Jump to content

Register Help

Jambuster

By Jambuster
in PHP Coding Help

 Share

Recommended Posts

Jambuster Newbie

Jambuster

Posted
Posted

Okay, I downloaded a PHP Script called RadiPanel which is a User System type thing and uploaded and installed it to my website. Now The problem with RadiPanel is, I have to add users/members to it as there is no registration process. So within the Admin page on RadiPanel I have taken the script out, now when I try view it as a "non logged in" user it just shows a white blank page, I was wondering if anyone here could determine just from the code below what I have to take out/delete in order for the public to view the page fully? Thanks guys :)

 

<?php

if( !preg_match( "/index.php/i", $_SERVER['PHP_SELF'] ) ) { die(); }

if( $_GET['id'] ) {

	$id = $core->clean( $_GET['id'] );

	$query = $db->query( "SELECT * FROM users WHERE id = '{$id}'" );
	$data  = $db->assoc( $query );

	$data['ugroups'] = explode( ",", $data['usergroups'] );

	$editid = $data['id'];

}

?>
<form action="" method="post" id="addUser">
	</div>

	<?php

		if( $_POST['submit'] ) {

			try {

				$username = $core->clean( $_POST['username'] );
				$password = $core->clean( $_POST['password'] );
				$email    = $core->clean( $_POST['email'] );
				$habbo    = $core->clean( $_POST['habbo'] );
				$dgroup   = $core->clean( $_POST['dgroup'] );

				$query    = $db->query( "SELECT * FROM usergroups" );

				while( $array = $db->assoc( $query ) ) {

					if( $_POST['ugroup-' . $array['id']] ) {

						$ugroups .= $array['id'] . ",";

					}

				}

				$password_enc = $core->encrypt( $password );

				if( !$username or ( !$password and !$editid ) or !$dgroup or !$ugroups ) {

					throw new Exception( "All fields are required." );

				}
				else {

					if( $editid ) {

						if( $password ) {

							$password = ", password = '{$password_enc}'";

						}
						else {

							unset( $password );

						}

						$db->query( "UPDATE users SET username = '{$username}'{$password}, email = '{$email}', habbo = '{$habbo}', displaygroup = '{$dgroup}', usergroups = '{$ugroups}' WHERE id = '{$editid}'" );

					}
					else {

						$db->query( "INSERT INTO users VALUES (NULL, '{$username}', '{$password_enc}', '{$email}', '{$habbo}', '{$dgroup}', '{$ugroups}');" );

					}

					echo "<div class=\"square good\">";
					echo "<strong>Success</strong>";
					echo "<br />";
					echo "User added!";
					echo "</div>";

				}

			}
			catch( Exception $e ) {

				echo "<div class=\"square bad\">";
				echo "<strong>Error</strong>";
				echo "<br />";
				echo $e->getMessage();
				echo "</div>";

			}

		}

	?>

	<table width="100%" cellpadding="3" cellspacing="0">
		<?php

			$query = $db->query( "SELECT * FROM usergroups" );

			while( $array = $db->assoc( $query ) ) {

				if( in_array( $array['id'], $data['ugroups'] ) ) {

					$groups[$array['id'] . '_active'] = $array['name'];

				}
				else {

					$groups[$array['id']] = $array['name'];

				}

				if( $array['id'] == $data['displaygroup'] ) {

					$dgroups[$array['id'] . '_active']  = $array['name'];

				}
				else {

					$dgroups[$array['id']]  = $array['name'];

				}

			}

			echo $core->buildField( "text",
									"required",
									"username",
									"Username",
									"The new username.",
									$data['username'] );

			echo $core->buildField( "password",
									"<?php if( !$editid ) { ?>required<?php } ?>",
									"password",
									"Password",
									"The new password." );

			echo $core->buildField( "text",
									"",
									"email",
									"Email",
									"The new email (optional).",
									$data['email'] );

			echo $core->buildField( "text",
									"",
									"habbo",
									"Habbo name",
									"The new Habbo name (optional).",
									$data['habbo'] );

			echo $core->buildField( "select",
									"required",
									"dgroup",
									"Display group",
									"The user's display group.",
									$dgroups );

			echo $core->buildField( "checkbox",
									"required",
									"ugroup",
									"Active usergroups",
									"The user's active groups.",
									$groups );

		?>
	</table>

</div>

<div class="box" align="right">

	<input class="button" type="submit" name="submit" value="Submit" />

</div>

</form>

<?php
echo $core->buildFormJS('addUser');

?>

Link to comment
Share on other sites
btherl Member

btherl

Posted
Posted

Is that the entire script?  I don't see where $core and $db are defined.  Also is the script named "index.php"?  The first line there will exit if that is not the script's name.

 

You might want to add this at the top:

 

ini_set('display_errors', 1);

 

And see if you get something useful.

Link to comment
Share on other sites
Jambuster Newbie

Jambuster

Posted
  • Author
Posted

No it's not the full script. Also this page runs fine when I am logged into the system, but when not logged in this page is blocked, therefore just a blank white page, so I was wondering how i'd remove the block and make it public? Also here is the index.php & user.inc.php below if anyone can help that would be great! :D

 

index.php

<?php

require_once( "_inc/glob.php" );

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>

	<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />

	<title>radiPanel</title>

	<script type="text/javascript" src="_js/prototype.js"></script>
	<script type="text/javascript" src="_js/scriptaculous.js"></script>
	<script type="text/javascript" src="_js/validation.js"></script>
	<script type="text/javascript" src="_js/radi.js"></script>

	<style type="text/css" media="screen">@import url('_img/style.css');</style>

</head>

<body>

		<?php

			if( $user->loggedIn ) {

		?>

	<div style="width: 800px; margin: auto;">

		<div>

			<div style="float: right; width: 500px; text-align: right; padding-top: 12px;">

				Welcome, <strong><?php echo $user->data['fullUsername']; ?></strong>!

			</div>

			<big>radiPanel</big>

		</div>

		<div style="float: left; width: 200px;">

			<?php

				$url = $_GET['url'] ? $core->clean( $_GET['url'] ) : 'core.home';

				$query3 = $db->query( "SELECT * FROM menu WHERE url = '{$url}'" );
				$array3 = $db->assoc( $query3 );

				if( !$array3['usergroup'] ) {

					$array3['usergroup'] = "invalid";

				}

				$query = $db->query( "SELECT * FROM usergroups ORDER BY weight ASC" );

				while( $array = $db->assoc( $query ) ) {

					if( in_array( $array['id'], $user->data['uGroupArray'] ) ) {

			?>

			<div class="box">

				<div class="square menu" style="background: #<?php echo $array['colour']; ?>;" onclick="Radi.menuToggle('<?php echo $array['id']; ?>');">

					<img id="menutoggle_<?php echo $array['id']; ?>" class="menutoggle" src="_img/<?php echo ( $array['id'] != $array3['usergroup'] ) ? 'plus' : 'minus'; ?>_white.png" alt="Toggle" align="right" />

					<strong><?php echo $array['name']; ?></strong>

				</div>

				<div class="menuitems"<?php if( $array['id'] != $array3['usergroup'] ) { ?> style="display: none;"<?php } ?> id="mitems_<?php echo $array['id']; ?>">

				<?php

					$query2 = $db->query( "SELECT * FROM menu WHERE usergroup = '{$array['id']}' ORDER BY weight ASC" );

					$i      = "a";

					while( $array2 = $db->assoc( $query2 ) ) {

				?>

					<a href="<?php echo $array2['url']; ?>" class="<?php echo $i; ?>">
						<?php echo $array2['text']; ?>
					</a>

				<?php
						$i++;

						if( $i == "c" ) {

							$i = "a";

						}

					}
				?>

				</div>

			</div><br>
			<?php

					}

				}

			?>

		</div>
		<br>
		<div style="float: left; width: 590px; padding-left: 10px;">

			<?php
				if( !in_array( $array3['usergroup'], $user->data['uGroupArray'] ) ) {

					echo "Permission denied.";

				}
				elseif( !@include_once( $array3['resource'] ) ) {

					echo "Error has occurred looking for " . $array3['resource'];

				}

			?>

		</div>

		<br clear="all" />

	</div>

		<?php

			}
			else {

		?>

	<div style="width: 500px; margin: auto;">

		<big>
			Log in
		</big>


		<form method="post" action="" id="login">

			<div class="box">

			<?php
				if( $_POST['submit'] ) {

					try {

						$username = $_POST['username'];
						$password = $_POST['password'];
						$user->login( $username, $password );
						echo $core->redirect( "?" );

					}
					catch( UserException $e ) {

						echo "<div class=\"square bad\">";
						echo "<strong>Error</strong>";
						echo "<br />";
						echo $e->getMessage();
						echo "</div>";

					}

				}
			?>

				<table width="100%" cellpadding="3" cellspacing="0">

					<?php

						echo $core->buildField( "text",
												"required",
												"username",
												"Username",
												"Your username." );

						echo $core->buildField( "password",
												"required",
												"password",
												"Password",
												"Your password." );

					?>

				</table>	

			</div>

			<div class="box" align="right">

				<input class="button" type="submit" name="submit" value="Log in" />

			</div>

		</form>

		</div>

	</div>
		<?php

				echo $core->buildFormJS("login");

			}

		?>

</body>

</html>

 

user.inc.php

<?php

class UserException extends Exception { }

class User {

	private $sessionID;
	public  $sessionData;
	public  $data;
	public  $loggedIn;

	/**
	  * Constructor - forms session and loads session data.
	  * @global $db
	  * @global $core
	  */
	public function __construct() {

		global $db, $core;

		$this->clearUpSessions();

		$this->sessionID = $core->encrypt( session_id() );

		$this->createSession();

		$query = $db->query( "SELECT * FROM sessions WHERE session_id = '{$this->sessionID}'" );
		$this->sessionData = $db->assoc( $query );

		if( $this->sessionData['user_id'] ) {

			$this->loggedIn = true;

			$query      = $db->query( "SELECT * FROM users WHERE id = '{$this->sessionData['user_id']}'" );
			$this->data = $db->assoc( $query );

			$this->data['uGroupArray'] = explode( ",", $this->data['usergroups'] );

			$query = $db->query("SELECT * FROM usergroups WHERE id = '{$this->data['displaygroup']}'");
			$array = $db->assoc($query);

			$this->data['usergroup'] = $array;

			$this->data['fullUsername'] = "<span style=\"color: #{$array['colour']}\">" . $this->data['username'] . "</span>";

		}

	}

	private function createSession() {

		global $db, $core;

		$query = $db->query( "SELECT * FROM sessions WHERE session_id = '{$this->sessionID}'" );
		$num   = $db->num( $query );

		if( $num == 0 ) {

			$time = time();

			$db->query( "INSERT INTO sessions VALUES ( NULL, '{$this->sessionID}', '0', '{$time}' );" );

		}
		else {

			$oldID = $this->sessionID;

			session_regenerate_id();

			$newID = $core->encrypt( session_id() );

			$time  = time();

			$db->query( "UPDATE sessions SET session_id = '{$newID}', stamp = '{$time}' WHERE session_id = '{$oldID}'" );

			$this->sessionID = $newID;

		}

	}

	public function hasGroup( $id ) {

		if( in_array( $id, $this->data['uGroupArray'] ) ) {
			return true;
		}
		else {
			return false;
		}

	}

	private function clearUpSessions() {

		global $params, $db;

		$time = strtotime( "{$params['user']['timeout']} ago" );

		$db->query( "DELETE FROM sessions WHERE stamp < '{$time}'" );

	}

	public function destroySession() {

		global $db;

		$db->query( "DELETE FROM sessions WHERE session_id = '{$this->sessionID}'" );

	}

	private function assignUser( $id ) {

		global $db;

		$db->query( "UPDATE sessions SET user_id = '{$id}' WHERE session_id = '{$this->sessionID}'" );

	}

	public function login( $username, $password ) {

		global $core, $db;

		$username     = $core->clean( $username );
		$password     = $core->clean( $password );
		$password_enc = $core->encrypt( $password );

		$query = $db->query("SELECT * FROM users WHERE username = '{$username}' AND password = '{$password_enc}'");
		$array = $db->assoc($query);
		$num   = $db->num($query);

		if( !$username or !$password ) {

			throw new UserException( 'All fields are required.' );

		}
		elseif( $num != 1 ) {

			throw new UserException( 'Invalid username/password.' );

		}
		else {

			$this->assignUser( $array['id'] );
			return true;

		}

	}

}

$user = new User();

?>

 

Hope someone can help :confused:

Link to comment
Share on other sites
oliverj777 Member

oliverj777

Posted
Posted

Okay, I may of solved it. Just copy and paste this code and see if it works -->

 

 

<?php

require_once( "_inc/glob.php" );

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>

	<meta http-equiv="Content-type" content="text/html; charset=UTF-8" />

	<title>radiPanel</title>

	<script type="text/javascript" src="_js/prototype.js"></script>
	<script type="text/javascript" src="_js/scriptaculous.js"></script>
	<script type="text/javascript" src="_js/validation.js"></script>
	<script type="text/javascript" src="_js/radi.js"></script>

	<style type="text/css" media="screen">@import url('_img/style.css');</style>

</head>

<body>

		<?php

			//This is what is causing the problem .. the script is checking to see if the person is logged in       -->
                                //if( $user->loggedIn ) {

		?>

	<div style="width: 800px; margin: auto;">

		<div>

			<div style="float: right; width: 500px; text-align: right; padding-top: 12px;">

				Welcome, <strong><?php echo $user->data['fullUsername']; ?></strong>!

			</div>

			<big>radiPanel</big>

		</div>

		<div style="float: left; width: 200px;">

			<?php

				$url = $_GET['url'] ? $core->clean( $_GET['url'] ) : 'core.home';

				$query3 = $db->query( "SELECT * FROM menu WHERE url = '{$url}'" );
				$array3 = $db->assoc( $query3 );

				if( !$array3['usergroup'] ) {

					$array3['usergroup'] = "invalid";

				}

				$query = $db->query( "SELECT * FROM usergroups ORDER BY weight ASC" );

				while( $array = $db->assoc( $query ) ) {

					if( in_array( $array['id'], $user->data['uGroupArray'] ) ) {

			?>

			<div class="box">

				<div class="square menu" style="background: #<?php echo $array['colour']; ?>;" onclick="Radi.menuToggle('<?php echo $array['id']; ?>');">

					<img id="menutoggle_<?php echo $array['id']; ?>" class="menutoggle" src="_img/<?php echo ( $array['id'] != $array3['usergroup'] ) ? 'plus' : 'minus'; ?>_white.png" alt="Toggle" align="right" />

					<strong><?php echo $array['name']; ?></strong>

				</div>

				<div class="menuitems"<?php if( $array['id'] != $array3['usergroup'] ) { ?> style="display: none;"<?php } ?> id="mitems_<?php echo $array['id']; ?>">

				<?php

					$query2 = $db->query( "SELECT * FROM menu WHERE usergroup = '{$array['id']}' ORDER BY weight ASC" );

					$i      = "a";

					while( $array2 = $db->assoc( $query2 ) ) {

				?>

					<a href="<?php echo $array2['url']; ?>" class="<?php echo $i; ?>">
						<?php echo $array2['text']; ?>
					</a>

				<?php
						$i++;

						if( $i == "c" ) {

							$i = "a";

						}

					}
				?>

				</div>

			</div><br>
			<?php

					}

				}

			?>

		</div>
		<br>
		<div style="float: left; width: 590px; padding-left: 10px;">

			<?php
				if( !in_array( $array3['usergroup'], $user->data['uGroupArray'] ) ) {

					echo "Permission denied.";

				}
				elseif( !@include_once( $array3['resource'] ) ) {

					echo "Error has occurred looking for " . $array3['resource'];

				}

			?>

		</div>

		<br clear="all" />

	</div>

		<?php

			}
			// Below is what a unlogged in person will see - if you want, you may want to remove the below HTML -->
                                 //else {

		?>
                 <!------------ remove all this from here ------------->
	<div style="width: 500px; margin: auto;">

		<big>
			Log in
		</big>


		<form method="post" action="" id="login">

			<div class="box">

			<?php /*
				if( $_POST['submit'] ) {

					try {

						$username = $_POST['username'];
						$password = $_POST['password'];
						$user->login( $username, $password );
						echo $core->redirect( "?" );

					}
					catch( UserException $e ) {

						echo "<div class=\"square bad\">";
						echo "<strong>Error</strong>";
						echo "<br />";
						echo $e->getMessage();
						echo "</div>";

					}

				}
			 */ ?>

				<table width="100%" cellpadding="3" cellspacing="0">

					<?php /*

						echo $core->buildField( "text",
												"required",
												"username",
												"Username",
												"Your username." );

						echo $core->buildField( "password",
												"required",
												"password",
												"Password",
												"Your password." );

					*/ ?>

				</table>	

			</div>

			<div class="box" align="right">

				<input class="button" type="submit" name="submit" value="Log in" />

			</div>

		</form>

		</div>

	</div> <!----------------------- to here ------------------------>
		<?php

				echo $core->buildFormJS("login");

			}

		?>

</body>

</html>

Link to comment
Share on other sites
Jambuster Newbie

Jambuster

Posted
  • Author
Posted

Nope that hasn't solved anything, thanks for taking the time to try, I can view index.php but I want to view addUser.php without being logged in, (make anyone who comes to the page be able to view it) which I posted on the first page. Can anyone help?

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.