Oakii
10-12-2004, 01:39 AM
http://www.mikeholloway.co.uk
I found this PHP member's area script, the members section looks very nice, however there is no instruction on how to access the admin panel (there is an registered admin already, where would I find the password?, no database required)
index
<?php
session_start(); // Maintain session state
header("Cache-control: private"); // Fixes IE6's back button problem.
// Are we logged in, or logging in?
if(@$_SESSION['user']) header("location: login.php");
else{
?>
<html>
<head>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<title>members area: mike holloway</title>
</head>
<body onload = "document.getElementById('user').focus();">
<form method = "post" action = "login.php">
<table border = "0" cellspacing = "0" cellpadding = "10" width = "50%" align = "center" style = "height: 100%;">
<tr>
<td colspan = "3" valign = "bottom">
<span class = "bold">members area, v: 3.0</span> <br>
<?php
// Get user count
$file = file("users.php");
$userCount = 0;
for($line = 0; $line < sizeof($file); $line++){
if("//" != substr($file[$line], 0, 2)) $userCount++;
}
?>
<span class = "hilight">we have</span> <span class = "bold hilight"><?php print $userCount; ?></span> <span class = "hilight">members and growing!</span>
</td>
</tr>
<tr>
<td colspan = "3" height = "5%">
<a href = "addUser.php">signup</a>
<?php
// Check if we need to add a message
if(@$_GET["fail"]) echo "| <span class = 'alert'>Incorrect username or password</span>";
elseif(@$_GET["logout"]) echo "| <span class = 'alert'>Successfully logged out</span>";
elseif(@$_GET["new"]) echo "| <span class = 'alert'>Successfully registered</span>";
?>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
username:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "user" name = "user" style = "width: 80%" class = "text" tabindex = "1">
</td>
<td rowspan = "2" width = "16" height = "16" align = "right" valign = "bottom">
<input type = "image" src = "next.gif" width = "16" height = "16" name = "submit" alt = "arrow pointing right: next" tabindex = "3">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
password:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" name = "pass" style = "width: 80%" class = "text" tabindex = "2">
</td>
</tr>
<tr>
<td colspan = "3" valign = "top" style = "color: #cccccc;">
freeware by: <a href = "http://www.mikeholloway.co.uk" target = "_blank">mike holloway<a/>, 2003.
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
sign up
<?php
session_start(); // Maintain session state
header("Cache-control: private"); // Fixes IE6's back button problem.
// Dont allow members to go to add user page
if(@$_SESSION['user']) header("location: login.php");
elseif(@$_POST['user']){
// Get and set vars (without html characters)
$user = htmlspecialchars(strtolower($_POST["user"]));
$pass = htmlspecialchars($_POST["pass"]);
$permission = 0; // Default: user, until admin changes
$email = htmlspecialchars($_POST["email"]);
$url = htmlspecialchars($_POST["url"]);
// Add dots to date
if($_POST["day"]) $dob = $_POST["day"]. ".". $_POST["month"]. ".". $_POST["year"];
else $dob = false;
$location = htmlspecialchars($_POST["location"]);
$joined = $_POST["joined"];
// Create the string to append
$string = "\r\n". $user. "<del>". md5($pass). "<del>". $permission. "<del>". $email. "<del>". $url. "<del>". $dob. "<del>". $location. "<del>". $joined;
// Make sure username doesn't already exist
//-----------------------------------------
// Include the flat-file
$file = file("users.php") or die("Problem getting the user details flat-file [users.php]");
// Get the size of file
$totalLines = sizeof($file);
// Get the users details line by line
$line = 0;
$match = 0;
do{
// Check the line isn't a comment
if("//" != substr($file[$line], 0, 2)){
// Break our records up
@list($username, $password, $permission, $email, $url, $dob, $location, $joined) = explode("<del>", $file[$line]);
// Check the username and passwords match
if((strtolower($user) == strtolower($username))) $match = 1;
else $match = 0;
}
// Exit loop if match found
if($match) break;
// Increment line count
$line++;
} while($line < $totalLines);
// Only add new user if a match is not found
if($match){
?>
<script language = "javascript" type = "text/javascript">
<!-- // Go back
alert("Username already taken, taking you back to choose another");
history.go(-1);
-->
</script>
<?php
}
else{
// Open the users file
$fp = fopen("users.php", "a+");
// Append the new user to end of users file
fwrite($fp, $string);
// Close the file
fclose($fp);
// Redirect to index
header("location: index.php?new=1");
}
}
else{
?>
<html>
<head>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<title>members area: mike holloway</title>
</head>
<body onload = "document.getElementById('user').focus();">
<form method = "post" action = "<?php print($_SERVER['PHP_SELF']); ?>">
<table border = "0" cellspacing = "0" cellpadding = "10" width = "50%" align = "center" style = "height: 100%;">
<tr>
<td colspan = "3" valign = "bottom">
<span class = "bold">join our member list!</span> <br>
<span class = "hilight">hilighted text are required fields</span>
</td>
</tr>
<tr>
<td colspan = "3" height = "5%">
<a href = "index.php">back</a>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight">username:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "user" name = "user" style = "width: 80%" class = "text" tabindex = "1">
</td>
<td rowspan = "7" width = "16" height = "16" align = "right" valign = "bottom">
<input type = "hidden" name = "joined" value = "<?php print(date("d.m.Y H:i:s", mktime())); ?>">
<input type = "Image" src = "next.gif" width = "16" height = "16" name = "submit" alt = "arrow pointing right: next" border = "0" align = "top" onfocus = "return checkFields();" tabindex = "10"></a>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight">password:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" id = "pass" name = "pass" style = "width: 80%" class = "text" tabindex = "2">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight"> confirm password:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" id = "pass2" name = "pass2" style = "width: 80%" class = "text" tabindex = "3">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
email:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "email" name = "email" style = "width: 80%" class = "text" tabindex = "4">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
http://
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "url" name = "url" style = "width: 80%" class = "text" tabindex = "5">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
date of birth:
</td>
<td width = "70%" height = "10" valign = "bottom">
<span class = "bold">d: </span><input type = "text" id = "day" name = "day" size = "2" class = "text" maxlength = "2" tabindex = "6"> <span class = "bold">m: </span><input type = "text" id = "month" name = "month" size = "2" class = "text" maxlength = "2" tabindex = "7"> <span class = "bold">y: </span><input type = "text" id = "year" name = "year" size = "4" class = "text" maxlength = "4" tabindex = "8">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
location:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "location" name = "location" style = "width: 80%" class = "text" tabindex = "9">
</td>
</tr>
<tr>
<td colspan = "3" valign = "top">
</td>
</tr>
</table>
</form>
<script language = "javascript" type = "text/javascript">
<!--// Check field values are correct before submitting
function checkFields(){
var flag = 1; // Return flag
// Check for empty values in important fields first
if(!document.getElementById("user").value || !document.getElementById("pass").value || !document.getElementById("pass2").value){
alert("Please enter values in the following:\n\nUSERNAME\nPASSWORD\nCONFIRM PASSWORD");
document.getElementById("user").focus();
return true;
}
// Check that passwords are the same
else if(document.getElementById("pass").value != document.getElementById("pass2").value){
alert("Please enter two matching passwords");
document.getElementById("pass").value = '';
document.getElementById("pass2").value = '';
document.getElementById("pass").focus();
return true;
}
// Check the day / month / year fields if there's a value in one of them
else if(document.getElementById("day").value || document.getElementById("month").value || document.getElementById("year").value){
// Check day first
if((isNaN(document.getElementById("day").value)) || (document.getElementById("day").value > 31) || (document.getElementById("day").value < 1)){
alert("Please enter a valid day in the DOB field");
document.getElementById("day").value = '';
document.getElementById("day").focus();
return true;
}
// Check month next
else if((isNaN(document.getElementById("month").value)) || (document.getElementById("month").value > 12) || (document.getElementById("month").value < 1)){
alert("Please enter a valid month in the DOB field");
document.getElementById("month").value = '';
document.getElementById("month").focus();
return true;
}
// Finally the year
else if((isNaN(document.getElementById("year").value)) || (document.getElementById("year").value >= <?php print date("Y", mktime()); ?>) || (document.getElementById("year").value < 1)){
alert("Please enter a valid year in the DOB field");
document.getElementById("year").value = '';
document.getElementById("year").focus();
return true;
}
else flag = 0;
}
else flag = 0;
// One final check if the others went through fine
if(!flag){
if(document.getElementById("email").value){
// Finally, check the email
if(document.getElementById("email").value.indexOf("@") == -1 || document.getElementById("email").value.indexOf(".") == -1){
alert("If entering an email addy, please make sure it is valid");
document.getElementById("email").focus();
return true;
}
else return false;
}
else return false;
}
}
-->
</script>
</body>
</html>
<?php
}
?>
users
// username, password, permission, email, url, dob, location, joined
admin<del>5f4dcc3b5aa765d61d8327deb882cf99<del>2<del><del><del><del><del>27.12.2003 12:41:06
I found this PHP member's area script, the members section looks very nice, however there is no instruction on how to access the admin panel (there is an registered admin already, where would I find the password?, no database required)
index
<?php
session_start(); // Maintain session state
header("Cache-control: private"); // Fixes IE6's back button problem.
// Are we logged in, or logging in?
if(@$_SESSION['user']) header("location: login.php");
else{
?>
<html>
<head>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<title>members area: mike holloway</title>
</head>
<body onload = "document.getElementById('user').focus();">
<form method = "post" action = "login.php">
<table border = "0" cellspacing = "0" cellpadding = "10" width = "50%" align = "center" style = "height: 100%;">
<tr>
<td colspan = "3" valign = "bottom">
<span class = "bold">members area, v: 3.0</span> <br>
<?php
// Get user count
$file = file("users.php");
$userCount = 0;
for($line = 0; $line < sizeof($file); $line++){
if("//" != substr($file[$line], 0, 2)) $userCount++;
}
?>
<span class = "hilight">we have</span> <span class = "bold hilight"><?php print $userCount; ?></span> <span class = "hilight">members and growing!</span>
</td>
</tr>
<tr>
<td colspan = "3" height = "5%">
<a href = "addUser.php">signup</a>
<?php
// Check if we need to add a message
if(@$_GET["fail"]) echo "| <span class = 'alert'>Incorrect username or password</span>";
elseif(@$_GET["logout"]) echo "| <span class = 'alert'>Successfully logged out</span>";
elseif(@$_GET["new"]) echo "| <span class = 'alert'>Successfully registered</span>";
?>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
username:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "user" name = "user" style = "width: 80%" class = "text" tabindex = "1">
</td>
<td rowspan = "2" width = "16" height = "16" align = "right" valign = "bottom">
<input type = "image" src = "next.gif" width = "16" height = "16" name = "submit" alt = "arrow pointing right: next" tabindex = "3">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
password:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" name = "pass" style = "width: 80%" class = "text" tabindex = "2">
</td>
</tr>
<tr>
<td colspan = "3" valign = "top" style = "color: #cccccc;">
freeware by: <a href = "http://www.mikeholloway.co.uk" target = "_blank">mike holloway<a/>, 2003.
</td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
?>
sign up
<?php
session_start(); // Maintain session state
header("Cache-control: private"); // Fixes IE6's back button problem.
// Dont allow members to go to add user page
if(@$_SESSION['user']) header("location: login.php");
elseif(@$_POST['user']){
// Get and set vars (without html characters)
$user = htmlspecialchars(strtolower($_POST["user"]));
$pass = htmlspecialchars($_POST["pass"]);
$permission = 0; // Default: user, until admin changes
$email = htmlspecialchars($_POST["email"]);
$url = htmlspecialchars($_POST["url"]);
// Add dots to date
if($_POST["day"]) $dob = $_POST["day"]. ".". $_POST["month"]. ".". $_POST["year"];
else $dob = false;
$location = htmlspecialchars($_POST["location"]);
$joined = $_POST["joined"];
// Create the string to append
$string = "\r\n". $user. "<del>". md5($pass). "<del>". $permission. "<del>". $email. "<del>". $url. "<del>". $dob. "<del>". $location. "<del>". $joined;
// Make sure username doesn't already exist
//-----------------------------------------
// Include the flat-file
$file = file("users.php") or die("Problem getting the user details flat-file [users.php]");
// Get the size of file
$totalLines = sizeof($file);
// Get the users details line by line
$line = 0;
$match = 0;
do{
// Check the line isn't a comment
if("//" != substr($file[$line], 0, 2)){
// Break our records up
@list($username, $password, $permission, $email, $url, $dob, $location, $joined) = explode("<del>", $file[$line]);
// Check the username and passwords match
if((strtolower($user) == strtolower($username))) $match = 1;
else $match = 0;
}
// Exit loop if match found
if($match) break;
// Increment line count
$line++;
} while($line < $totalLines);
// Only add new user if a match is not found
if($match){
?>
<script language = "javascript" type = "text/javascript">
<!-- // Go back
alert("Username already taken, taking you back to choose another");
history.go(-1);
-->
</script>
<?php
}
else{
// Open the users file
$fp = fopen("users.php", "a+");
// Append the new user to end of users file
fwrite($fp, $string);
// Close the file
fclose($fp);
// Redirect to index
header("location: index.php?new=1");
}
}
else{
?>
<html>
<head>
<link rel = "stylesheet" type = "text/css" href = "style.css">
<title>members area: mike holloway</title>
</head>
<body onload = "document.getElementById('user').focus();">
<form method = "post" action = "<?php print($_SERVER['PHP_SELF']); ?>">
<table border = "0" cellspacing = "0" cellpadding = "10" width = "50%" align = "center" style = "height: 100%;">
<tr>
<td colspan = "3" valign = "bottom">
<span class = "bold">join our member list!</span> <br>
<span class = "hilight">hilighted text are required fields</span>
</td>
</tr>
<tr>
<td colspan = "3" height = "5%">
<a href = "index.php">back</a>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight">username:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "user" name = "user" style = "width: 80%" class = "text" tabindex = "1">
</td>
<td rowspan = "7" width = "16" height = "16" align = "right" valign = "bottom">
<input type = "hidden" name = "joined" value = "<?php print(date("d.m.Y H:i:s", mktime())); ?>">
<input type = "Image" src = "next.gif" width = "16" height = "16" name = "submit" alt = "arrow pointing right: next" border = "0" align = "top" onfocus = "return checkFields();" tabindex = "10"></a>
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight">password:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" id = "pass" name = "pass" style = "width: 80%" class = "text" tabindex = "2">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
<span class = "hilight"> confirm password:</span>
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "password" id = "pass2" name = "pass2" style = "width: 80%" class = "text" tabindex = "3">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
email:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "email" name = "email" style = "width: 80%" class = "text" tabindex = "4">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
http://
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "url" name = "url" style = "width: 80%" class = "text" tabindex = "5">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
date of birth:
</td>
<td width = "70%" height = "10" valign = "bottom">
<span class = "bold">d: </span><input type = "text" id = "day" name = "day" size = "2" class = "text" maxlength = "2" tabindex = "6"> <span class = "bold">m: </span><input type = "text" id = "month" name = "month" size = "2" class = "text" maxlength = "2" tabindex = "7"> <span class = "bold">y: </span><input type = "text" id = "year" name = "year" size = "4" class = "text" maxlength = "4" tabindex = "8">
</td>
</tr>
<tr>
<td width = "30%" height = "10" valign = "bottom">
location:
</td>
<td width = "70%" height = "10" valign = "bottom">
<input type = "text" id = "location" name = "location" style = "width: 80%" class = "text" tabindex = "9">
</td>
</tr>
<tr>
<td colspan = "3" valign = "top">
</td>
</tr>
</table>
</form>
<script language = "javascript" type = "text/javascript">
<!--// Check field values are correct before submitting
function checkFields(){
var flag = 1; // Return flag
// Check for empty values in important fields first
if(!document.getElementById("user").value || !document.getElementById("pass").value || !document.getElementById("pass2").value){
alert("Please enter values in the following:\n\nUSERNAME\nPASSWORD\nCONFIRM PASSWORD");
document.getElementById("user").focus();
return true;
}
// Check that passwords are the same
else if(document.getElementById("pass").value != document.getElementById("pass2").value){
alert("Please enter two matching passwords");
document.getElementById("pass").value = '';
document.getElementById("pass2").value = '';
document.getElementById("pass").focus();
return true;
}
// Check the day / month / year fields if there's a value in one of them
else if(document.getElementById("day").value || document.getElementById("month").value || document.getElementById("year").value){
// Check day first
if((isNaN(document.getElementById("day").value)) || (document.getElementById("day").value > 31) || (document.getElementById("day").value < 1)){
alert("Please enter a valid day in the DOB field");
document.getElementById("day").value = '';
document.getElementById("day").focus();
return true;
}
// Check month next
else if((isNaN(document.getElementById("month").value)) || (document.getElementById("month").value > 12) || (document.getElementById("month").value < 1)){
alert("Please enter a valid month in the DOB field");
document.getElementById("month").value = '';
document.getElementById("month").focus();
return true;
}
// Finally the year
else if((isNaN(document.getElementById("year").value)) || (document.getElementById("year").value >= <?php print date("Y", mktime()); ?>) || (document.getElementById("year").value < 1)){
alert("Please enter a valid year in the DOB field");
document.getElementById("year").value = '';
document.getElementById("year").focus();
return true;
}
else flag = 0;
}
else flag = 0;
// One final check if the others went through fine
if(!flag){
if(document.getElementById("email").value){
// Finally, check the email
if(document.getElementById("email").value.indexOf("@") == -1 || document.getElementById("email").value.indexOf(".") == -1){
alert("If entering an email addy, please make sure it is valid");
document.getElementById("email").focus();
return true;
}
else return false;
}
else return false;
}
}
-->
</script>
</body>
</html>
<?php
}
?>
users
// username, password, permission, email, url, dob, location, joined
admin<del>5f4dcc3b5aa765d61d8327deb882cf99<del>2<del><del><del><del><del>27.12.2003 12:41:06