sinakhan
دوشنبه 13 آذر 1391, 19:21 عصر
سلام
لطفا برای اینکه نیازی به وارد کردن کد امنیتی در هنگام ورود نباشد، من را راهنمایی فرمایید.
کد زیر مربوط به فایل loginpost.php است.
میخواهم کلاً کد امنیتی را هنگام ورود بردارم.
ممنون
<?php
session_start();
include_once("coms/include/global.php");
$ref = $_GET['ref'];
$la = $_GET['la'];
if (!$ref) {
$ref = base64_encode("{$root}/main/{$la}/index");
}
if ($_GET['mode'] == "exit") {
session_start();
unset($_SESSION['siteuser']);
unset($_SESSION['siteusername']);
unset($_SESSION['sitepass']);
unset($_SESSION['seccode']);
unset($siteuser);
unset($siteusername);
setcookie("coms", "", time() - 2592000);
header("Location:{$root}/dynamic.php?sys=login&la={$la}&mode=exit");
exit();
}
if (isset($_POST['txtuser'])) {
$code = $_POST['code'];
include("coms/include/libs/securimage/securimage.php");
$img = new securimage();
$valid = $img->check($code);
if ($valid == true) {
$txtpass = injection_replace($_POST['txtpass']);
$txtuser = injection_replace($_POST['txtuser']);
$query = "select * from members where user='{$txtuser}' and sit=1";
$result = mysql_db_query($dbname, $query, $RSconn);
$num = mysql_num_rows($result);
$RS = mysql_fetch_array($result);
$pass = $RS['pass'];
$name = $RS['name'];
$user_id = $RS['user_id'];
if ($num == 1 && md5($txtpass) == $pass) {
session_start();
$GLOBALS['_SESSION']['siteuserid'] = $user_id;
$GLOBALS['_SESSION']['siteuser'] = $txtuser;
$GLOBALS['_SESSION']['sitepass'] = md5($txtpass);
$GLOBALS['_SESSION']['seccode'] = md5($_SESSION['sitepass'] . $_SESSION['siteuser']);
$GLOBALS['_SESSION']['siteusername'] = $name;
$userExpTime = time() + 2592000;
setcookie("coms", $txtuser . "|" . md5($txtpass) . "|" . $userExpTime, $userExpTime, "", "", FALSE);
$start = mysql_time(time());
$query = "update members set logindate='{$start}' where user='{$txtuser}'";
mysql_db_query($dbname, $query, $RSconn);
$goto = base64_decode($ref);
header("Location:{$goto}");
} else {
header("Location:{$root}/dynamic.php?sys=login&la={$la}&user={$txtuser}&error=1&ref={$ref}");
}
} else {
header("Location:{$root}/dynamic.php?sys=login&la={$la}&user={$txtuser}&error=2&ref={$ref}");
}
}
?>
لطفا برای اینکه نیازی به وارد کردن کد امنیتی در هنگام ورود نباشد، من را راهنمایی فرمایید.
کد زیر مربوط به فایل loginpost.php است.
میخواهم کلاً کد امنیتی را هنگام ورود بردارم.
ممنون
<?php
session_start();
include_once("coms/include/global.php");
$ref = $_GET['ref'];
$la = $_GET['la'];
if (!$ref) {
$ref = base64_encode("{$root}/main/{$la}/index");
}
if ($_GET['mode'] == "exit") {
session_start();
unset($_SESSION['siteuser']);
unset($_SESSION['siteusername']);
unset($_SESSION['sitepass']);
unset($_SESSION['seccode']);
unset($siteuser);
unset($siteusername);
setcookie("coms", "", time() - 2592000);
header("Location:{$root}/dynamic.php?sys=login&la={$la}&mode=exit");
exit();
}
if (isset($_POST['txtuser'])) {
$code = $_POST['code'];
include("coms/include/libs/securimage/securimage.php");
$img = new securimage();
$valid = $img->check($code);
if ($valid == true) {
$txtpass = injection_replace($_POST['txtpass']);
$txtuser = injection_replace($_POST['txtuser']);
$query = "select * from members where user='{$txtuser}' and sit=1";
$result = mysql_db_query($dbname, $query, $RSconn);
$num = mysql_num_rows($result);
$RS = mysql_fetch_array($result);
$pass = $RS['pass'];
$name = $RS['name'];
$user_id = $RS['user_id'];
if ($num == 1 && md5($txtpass) == $pass) {
session_start();
$GLOBALS['_SESSION']['siteuserid'] = $user_id;
$GLOBALS['_SESSION']['siteuser'] = $txtuser;
$GLOBALS['_SESSION']['sitepass'] = md5($txtpass);
$GLOBALS['_SESSION']['seccode'] = md5($_SESSION['sitepass'] . $_SESSION['siteuser']);
$GLOBALS['_SESSION']['siteusername'] = $name;
$userExpTime = time() + 2592000;
setcookie("coms", $txtuser . "|" . md5($txtpass) . "|" . $userExpTime, $userExpTime, "", "", FALSE);
$start = mysql_time(time());
$query = "update members set logindate='{$start}' where user='{$txtuser}'";
mysql_db_query($dbname, $query, $RSconn);
$goto = base64_decode($ref);
header("Location:{$goto}");
} else {
header("Location:{$root}/dynamic.php?sys=login&la={$la}&user={$txtuser}&error=1&ref={$ref}");
}
} else {
header("Location:{$root}/dynamic.php?sys=login&la={$la}&user={$txtuser}&error=2&ref={$ref}");
}
}
?>