mi3dot.org :: View topic - kako do one sheme ?

Forum FAQ

Memberlist

Forum ignore list

Profile

kako do one sheme ?

This forum is locked: you cannot post, reply to, or edit topics.

This topic is locked: you cannot edit posts or make replies.

mi3dot.org Forum Index -> Server-side

View previous topic :: View next topic

Author

Message

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 25.12.2004 19:34 Post subject: kako do one sheme ?

oj.. vidin da ste uspili iznervirat posejdona ..ono sa redirektom ... e zanima me ako možete podijelit tu tajnu..kako ... triba mi da doveden u red jednog lika na mom forumu tenks allot
_________________ happiest boi newer!

che.UP
mi3.crew

Joined: 07 Sep 2003
Posts: 2320
Location: zagreb

Posted: 25.12.2004 22:32 Post subject:

ne znam kak je izvedeno ovdje al misim da mozes na principu if user_id = user id koji ti smeta, header location stavis di oces :) to je ovako, ideja samo i morao bi pronac u forumu dio za login i taj kod ubacit tamo...
_________________ UP \| TypeTester \| Accommodations App Meni u Firefox-u ne radi AJAX

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 26.12.2004 15:44 Post subject:

mislin da kužin..tenks dude
_________________ happiest boi newer!

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 26.12.2004 15:51 Post subject:

ipak ne

..

aj ako ti nije tlaka..možda da mi daš samo neke smjernice Smile

Code:

<?php
/***************************************************************************
* login.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: login.php,v 1.47.2.17 2004/11/18 17:49:35 acydburn Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
 $username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
 $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

 $sql = "SELECT user_id, username, user_password, user_active, user_level
 FROM " . USERS_TABLE . "
 WHERE username = '" . str_replace("\\'", "''", $username) . "'";
 if ( !($result = $db->sql_query($sql)) )
 {
 message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
 }

 if( $row = $db->sql_fetchrow($result) )
 {
 if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
 {
 redirect(append_sid("index.$phpEx", true));
 }
 else
 {
 if( md5($password) == $row['user_password'] && $row['user_active'] )
 {
 $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

 $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

 if( $session_id )
 {
 $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
 redirect(append_sid($url, true));
 }
 else
 {
 message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
 }
 }
 else
 {
 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
 $redirect = str_replace('?', '&', $redirect);

 if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 {
 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 }

 $template->assign_vars(array(
 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
 );

 $message = $lang['Error_login'] . ' ' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . ' ' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

 message_die(GENERAL_MESSAGE, $message);
 }
 }
 }
 else
 {
 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
 $redirect = str_replace("?", "&", $redirect);

 if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
 {
 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
 }

 $template->assign_vars(array(
 'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
 );

 $message = $lang['Error_login'] . ' ' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . ' ' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

 message_die(GENERAL_MESSAGE, $message);
 }
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
 if( $userdata['session_logged_in'] )
 {
 session_end($userdata['session_id'], $userdata['user_id']);
 }

 if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
 {
 $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
 $url = str_replace('&', '&', $url);
 redirect(append_sid($url, true));
 }
 else
 {
 redirect(append_sid("index.$phpEx", true));
 }
}
else
{
 $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
 redirect(append_sid($url, true));
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] )
{
 $page_title = $lang['Login'];
 include($phpbb_root_path . 'includes/page_header.'.$phpEx);

 $template->set_filenames(array(
 'body' => 'login_body.tpl')
 );

 if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
 {
 $forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

 if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
 {
 $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
 $forward_match = explode('&', $forward_to);

 if(count($forward_match) > 1)
 {
 $forward_page = '';

 for($i = 1; $i < count($forward_match); $i++)
 {
 if( !ereg("sid=", $forward_match[$i]) )
 {
 if( $forward_page != '' )
 {
 $forward_page .= '&';
 }
 $forward_page .= $forward_match[$i];
 }
 }
 $forward_page = $forward_match[0] . '?' . $forward_page;
 }
 else
 {
 $forward_page = $forward_match[0];
 }
 }
 }
 else
 {
 $forward_page = '';
 }

 $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

 $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';

 make_jumpbox('viewforum.'.$phpEx, $forum_id);
 $template->assign_vars(array(
 'USERNAME' => $username,

 'L_ENTER_PASSWORD' => $lang['Enter_password'],
 'L_SEND_PASSWORD' => $lang['Forgotten_password'],

 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

 'S_HIDDEN_FIELDS' => $s_hidden_fields)
 );

 $template->pparse('body');

 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
 redirect(append_sid("index.$phpEx", true));
}

}

?>

_________________
happiest boi newer!

PsychoPod

Joined: 05 Oct 2003
Posts: 166

Posted: 26.12.2004 20:43 Post subject:

mislim da on misli nekako ovako

Code:

If (phpbb_user_id = user_id) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}

samo saznas ID od usera, to ne bi trebao biti problem. i rjesis ga tako.

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 26.12.2004 20:47 Post subject:

zaakon al di bi to točno triba ubacit ili s čim zaminit e i btw. šta ako iman nekoliko usera koje želin 'zawebavat' ..kako onda ajd tenks allot
_________________ happiest boi newer!

blind*dragon

Joined: 05 Jan 2004
Posts: 46

Posted: 26.12.2004 20:55 Post subject:

keko wrote:

zaakon

al di bi to točno triba ubacit ili s čim zaminit Very Happy

e i btw. šta ako iman nekoliko usera koje želin 'zawebavat' ..kako onda Smile

ajd tenks allot

pa najbanalnije dodaš:

Code:

elesif($phpbb_user_id ==$ user_id2){...}

ili

Code:

If (($phpbb_user_id == $user_id) or ($phpbb_user_id == $user_id2) or ... ) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}

Last edited by blind*dragon on 26.12.2004 21:00; edited 1 time in total

_________________
blind dragon

njava
mi3.crew

Joined: 25 Aug 2003
Posts: 624
Location: Zagreb

Posted: 26.12.2004 20:58 Post subject:

PsychoPod wrote:

mislim da on misli nekako ovako

Code:

If (phpbb_user_id = user_id) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}

samo saznas ID od usera, to ne bi trebao biti problem. i rjesis ga tako.

bolja je redirekcija sa header() funkcijom, desava se na serveru, a meta refresh na klijentu

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 26.12.2004 23:07 Post subject:

e al opet mi niste rekli di da to ubacin
_________________ happiest boi newer!

PsychoPod

Joined: 05 Oct 2003
Posts: 166

Posted: 27.12.2004 04:35 Post subject:

istina, bolje je sa header funkcijom. ali nemoj moj kod doslovno shvatiti jer sam ga ilustracijski napisao. cak nebi ni radio da sam varijable dobro napisao. prvo provjeri varijable, napisi kako treba kod i onda ubaci u index.php u header. add on: ili bi trebao u file koji se inkluda u sve ostale .php stranice. tako da ne uleti sirovim napadom na forum. mozda common.php? pitaj mi3-ovce. oni su izjebali ovaj phpbb da vise ni sam ne zna da je phpbb osim to mu pise u footeru

keko

Joined: 06 May 2004
Posts: 531
Location: Split

Posted: 27.12.2004 12:52 Post subject:

hehe... ona da vas cujen mitrovci kako glasi kood
_________________ happiest boi newer!

Display posts from previous:

	mi3dot.org Forum Index -> Server-side	All times are GMT + 1 Hour
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum