self.php

1. <?php
2. session_start();
3. $password = "passhere";
4.  
5. if( isset($_GET['action']) && $_GET['action'] == 'logout') {
6.     session_start();
7.     session_destroy();
8.     header("location: self.php");
9.     exit();
10. }
11.  
12. if ( (isset($_POST['mdp']) AND $_POST['mdp'] == $password ) OR $_SESSION['is_logged_in'] ) {
13.     $_SESSION['is_logged_in'] = true;
14. } else {
15.     $_SESSION['is_logged_in'] = false;
16. }
17.  
18.  
19. if ($_SESSION['is_logged_in']) {
20.  
21.     ?>
22.     <!--Log out button-->
23.     <a href="self.php?action=logout">Log Out</a>
24.     <?php
25.  
26.     if(isset($_GET['action']) && $_GET['action'] == 'save') {
27.         if(isset($_POST['txtpage'])) {
28.             $ttp = $_POST['txtpage'];
29.             file_put_contents("test.php", $ttp);
30.         }
31.     }
32.  
33.     $page = file_get_contents('./test.php', FILE_USE_INCLUDE_PATH);
34. ?>
35.  
36. <!--Save form-->
37. <form id="send_form" action="self.php?action=save" method="post">
38.     <textarea rows="15" cols="50" id="txtpage" name="txtpage" ><?php echo htmlentities($page); ?></textarea>
39.     <input type="submit" value="Send"  />
40. </form>
41.  
42.  
43. <?php
44. } else {
45. ?>
46.  
47. <!--Login form-->
48. <form action="self.php" method="post">
49. <p>
50.     <input type="password" name="mdp" />
51.     <input type="submit" value="Access" />
52. </p>
53. </form>
54.  
55. <?php
56. }
57. ?>