Page 1 of 1

Help with this script

Posted: Thu Apr 02, 2009 6:17 pm
by Lorena
Hi to all of you.

I have a big problem.

I found a cool code to use it like a user cliente login. If it's the correct user and pass, it will redirect you to the sites. The code works great, but then, the guy who did this, he tells you in the read.txt, that if you want to prevent open directly you can put another code in the protected site.

THE PROBLEM?

The login works fine, it redirects you and all, but when I put the code in my protected site it works if I try to open directly (it's blocked), but if i do the login, it doesn't work, it stills continue blocked, I mean, it redirects you but doesn't open the site depending on my login.

Gonna put you first the login.php and then the test.php where you have to put the code for preventing opening the site directly.

Here is the code, the login.php
# Change below to suit your needs
#
##############################################################################
# See readme.txt for more info
##############################################################################
ob_start(); //for header redirection
define('DACIO_LOGIN', true); //define a constant for security on visited site

/*
//put this code into your visited file or site to prevent open from
//other scripts or links rather, than this login
if (!defined('DACIO_LOGIN')) {
die ("You can't access this file directly...");
}
*/

##############################################################################
//-- configuration --//

//-- language text --//
$lng_text['empty field'] = "Field \"username\" or \"password\" is empty! Please fill in the form.";
$lng_text['wrong_login'] = "Incorrect \"username\" or \"password\"!";
$lng_text['username'] = "Username";
$lng_text['password'] = "Password";
$lng_text['code'] = "Code";
$lng_text['re-enter'] = "Re-enter code";
$lng_text['error_code'] = "Wrong entered random code! Re-enter it again.";

##############################################################################
//-- user groups --//
$nr_user_groups = 2; //how many usergroups you have bellow?
##############################################################################
//-- username and password --//
//-- $groupX_users = array("username1"=>"password1","username2"=>"password2",...); --//

//-- user group #1 --//
$user_group1 = array("demo1"=>"demo","admin"=>"admin");
$redirect_type_g1 = 1; //open [0: file] or [1: url type] to redirect after login
$file_g1 = "readme.txt"; //enter file to logon to
$url_redirect_g1 = "http://www.mysite.com/testfile.php"; //enter url where to redirect

//-- user group #2 --//
$user_group2 = array("test2"=>"test","guest"=>"guest");
$redirect_type_g2 = 0; //open [0: file] or [1: url type] to redirect after login
$file_g2 = "testfile.php"; //enter file to logon to
$url_redirect_g2 = "http://mysite.com"; //enter url where to redirect

//-- ... and so on and so on ... --//
##############################################################################

$use_generator = 1; //use security code generator [0: NO] or [1: YES]

//-- fetch post data from form after process --//
//-- if there isn't register_globals=on in php.ini --//
//-- you can look for this in phpinfo() --//
$user = $_POST['user'];
$pass = $_POST['pass'];
$submit = $_POST['submit'];
$code = $_POST['code'];
$generator = $_POST['generator'];
$output_code = $_POST['output_code'];

##############################################################################
?>
<html>
<head>
<title>Dacio's Login v2.3</title>
<style type="text/css">
a.noga {text-decoration: none; color: #000000; font-family: Verdana, Arial, Helvetica; font-size: smaller; }
a.noga:hover {text-decoration: none; color: #336600; font-family: Verdana, Arial, Helvetica; font-size: smaller; }
font.noga {font: normal 10px verdana, georgia, serif; color: #000000; text-decoration: none;}
</style>
</head>

<body bgcolor="#FFFFFF">
<center>
<font face="Verdana">
<table width="300" align="center" border="0" bgcolor="#FFFFFF" cellspacing="0" cellpadding="0">
<tr></tr>
<tr><td>
<h3>&nbsp;</h3>
<table width="" align="Center" cellpadding="0" cellspacing="0" bgcolor="" border="0" bordercolor="">
<tr>
<td>
<font size="-1">
<?
if (!$submit) {
?>
<!-- login form -->
<form action="<? $PHP_SELF ?>" method="POST">
<table align="Center" border="0" cellpadding="2" cellspacing="0">
<tr>
<td align="Right">
<font size="-1"><?=$lng_text['username']?>:</font>
</td>
<td>
<input name="user" type="Text" size="15">
</td>
</tr>
<tr>
<td align="Right">
<font size="-1"><?=$lng_text['password']?>:</font>
</td>
<td>
<input name="pass" type="Password" size="15">
</td>
</tr>
<?
##### Hex code generator #####
if ($use_generator == 1) {
?>
<tr>
<td align="Right">
<font size="-1"><?=$lng_text['code']?>:</font>
</td>
<td>
<?
$hex_num = mt_rand(0,0xffffff); // trust the library, love the library...
$output_code = sprintf("%06x",$hex_num); // muchas smoochas to you, PHP!
?>
<input name="output_code" type="Text" size="15" value="<?=$output_code?>" readonly="readonly" disabled="disabled">
<input name="generator" type="hidden" value="<?=$output_code?>">
</td>
</tr>
<tr>
<td align="Right">
<font size="-1"><?=$lng_text['re-enter']?>:</font>
</td>
<td>
<input name="code" type="Text" size="15">
</td>
</tr>
<?
} //end if generator
##### END Hex code generator #####
?>
<tr>
<td colspan="2" align="right">
<input name="submit" type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
<!-- end login form -->

<?
} else {

//check if fields are empty
if (trim($user) == null || trim($pass) == null) {
echo "<h4 align=center>".$lng_text['empty field']."</h4>";
}

//if code generator is enabled
else {
//check security code with entered one
if ($use_generator == 1 && $generator == $code) {
//true
$gen_true = True;
} elseif ($use_generator == 0) {
//true
$gen_true = True;
} else {
//false
$gen_true = False;
echo "<h4 align=center>".$lng_text['error_code']."</h4>";
}

//if code generator is correct
if ($gen_true === True) {

$j = False; //false username or password

//check if username and passwords are correct
//X user groups, magictrick
for ($i=1; $i<=$nr_user_groups; $i++) {
foreach (${"user_group".$i} as $k => $v) {
if ($k == $user && $v == $pass) {
if (${"redirect_type_g".$i} == 0) {
include ${"file_g".$i};
$j = True;
break;
} else {
header("Location: ".${"url_redirect_g".$i});
exit;
} //end if
} //end if
} //end foreach
} //end for

//no or wrong username or password
if ($j === False) echo "<h4 align=center>".$lng_text['wrong_login']."</h4>";

} //end $gen_true
} //end else empty fields
} //end else form
?>
</td>
</tr>
</table>
<p align="center"><font face="verdana" size="-1" class="noga"><b>
</b></font></p>

</td></tr>
<tr></tr>
</table>

</font>
</center>
</body>
</html>
<?ob_end_flush();?>
<?

?>
Ok, here is the test.php, where you have to put the code and in fact it doesn't have to open directly, but if you do the correct login, it will.
<?
##############################################################################
# Dacio's Login v2.3
# Copyright 2007 by Dacio dacio30@gmail.com
# Created 09.01.2004
# Modified 5.8.2008
# Kopica idej ;-) / Stack of ideas ;-)
# Dacio's PHP scripts http://kopicaidej.underground.si/
#
# This script is free to use and modify.
# Email me if u find it useful at:
# http://kopicaidej.underground.si/index.php?kontakt=mail
#
# Change below to suit your needs
#
##############################################################################
# See readme.txt for more info
##############################################################################
ob_start();

if (!defined('DACIO_LOGIN')) {
die ("You can't access this file ...");
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>tester dacio login - redirect</title>
</head>
<body>
tester success
</body>
</html>
<?
ob_end_flush();

?>
I don't know what is wrong.

Hope you can help me guys.

Thanks!

Re: Help with this script

Posted: Sat Apr 04, 2009 9:54 am
by temidayo
I guess the problem of the script has to do with the configuration aspect.

Why dont you e-mail the writer, since his email is there?