mosakabe @ ウィキ
Logintest
最終更新:
mosakabe
-
view
<?php require_once( '/geo_cgi_private/bin/login_common.php' ); if( has_loggedin() ) redirect(); if( isset( $_POST['user'], $_POST['pass'] ) && certify( $_POST['user'], $_POST['pass'] ) ){ set_login_cookie( $_POST['user'] ); redirect(); } ?> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Login</title> </head> <body> <form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <table width="90%" height="20%" border="0" align="center"><tr><td> <div align="center"><table> <?php if( array_key_exists( 'user', $_POST ) ){ ?> <tr><td align="center" colspan="2"><font color=red>Invalid ID or Password. Please try again.</font><br><br></td></tr> <?php } ?> <tr><td align="right"><font face="Arial">ID</font></td><td><input type="text" name="user"></td> <tr><td align="right"><font face="Arial">Password</font></td><td><input type="password" name="pass"></td> <tr><td align="center" colspan="2"><br><input type="submit" value="login"></td></tr> </table></div> </tr></td></table> <input type="hidden" name="done" value="<?php echo $_REQUEST['done']; ?>"> <input type="hidden" name="sign" value="<?php echo $_REQUEST['sign']; ?>"> </form> </body> </html>
<?php define( 'LOGIN_PAGE', '/login.php' ); define( 'DB_DIR','/geo_cgi_private/db/' ); define( 'USER_DB','user.db' ); define( 'C_SEPA', '&' ); define( 'C_NAME', 'l' ); if( !file_exists( DB_DIR ) ) mkdir( DB_DIR ); function has_loggedin(){ if( !isset( $_COOKIE[C_NAME] ) ) return false; list( $user, $time, $sign ) = split( C_SEPA, $_COOKIE[C_NAME] ); return ( $sign != '' && $sign === md5( $user . $time ) ); } function get_passward_hash( $user_id ){ if( !$db = @dba_popen( DB_DIR.USER_DB , "r", "db3" ) ) return false; $ph = dba_fetch( $user, 1, $db ); dba_close( $db ); if( !$ph ) return false; return $ph; } function certify( $user_id, $passward ){ if( !$db = @dba_popen( DB_DIR . USER_DB , "r", "db3" ) ) return false; $ph = dba_fetch( $user_id, 1, $db ); dba_close( $db ); return $ph === md5( $passward ); } function set_login_cookie( $user_id ){ echo $user_id; $time = time(); $sign = md5( $user_id . $time ); $cookie_string = join( C_SEPA, array( $user_id, $time, $sign ) ); setcookie( C_NAME, $cookie_string ); } function redirect(){ $sign = md5( file_get_contents( DB_DIR.USER_DB ) ); if( isset( $_REQUEST['done'], $_REQUEST['sign'] ) && $_REQUEST['sign'] === $sign ){ header( 'Location: ' . $_REQUEST['done'] ); }else{ header( 'Location: /' ); } exit; } ?>
<?php require_once( '/geo_cgi_private/bin/login_common.php' ); if( !has_loggedin() ){ $sign = md5( file_get_contents( DB_DIR.USER_DB ) ); $param = '?done=' . $_SERVER['PHP_SELF'] . '&sign=' . $sign; header( 'Location: ' . LOGIN_PAGE . $param ); exit(); } ?>