html-pagina beveiligen met phpbb logins

Installatie lukt niet? Plotseling een foutmelding. Of weet je niet hoe iets werkt. Problemen met phpBB2 kun je in dit archief opzoeken.
Forumregels

Sinds 1 januari 2009 wordt phpBB2 niet meer ondersteund.
Onderstaande informatie is verouderd en dient uitsluitend als archief.phpBB2.0.x
Gesloten
Gebruikersavatar
waxman
Berichten: 56
Lid geworden op: 04 dec 2003, 20:33
Locatie: Rijkevorsel
Contacteer:
Contacteer waxman

Bericht door waxman » 18 jan 2004, 16:41

oké, ik heb dan volgende files

secure.php

Code: Selecteer alles

<?php 

define('IN_PHPBB', true); 
$phpbb_root_path = './'; 
include($phpbb_root_path . 'extension.inc'); 
include($phpbb_root_path . 'common.'.$phpEx); 
init_userprefs($userdata); 

if ( !$userdata['session_logged_in'] ) { 

   redirect(append_sid("login2.$phpEx?redirect=secure.$phpEx", true)); 

} elseif ( !in_array($userdata['username'], array(waxman, piet)) ) { 

   redirect(append_sid("index.$phpEx", true)); 

} 

?>

<html>

beveiligd

</html>
en
login2.php

Code: Selecteer alles

<?php
/***************************************************************************
 *                                login.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: login.php,v 1.47.2.13 2003/06/20 07:40:27 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
	$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
	$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
	if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
	{
		$username = isset($HTTP_POST_VARS['username']) ? trim(htmlspecialchars($HTTP_POST_VARS['username'])) : '';
		$username = substr(str_replace("\\'", "'", $username), 0, 25);
		$username = str_replace("'", "\\'", $username);
		$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

		$sql = "SELECT user_id, username, user_password, user_active, user_level
			FROM " . USERS_TABLE . "
			WHERE username = '" . str_replace("\\'", "''", $username) . "'";
		if ( !($result = $db->sql_query($sql)) )
		{
			message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
		}

		if( $row = $db->sql_fetchrow($result) )
		{
			if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
			{
				redirect(append_sid("secure.$phpEx", true));
			}
			else
			{
				if( md5($password) == $row['user_password'] && $row['user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
					}
				}
				else
				{
					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
					$redirect = str_replace('?', '&', $redirect);

					$template->assign_vars(array(
						'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
					);

					$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
			$redirect = str_replace("?", "&", $redirect);

			$template->assign_vars(array(
				'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
			);

			$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

			message_die(GENERAL_MESSAGE, $message);
		}
	}
	else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
	{
		if( $userdata['session_logged_in'] )
		{
			session_end($userdata['session_id'], $userdata['user_id']);
		}

		if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
		{
			$url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
			redirect(append_sid($url, true));
		}
		else
		{
			redirect(append_sid("secure.$phpEx", true));
		}
	}
	else
	{
		$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
		redirect(append_sid($url, true));
	}
}
else
{
	//
	// Do a full login page dohickey if
	// user not already logged in
	//
	if( !$userdata['session_logged_in'] )
	{
		$page_title = $lang['Login'];
		include($phpbb_root_path . 'includes/page_header.'.$phpEx);

		$template->set_filenames(array(
			'body' => 'login_body.tpl')
		);

		if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
		{
			$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

			if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
			{
				$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
				$forward_match = explode('&', $forward_to);

				if(count($forward_match) > 1)
				{
					$forward_page = '';

					for($i = 1; $i < count($forward_match); $i++)
					{
						if( !ereg("sid=", $forward_match[$i]) )
						{
							if( $forward_page != '' )
							{
								$forward_page .= '&';
							}
							$forward_page .= $forward_match[$i];
						}
					}
					$forward_page = $forward_match[0] . '?' . $forward_page;
				}
				else
				{
					$forward_page = $forward_match[0];
				}
			}
		}
		else
		{
			$forward_page = '';
		}

		$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

		$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';

		make_jumpbox('viewforum.'.$phpEx, $forum_id);
		$template->assign_vars(array(
			'USERNAME' => $username,

			'L_ENTER_PASSWORD' => $lang['Enter_password'],
			'L_SEND_PASSWORD' => $lang['Forgotten_password'],

			'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

			'S_HIDDEN_FIELDS' => $s_hidden_fields)
		);

		$template->pparse('body');

		include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
	}
	else
	{
		redirect(append_sid("secure.$phpEx", true));
	}

}

?>
dus login2.php is een kopie van login.php en ik heb daar 3x

Code: Selecteer alles

redirect(append_sid("index.$phpEx", true));
vervangen door

Code: Selecteer alles

redirect(append_sid("secure.$phpEx", true));
toch geraak ik niet meer ingelogd...
moet er misschien iets meer veranderd worden aan de login2.php?
Omhoog
Gebruikersavatar
mosymuis
Berichten: 6940
Lid geworden op: 05 feb 2003, 14:00
Locatie: Amsterdam
Contacteer:
Contacteer mosymuis

Bericht door mosymuis » 18 jan 2004, 16:44

waxman schreef:dus login2.php is een kopie van login.php en ik heb daar 3x

Code: Selecteer alles

redirect(append_sid("index.$phpEx", true));
vervangen door

Code: Selecteer alles

redirect(append_sid("secure.$phpEx", true));
Oja, dan heb je login2.php idd ook nodig. :)


waxman schreef:toch geraak ik niet meer ingelogd...
Hoezo niet? Wat gebeurt er?
Omhoog
Gebruikersavatar
waxman
Berichten: 56
Lid geworden op: 04 dec 2003, 20:33
Locatie: Rijkevorsel
Contacteer:
Contacteer waxman

Bericht door waxman » 18 jan 2004, 16:48

niets, je vult je naam in om in te loggen en dan zie je dat je browser
aan het zoeken is (onderaan in IE bij mij) maar het blijft zo

daarom vermoed ik dat er iets mis is in de login2.php
(kan het zijn dat er meer "index" moet veranderd worden in "secure"?)

want als ik de secure verwijs naar login.php werkt het wel...
(na inloggen ga ja naar de index, wat normaal is bij de login.php)
maar met de login2.php werkt het dus niet...

daarom: te weinig verandert in login2 ? :?
Omhoog
Gebruikersavatar
waxman
Berichten: 56
Lid geworden op: 04 dec 2003, 20:33
Locatie: Rijkevorsel
Contacteer:
Contacteer waxman

Bericht door waxman » 23 jan 2004, 22:19

hallo? kan iemand me alstublieft alstublieft alstublieft helpen? pleaaaaaase :oops:
Omhoog
Gesloten

Terug naar “2.0 Support”