View previous topic :: View next topic
Author
Message
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 25.12.2004 19:34 Post subject: kako do one sheme ?
oj..
vidin da ste uspili iznervirat posejdona ..ono sa redirektom ... e zanima me ako možete podijelit tu tajnu..kako ... triba mi da doveden u red jednog lika na mom forumu
tenks allot
_________________ happiest boi newer!
Back to top
che.UP mi3.crew Joined: 07 Sep 2003 Posts: 2320 Location: zagreb
Posted: 25.12.2004 22:32 Post subject:
ne znam kak je izvedeno ovdje al misim da mozes na principu if user_id = user id koji ti smeta, header location stavis di oces :)
to je ovako, ideja samo i morao bi pronac u forumu dio za login i taj kod ubacit tamo...
_________________UP | TypeTester | Accommodations App
Meni u Firefox-u ne radi AJAX
Back to top
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 26.12.2004 15:44 Post subject:
mislin da kužin..tenks dude
_________________ happiest boi newer!
Back to top
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 26.12.2004 15:51 Post subject:
ipak ne ..
aj ako ti nije tlaka..možda da mi daš samo neke smjernice
Code: <?php
/***************************************************************************
* login.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: login.php,v 1.47.2.17 2004/11/18 17:49:35 acydburn Exp $
*
*
***************************************************************************/
/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/
//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//
// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}
if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("index.$phpEx", true));
}
else
{
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}
if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
$url = str_replace('&', '&', $url);
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] )
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'login_body.tpl')
);
if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);
if(count($forward_match) > 1)
{
$forward_page = '';
for($i = 1; $i < count($forward_match); $i++)
{
if( !ereg("sid=", $forward_match[$i]) )
{
if( $forward_page != '' )
{
$forward_page .= '&';
}
$forward_page .= $forward_match[$i];
}
}
$forward_page = $forward_match[0] . '?' . $forward_page;
}
else
{
$forward_page = $forward_match[0];
}
}
}
else
{
$forward_page = '';
}
$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
make_jumpbox('viewforum.'.$phpEx, $forum_id);
$template->assign_vars(array(
'USERNAME' => $username,
'L_ENTER_PASSWORD' => $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],
'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
?>
_________________ happiest boi newer!
Back to top
PsychoPod Joined: 05 Oct 2003 Posts: 166
Posted: 26.12.2004 20:43 Post subject:
mislim da on misli nekako ovako
Code:
If (phpbb_user_id = user_id) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}
samo saznas ID od usera, to ne bi trebao biti problem. i rjesis ga tako.
Back to top
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 26.12.2004 20:47 Post subject:
zaakon
al di bi to točno triba ubacit ili s čim zaminit
e i btw. šta ako iman nekoliko usera koje želin 'zawebavat' ..kako onda
ajd tenks allot
_________________ happiest boi newer!
Back to top
blind*dragon Joined: 05 Jan 2004 Posts: 46
Posted: 26.12.2004 20:55 Post subject:
keko wrote: zaakon
al di bi to točno triba ubacit ili s čim zaminit
e i btw. šta ako iman nekoliko usera koje želin 'zawebavat' ..kako onda
ajd tenks allot
pa najbanalnije dodaš: Code: elesif($phpbb_user_id ==$ user_id2){...}
ili
Code:
If (($phpbb_user_id == $user_id) or ($phpbb_user_id == $user_id2) or ... ) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}
Last edited by blind*dragon on 26.12.2004 21:00; edited 1 time in total
_________________ blind dragon
Back to top
njava mi3.crew Joined: 25 Aug 2003 Posts: 624 Location: Zagreb
Posted: 26.12.2004 20:58 Post subject:
PsychoPod wrote: mislim da on misli nekako ovako
Code:
If (phpbb_user_id = user_id) {
echo " <meta http-equiv=\"refresh\" content=\"2;URL=www.mickeymouse.com/pissoff.php.\">";
}
samo saznas ID od usera, to ne bi trebao biti problem. i rjesis ga tako.
bolja je redirekcija sa header() funkcijom, desava se na serveru, a meta refresh na klijentu
Back to top
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 26.12.2004 23:07 Post subject:
e al opet mi niste rekli di da to ubacin
_________________ happiest boi newer!
Back to top
PsychoPod Joined: 05 Oct 2003 Posts: 166
Posted: 27.12.2004 04:35 Post subject:
istina, bolje je sa header funkcijom. ali nemoj moj kod doslovno shvatiti jer sam ga ilustracijski napisao. cak nebi ni radio da sam varijable dobro napisao. prvo provjeri varijable, napisi kako treba kod i onda ubaci u index.php u header.
add on: ili bi trebao u file koji se inkluda u sve ostale .php stranice. tako da ne uleti sirovim napadom na forum. mozda common.php? pitaj mi3-ovce. oni su izjebali ovaj phpbb da vise ni sam ne zna da je phpbb osim to mu pise u footeru
Back to top
keko Joined: 06 May 2004 Posts: 531 Location: Split
Posted: 27.12.2004 12:52 Post subject:
hehe... ona da vas cujen mitrovci kako glasi kood
_________________ happiest boi newer!
Back to top
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Powered by phpBB © 2001, 2005 phpBB Group