PDA

View Full Version : Admin Login. Reviews


Darko
October 30th, 2006, 15:35
i did a login script a couple days ago, and i really don't know what to think of it, sometimes i think it's pretty good, other time i just think it's stupid, so i'll just post it here, and see what you guys think.



<?
session_start();
$op = $_GET['op'];
include('include.php');
$template = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
<title>$websitename</title>
<style type=\"text/css\">
<!--
#login_box {
position:absolute;
top:200px;
width:300px;
height:200px;
z-index:1;
}
-->
</style>
</head>

<body>
<table width=\"100%\" height=\"100%\">
<tr>
<td width=\"30%\">
</td>
<td width=\"40%\" valign=\"middle\" align=\"center\">
<table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">
<tr>
<td align=\"center\" bgcolor=\"#006699\">
Admin Login
</td>
</tr>
<tr>
<td valign=\"middle\" align=\"center\" bgcolor=\"#00CCFF\">
$content
</td>
</tr>
</table>
</td>
<td width=\"30%\">
</td>
</tr>
</table>
</body>
</html>";
function secure_input ($sting)
{
$sting= strip_tags($name);
};

function login_admin()
{
global $websitename;
$form_expiration_date= $_POST['expiration_date'];
$expiration_date = time() + 3600;
if(isset($form_expiration_date))
{
$expiration_date = time()+ 60 * 60 * 24 * 30;
};
$form_username= $_POST['username'];
secure_input($form_username);
$form_password= $_POST['password'];
$form_password= md5($form_password);
$sql= mysql_query("SELECT * FROM `admin_table` WHERE `admin_username` = \"$form_username\" LIMIT 1");
$sqlr= mysql_numrows($sql);
if($sqlr != 1)
{
$content = "Authentication Failed";
echo $template;
exit;
};
$sql_password= mysql_result($sql, 0, "admin_password");
if($form_password != $sql_password)
{
$content = "Authentication Failed";
echo $template;
exit;
};
$admin_name= mysql_result($sql, 0, "admin_name");
$admin_username= mysql_result($sql, 0, "admin_username");
$admin_password= mysql_result($sql, 0, "admin_password");
$admin_last_login= mysql_result($sql, 0, "admin_last_login");
$admin_privilege= mysql_result($sql, 0, "admin_privilege");
setcookie("$websitename_admin_username", $admin_username, $expiration_date, 1);
setcookie("$websitename_admin_password", $admin_password, $expiration_date, 1);
setcookie("$websitename_admin_privilege", $admin_privilege, $expiration_date, 1);
setcookie("$websitename_admin_last_login", $admin_last_login, $expiration_date, 1);

$content = "Authentication Succeeded <br /> Welcome $admin_name <br /> Now You Access Your Admin Panel";

$stat = "logged in";

}
function admin_login_form()
{
global $websitename;
$content= "<form action=\"admin.php?op=login\" method=\"post\">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type=\"text\" name=\"username\" value=\"\" />
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type=\"password\" name=\"password\" value=\"\" />
</td>
</tr>
<tr>
<td colspan=\"2\">
<input type=\"checkbox\" name=\"checkbox\" value=\"yes\" /> Remember Me
</td>
</tr>
<tr>
<td colspan=\"2\" align=\"center\" />
<input type=\"submit\" name=\"submit\" value=\"login\" />
</td>
</tr>
</table>
</form>";
echo $template;
}

switch ($op)
{

default:
admin_login_form();
break;

case login:
login_admin();
break;
};
?>