Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html lang="he">
- <head>
- <meta charset="utf-8"/>
- </head>
- <?
- //מחזירה את הסיסמא המוצפנת
- function PASSWORDO($pass)
- {
- $pass=$pass[0].$pass.$pass[0]; // ("1234" => "112341") הצפנה 1:
- $pass=md5($pass); //מצפין את ההצפנה בשיטת md5
- return $pass; //מחזיר pass משתנה
- }
- //בדיקת התאמת שם המשתמש והסיסמא
- function CheckUserPassword($user,$pass,$with_calc=true)
- {
- global $protect_user_group;
- if ($user=="" || $pass=="") //אם השם משתמש או הסיסמא ריקים
- return false;
- /*** התחברות למסד ***/
- $sql=@mysql_connect('sql307.000space.com','space_17351458','hpugrcho1') or die("<BR>ERROR: cannot connect to MySQL server!"); //מתחבר למסד
- @mysql_select_db("space_17351458_dbd",$sql) or die("<BR>ERROR: cannot use the DB!"); //בוחר מסד להתחברות
- $c_pass=($with_calc==true)?PASSWORDO($pass):$pass; //calculates the password if needed
- $res=@mysql_query("SELECT user FROM user_pass WHERE (user_group='".$protect_user_group."' AND user='".$user."' AND pass='".$c_pass."')",$sql) or die("<BR>ERROR: incorrect query!");
- if (mysql_num_rows($res)==1) //if we got a row, then we got a match
- return $c_pass; //returning a string of the password itself
- return false; //if we got to here, we got no row, then there is no match
- @mysql_close($sql);
- }
- /************************/
- /*** The Main Program ***/
- session_cache_limiter("nocache"); //sets the cache limiter for the session for the current script run (nocache => avoiding from the browser to save the content of the page in his cache, the page refreshes every time you enter)
- session_start(); //starting the session
- if (!isset($protect_user_group))
- $protect_user_group=0;
- if (!isset($_SESSION["auth_user_id".$protect_user_group]) && !isset($_SESSION["auth_password_id".$protect_user_group])) //if not authorized
- {
- $us=$_POST["auth_user_"];
- $ps=CheckUserPassword($_POST["auth_user_"],$_POST["auth_password_"]);
- if ($ps===false) //if user-password is not send or incorrect
- {
- echo "<DIV align=\"center\" dir=\"rtl\">\n\n";
- echo "<H2><FONT color=\"#CC0000\">דף מוגן !!!</FONT></H2><B>אינך מורשה לצפות בדף זה ללא היתר.</B><BR><BR>\n\n";
- /* Displaying the User-Password Form: */
- ?>
- <FORM action="<?= $_SERVER["PHP_SELF"]; ?>" method="POST">
- <TABLE width=200 cellpadding=5 cellspacing=0 border=0>
- <TR>
- <TD width=100>משתמש:</TD>
- <TD width=100><INPUT type="TEXT" name="auth_user_" value="<?= $us; ?>" style="width:95px;"></TD>
- </TR>
- <TR>
- <TD width=100>ססמא:</TD>
- <TD width=100><INPUT type="PASSWORD" name="auth_password_" style="width:95px;"></TD>
- </TR>
- <TR>
- <TD colspan=2 align="center"><INPUT type="SUBMIT" name="auth_button_enter" value=" הכנס "></TD>
- </TR>
- </TABLE>
- </FORM>
- <?
- if (isset($_POST["auth_button_enter"])) //if the user-password form was submitted
- echo "<B><FONT color=\"#FF0000\">שם המשתמש והססמא שגויים!</FONT></B><BR><BR>\n";
- echo "</DIV>\n\n";
- exit(); //stop the script, avoiding from sending the contents of the page
- }
- else //if the user-password that was entered is correct
- {
- $_SESSION["auth_user_id".$protect_user_group]=$us; //saves session variable
- $_SESSION["auth_password_id".$protect_user_group]=$ps; //saves session variable
- header("Location: "."/secondpage.php"); //reloading the page again, to avoid from the POST data of the form to be sent again on refresh
- }
- }
- elseif (CheckUserPassword($_SESSION["auth_user_id".$protect_user_group],$_SESSION["auth_password_id".$protect_user_group],false)===false) //checking the user-password from the session
- {
- /* If we got to here, then there are user and password saved in the session, but they do not match. */
- echo "<DIV align=\"center\" dir=\"rtl\"><H2><FONT color=\"#CC0000\">אינך מורשה להכנס לדף זה !!!</FONT></H2></DIV>\n";
- exit(); //stop the script
- }
- elseif ($_GET["logout"]=="true") //if we want to logout
- {
- session_unset("auth_user_id".$protect_user_group); //removing a session variable
- session_unset("auth_password_id".$protect_user_group); //removing a session variable
- header("Location: "."/firstpage.php"); //reloading the page again, to display the user-password form
- }
- /* If you got to here, then you are authorized! */
- ?>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement