-size: 12px;
background-color: #4C5844;
border: solid #889180 1px;}

img{ border:0;}
a {
font-family: Tahoma;
color: C4B550;
text-decoration: none;
font-size: 12px;
}
a:visited {
color: C4B550;
text-decoration: none;
}
a:hover {
color: C4B550;
text-decoration: none;
}
a:active {
color: C4B550;
text-decoration: none;
}

.form {
font-family : Tahoma, Verdana, Arial ;
border-color:#889180;
border-top: #282E22;
border-left: #282E22;
border-right: #889180;
border-bottom: #889180;
color: #ffffff;
border-style:solid;
border-width:1px;
background-color : #3E4637;
}

.textarea {
font-family : Verdana, Tahoma, Arial ;
color: white;
border-color:#838383;
border-style:solid;
border-width:1px;
background-color : #4C5844;
}
.black {
font-family : Tahoma, Verdana, Arial ;
border-color:#889180;
border-right: #282E22;
border-bottom: #282E22;
border-top: #889180;
border-left: #889180;
color: #C4B550;
border-style:solid;
border-width:1px;
background-color: #4C5844; }
</style>

Вашият коментар