Page 1 of 1

home made CMS - works in old layout not new.

Posted: Tue Feb 12, 2008 7:52 pm
by gaogier
hello

The CMS admin panel will not work in the new layout, it keeps saying that i need to login.

The only thing i have changed is, header to diffhead (which you can see in the code now) and difffooter from footer.

Code: Select all

<?php
include ('diffhead.inc');
 
if(isset($_POST['submit'])){
    if(empty($_POST['username'])){
        $username = FALSE;
        $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            No username entered.
                            <BR>Please Try again<br />
                            </table><br /><br />';
    }else{
        $username = escape_data($_POST['username']);
    }
    if(empty($_POST['password'])){
        $password = FALSE;
        $message1 = '<br /><table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            No password entered.
                            <BR>Please Try again<br />
                            </table><br /><br />';
    }else{
        $password1 = escape_data($_POST['password']);
        $password = md5($password1);        
    }
    //echo $password1 .' ' .$password. ' ' .$username;
    if($username && $password){
        require_once ('../mysql1_connect1.php');
        $query = "SELECT user_id, username, user_email, user_active, user_password, user_sitemod FROM phpbb_users WHERE username='$username' AND user_password='$password' AND user_sitemod = '1'";
        $result = mysql_query ($query);
        $row = mysql_fetch_array ($result);
        if(mysql_num_rows($result) > 0)
                {
                    $_SESSION['user_sitemod'] = $row['user_sitemod'];
                    $_SESSION['user_avatar'] = $row['user_avatar'];
                    $_SESSION['user_email'] = $row['user_email'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['user_id'] = $row['user_id'];
                    //ob_end_clean();
                //  include('diffhead.inc');
                    include ('admin.inc');
                    echo '<p>You\'ve logged in successfully.</p>';
                    include('difffooter.inc');
                }else{
                    $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            The login combination you entered was not found. 
                            <BR>Please Try again<br />
                            </table><br /><br />';      
                    }
    
    
    }
}
 
echo '<font face=verdana size=2 color=#3FC7C9> <b>Login</b></font><br /><br />'.$message.$message1.'
Your browser must allow cookies in order to login.<br />';
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                            <table width=98% bgcolor=#f5f8ff class=blueborder align=center><tr>
                            <td width=40><img src=images/keylogin.gif></td>
                            <td align=right>                            
                            <B>Username:</B> <br /><br />
                            <B>Password:</B> <br /></td>
                            <td align=left>
                            <input type="text" name="username" size="10" maxlength="20" class="login" value ="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />&nbsp;&nbsp;<small><i>Please enter your username</small></i><br /><br />                          
                            <input type="password" name="password" size="20" maxlength="20" class="login"/>&nbsp;&nbsp;<small><i>Please enter your password</small></i></td></tr>
                            <tr><td width=40></td><td align="center"><input type="submit" name="submit" class="login" value="Login" /></td></tr>
                            </table><br /><br />
</form>
<?php
include ('difffooter.inc');
?>
it is not giving the error message... but if you change all the diffhead back to header and difffooter back to footer it will work... why?

Re: home made CMS - works in old layout not new.

Posted: Thu Feb 14, 2008 2:43 pm
by andym01480
no session_start() and you are not checking for the user already being logged in by checking the session. You seem to be checking the form is submitted each time it runs. And if you had logged in already, it would ask you to login because you are not posting the form each time!

Plus Without posting the different headers and footers we wouldn't be able to spot anything!

You could do with tabulating your if statements to make it easier to read too.