zahra-j
پنج شنبه 30 مرداد 1393, 02:25 صبح
سلام
میشه راهنمایی کنید که چرا این فایل درست کار نمی کنه. می خوام وقتی login میشه به صفحه manager.php بره؟
<?php
session_start();
ob_start();
include_once 'db.php';
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
if(isset($_POST['submit']))
{
if (isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token'])
{
$uname=$pdo -> quote($_POST['username']);
$pass=$pdo -> quote($_POST['password']);
$salt='$2a$07$uawx$hgtriniursaklt$';
$pass = sha1(md5($pass.$salt));
$uname = htmlspecialchars($uname);
$data=$pdo->prepare('SELECT * FROM login WHERE username=:username AND password=:password');
$data->execute(array('username' => $uname , 'password' => $pass));
$numrows= $data -> rowcount();
if($numrows == 1)
{ $rows= $data -> fetch(PDO::FETCH_ASSOC);
$_SESSION['USERNAME']=$rows['username'];
$_SESSION['USERID']=$rows['id'];
$ua=$_SERVER['HTTP_USER_AGENT'];
$ip=$_SERVER['REMOTE_ADDR'];
$id=session_id();
$all="$ua $ip $id";
$all=sha1($all);
$_SESSION['hash']=htmlspecialchars($all);
header("location:".$url."/managment/manager.php");
}
else
{
header("location:".$url."/managment/index.php?error=1");
}
}
else
{
header("location:".$url."/managment/index.php?error=1");
}
}
else
{
if(isset($_GET['error']))
{
echo 'نام کاربری و کلمه عبور شما معتبر نیست.';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>managment</title>
</head>
<body>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>" method="post">
<label>Username:</label><br />
<input type="text" name="username" /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br />
<input type="hidden" name="token" value="<?php echo $token ?>" />
<input type="submit" name="submit" value="Sign in" />
</form>
</body>
</html>
میشه راهنمایی کنید که چرا این فایل درست کار نمی کنه. می خوام وقتی login میشه به صفحه manager.php بره؟
<?php
session_start();
ob_start();
include_once 'db.php';
$token = md5(uniqid(rand(), TRUE));
$_SESSION['token'] = $token;
if(isset($_POST['submit']))
{
if (isset($_SESSION['token']) && isset($_POST['token']) && $_POST['token'] == $_SESSION['token'])
{
$uname=$pdo -> quote($_POST['username']);
$pass=$pdo -> quote($_POST['password']);
$salt='$2a$07$uawx$hgtriniursaklt$';
$pass = sha1(md5($pass.$salt));
$uname = htmlspecialchars($uname);
$data=$pdo->prepare('SELECT * FROM login WHERE username=:username AND password=:password');
$data->execute(array('username' => $uname , 'password' => $pass));
$numrows= $data -> rowcount();
if($numrows == 1)
{ $rows= $data -> fetch(PDO::FETCH_ASSOC);
$_SESSION['USERNAME']=$rows['username'];
$_SESSION['USERID']=$rows['id'];
$ua=$_SERVER['HTTP_USER_AGENT'];
$ip=$_SERVER['REMOTE_ADDR'];
$id=session_id();
$all="$ua $ip $id";
$all=sha1($all);
$_SESSION['hash']=htmlspecialchars($all);
header("location:".$url."/managment/manager.php");
}
else
{
header("location:".$url."/managment/index.php?error=1");
}
}
else
{
header("location:".$url."/managment/index.php?error=1");
}
}
else
{
if(isset($_GET['error']))
{
echo 'نام کاربری و کلمه عبور شما معتبر نیست.';
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>managment</title>
</head>
<body>
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES); ?>" method="post">
<label>Username:</label><br />
<input type="text" name="username" /><br />
<label>Password:</label><br />
<input type="password" name="password" /><br />
<input type="hidden" name="token" value="<?php echo $token ?>" />
<input type="submit" name="submit" value="Sign in" />
</form>
</body>
</html>