Scriptul original arata asa:
alter.php
Cod: Selectaţi tot
<?
$host = "localhost";
$user = "user_xhost_ro";
$pass = "parola";
$dbase = "user_xhost_ro";
$table = "users";
?>
Cod: Selectaţi tot
<?
include "connect.php";
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
@mysql_query("ALTER TABLE ".$table." ADD activated TINYINT DEFAULT '0' NOT NULL",$connection);
@mysql_query("UPDATE ".$table." SET activated=1",$connection);
@mysql_close($connection);
?>
Cod: Selectaţi tot
<?
include "connect.php";
if (isset($_POST['action']) && $_POST['action'] == 'reset') {
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
@mysql_query("DROP TABLE IF EXISTS ".$table,$connection);
@mysql_query("CREATE TABLE ".$table." (id SMALLINT(5) AUTO_INCREMENT PRIMARY KEY, username VARCHAR(45) NOT NULL, password TEXT NOT NULL, email VARCHAR(45) NOT NULL) TYPE=MyISAM",$connection);
}
?>
<html>
<head>
</head>
<body>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="action" value="reset">
<input type="submit" name="Submit" value="create / reset database">
</form>
</body>
</html>
Cod: Selectaţi tot
<?
session_start();
include "connect.php";
function check_account($username, $password) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT id FROM ".$table." WHERE username='".$username."' and password='".MD5($password)."' and activated=1",$connection);
if (@mysql_num_rows($query) != 0) {
return true;
} else {
return false;
}
@mysql_close($connection);
}
function account_email($username) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT email FROM ".$table." WHERE username='".$username."'",$connection);
$result= @mysql_fetch_array($query);
return $result['email'];
@mysql_close($connection);
}
if (!isset($_SESSION['auth'])) {
$_SESSION['auth'] = "logout";
}
if ((isset($_POST['action'])) && ($_POST['action'] == "login")) {
if (check_account(strip_tags($_POST['username']),strip_tags($_POST['password']))) {
$_SESSION['auth'] = "login";
$_SESSION['account']['username'] = strip_tags($_POST['username']);
$_SESSION['account']['email'] = account_email(strip_tags($_POST['username']));
} else {
echo "<span style=\"color: #FF0000\">Autentificare eronata !</span><br><br>";
}
}
if ((isset($_POST['action'])) && ($_POST['action'] == "logout")) {
$_SESSION['auth'] = "logout";
}
?>
<html>
<head>
</head>
<body>
<?
if ($_SESSION['auth'] == "logout") {
?>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
Username <input type="text" name="username"><br />
Password <input type="password" name="password"><br /><br />
<a href="create.php">register</a><br /><br />
<input type="hidden" name="action" value="login">
<input type="submit" name="Submit" value="login">
</form>
<?
} elseif ($_SESSION['auth'] == "login") {
echo "Username: ".$_SESSION['account']['username']."<br>";
echo "e-Mail: <span style=\"color: #FF0000;\">".$_SESSION['account']['email']."</span><br><br>";
?>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="action" value="logout">
<input type="submit" name="Submit" value="logout">
</form>
<?
}
?>
</body>
</html>
Cod: Selectaţi tot
<?
include "connect.php";
function getmicrotime(){
list($usec, $sec) = explode(" ",microtime());
return ((float)$usec + (float)$sec);
};
function valid_mail($email) {
if (!ereg("[^@]{1,64}@[^@]{1,255}", $email)) {
return false;
}
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++) {
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) {
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) {
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2) {
return false;
}
for ($i = 0; $i < sizeof($domain_array); $i++) {
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) {
return false;
}
}
}
return true;
}
function check_account($username,$email) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT id FROM ".$table." WHERE username='".$username."' OR email='".$email."'");
if (@mysql_num_rows($query) == 0) {
return true;
} else {
return false;
}
@mysql_close($connection);
}
function create_account($username, $password, $email) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
$tstamp = getmicrotime();
$primary = $_SERVER[REMOTE_ADDR];
$ffd = $_SERVER[HTTP_X_FORWARDED_FOR];
$secondary = explode(",", $ffd);
$ip = strlen($ffd) > 0 ? $secondary[0] : $primary;
@mysql_select_db($dbase);
@mysql_query("INSERT INTO ".$table." VALUES ('','".$username."','".MD5($password)."','".$email."','".$ip."','".$tstamp."','0')",$connection);
@mysql_close($connection);
}
function send_confirmation($password,$email) {
$account_addr = "contultau.xhost.ro"; // trebuie modificat cu adresa contului tau de pe xhost (fara prefix si/sau sufix)
$account_mail = "contutau@xhost.ro"; // trebuie modificat cu adresa de email a contului tau de pe xhost
$account_pass = "parola"; // trebuie modificat cu parola contului tau de pe xhost
$email_subject = "Activare cont ...";
$email_body = "Pentru activarea contului va trebui sa apasati pe link-ul de mai jos sau sa-l copiati si accesati in browser-ul dumneavoastra:"."\r\n"."\r\n";
$email_body .= "http://".$account_addr."/confirmation.php?id=".md5($password)."\r\n"."\r\n";
$email_body .= "Va multumim,"."\r\n";
$email_body .= "Echipa";
require_once("/allowrun/smtp.php");
smtpmail("localhost", 25, $account_mail, $account_pass, $account_mail, $email, $email_subject, $email_body);
}
if ((isset($_POST['action'])) && ($_POST['action'] == "create")) {
$_email_ = strip_tags($_POST['email']);
$_username_ = strip_tags($_POST['username']);
$_password_ = strip_tags($_POST['password']);
if (valid_mail($_email_)) {
if (check_account($_username_,$_email_)) {
create_account($_username_,$_password_,$_email_);
send_confirmation($_password_,$_email_);
echo "Contul a fost creat cu succes. Pentru a finaliza inregistrarea va rugam accesati link-ul de confirmare trimis pe adresa dumneavoastra de e-mail.<br><br>";
echo "<a href=\"index.php\">login</a>";
exit;
} else {
echo "Eroare: <span style=\"color: #FF0000\">Exista deja un utilizator cu acest nume sau aceasta adresa de e-Mail !</span><br><br>";
}
} else {
echo "Eroare: <span style=\"color: #FF0000\">Adresa de e-Mail nu este valida !</span><br><br>";
}
}
?>
<html>
<head>
</head>
<body>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
Username <input type="text" name="username"><br />
Password <input type="password" name="password"><br />
e-Mail <input type="text" name="email"><br /><br />
<input type="hidden" name="action" value="create">
<input type="submit" name="Submit" value="create">
</form>
</body>
</html>
Cod: Selectaţi tot
function check_account($username, $password) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT id FROM ".$table." WHERE username='".$username."' and password='".MD5($password)."' and activated=1",$connection);
if (@mysql_num_rows($query) != 0) {
return true;
} else {
return false;
}
@mysql_close($connection);
}
2) se uploadeaza fisierele
3)se creaza baza de date accesand fisierul setup.php si se acceseaza o singura data fisierul alter.php (nu stiu de ce asa a scris de unde l-am luat) apoi se sterg amvele.
4) trebuie sa te ocupi de partea de design
5) totul e gata
Eu nu ma prea pricep la php si am incercat sa modific numai connect.php si index.php care arata asa.
connect.php
Cod: Selectaţi tot
<?
$host = "localhost";
$user = "user_xhost_ro";
$pass = "parola";
$dbase = "user_xhost_ro";
$table = "phpbb_users";
?>
Cod: Selectaţi tot
<?
session_start();
include "new_user/connect.php";
function check_account($username, $user_password) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT id FROM ".$table." WHERE username='".$username."' and password='".MD5($user_password)."' and user_active=1",$connection);
if (@mysql_num_rows($query) != 0) {
return true;
} else {
return false;
}
@mysql_close($connection);
}
function account_details($username) {
global $host, $user, $pass, $dbase, $table;
$connection = @mysql_connect($host,$user,$pass);
@mysql_select_db($dbase);
$query = @mysql_query("SELECT * FROM ".$table." WHERE username='".$username."'",$connection);
$result= @mysql_fetch_array($query);
$_SESSION['account']['username'] = $result['username'];
$_SESSION['account']['user_email'] = $result['user_email'];
$_SESSION['account']['tstamp'] = date('d.m.Y | H:i:s',$result['user_regdate']);
@mysql_close($connection);
}
if (!isset($_SESSION['auth'])) {
$_SESSION['auth'] = "logout";
}
if ($_SESSION['auth'] == "login") {
header("Location: ".$user_file);
}
if ((isset($_POST['action'])) && ($_POST['action'] == "login")) {
if (check_account(strip_tags($_POST['username']),strip_tags($_POST['password']))) {
$_SESSION['auth'] = "login";
account_details(strip_tags($_POST['username']));
header("Location: ".$user_file);
} else {
echo "<span style=\"color: #FF0000\">Autentificare eronata !</span><br><br>";
}
}
if ((isset($_POST['action'])) && ($_POST['action'] == "logout")) {
$_SESSION['auth'] = "logout";
}
?>
<html>
<head>
</head>
<body>
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post">
Username <input type="text" name="username"><br />
Password <input type="password" name="password"><br /><br />
<a href="new_user/create.php">register</a><br /><br />
<input type="hidden" name="action" value="login">
<input type="submit" name="Submit" value="login">
</form>
</body>
</html>
Dar nu vrea sa mearga. Imi spune "Autentificare eronata". Nu stiu ce sa fac.
Ajutati-ma pls.
