php 2009 cyberty ru script does check auth data and gets user URL if h

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
<?php
// (c) 2009 cyberty.ru ;-)
/*
script does check auth data and gets user's URL if he were authorized.
*/
session_start();
/*if ($_SESSION['loggedin'] <> 1) {
header("Location: /php/checkform.php?login=1");
exit;
}*/
$title = "myUrlCollectioner v0.1b";
$space = " ";
$users = "users.txt";
$urls = "urls.txt";
echo "<html>\n";
echo "<head>\n$space<title>$title</title>\n</head>\n";
echo "<body>\n";
echo "$space<h1>$title</h1>\n";
echo "$space<!--\n"; print_r($_FILES); echo "-->\n";
if ((isset($_GET["login"])) and ($_GET["login"] == 1)) {
echo "$space<form id=\"login\" name=\"flogin\" method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
$space = " ";
echo "$space<input id=\"username\" name=\"username\" type=\"text\" size=\"20\" title=\"Имя пользователя\" />\n";
echo "$space<br />\n";
echo "$space<input id=\"usrpassw\" name=\"usrpassw\" type=\"password\" size=\"20\" title=\"Пароль\" />\n";
echo "$space<br />\n";
echo "$space<input id=\"file_ok\" type=\"submit\" width=\"20\" value=\"Войти\"/>\n";
$space = " ";
echo "$space</form>\n";
//echo md5("admin");
}
if (isset($_POST["username"])) {
// Триггеры
$userexists = 0;
$passwright = 0;
// Ищем пользователя
$username = $_POST["username"];
$filecontents = file($users);
foreach ($filecontents as $line) {
if (preg_match("/^([\w\d]+)\s+([\w\d]+)/", $line, $matches)) {
if ($matches[1] == $username) {
$userexists = 1; break;
}
}
}
// Если пользователь есть, сравниваем пароли
if ($userexists == 1) {
if (isset($_POST["usrpassw"])) {
$usrpassw = $_POST["usrpassw"];
foreach ($filecontents as $line) {
if (preg_match("/^([\w\d]+)\s+([\w\d]+)/", $line, $matches)) {
if (($matches[1] == $username) and ($matches[2] == md5($usrpassw))) {
if (!isset($_SESSION['loggedin'])) $_SESSION['loggedin'] = 1;
break;
}
}
}
}
} else {
echo "Пользователь не существует.\n";
}
}
// Если учётные данные введены верно, выводим текст
if (($_SESSION['loggedin'] == 1) and (!isset($_GET['url']))) {
echo "$space<h2>Welcome!</h2>\n";
echo "$space<form id=\"managing\" name=\"fmanaging\" enctype=\"multipart/form-data\" method=\"GET\" action=\"".$_SERVER['PHP_SELF']."\">\n";
$space = " ";
echo "$space<input id=\"url\" name=\"url\" type=\"text\" size=\"40\" title=\"URL\" />\n";
echo "$space<br />\n";
echo "$space<input id=\"file_ok\" type=\"submit\" width=\"20\" value=\"Отправить\"/>\n";
$space = " ";
echo "$space</form>\n";
} else {
echo "$space<form id=\"login\" name=\"flogin\" method=\"POST\" action=\"".$_SERVER['PHP_SELF']."\">\n";
$space = " ";
echo "$space<input id=\"username\" name=\"username\" type=\"text\" size=\"20\" title=\"Имя пользователя\" />\n";
echo "$space<br />\n";
echo "$space<input id=\"usrpassw\" name=\"usrpassw\" type=\"password\" size=\"20\" title=\"Пароль\" />\n";
echo "$space<br />\n";
echo "$space<input id=\"file_ok\" type=\"submit\" width=\"20\" value=\"Войти\"/>\n";
$space = " ";
echo "$space</form>\n";
//echo md5("admin");
}
if (($_SESSION['loggedin'] == 1) and (isset($_GET['url']))) {
$fp = fopen($urls, "a-");
fwrite($fp, $_GET['url'] . "\n");
fclose($fp);
unset($_SESSION['loggedin']);
echo "$space<h2>Good luck!</h2>\n";
}
echo "</body>\n";
echo "</html>\n";
?>