mosakabe @ ウィキ
Logintest
最終更新:
mosakabe
-
view
<?php
require_once( '/geo_cgi_private/bin/login_common.php' );
if( has_loggedin() ) redirect();
if( isset( $_POST['user'], $_POST['pass'] ) && certify( $_POST['user'], $_POST['pass'] ) ){
set_login_cookie( $_POST['user'] );
redirect();
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login</title>
</head>
<body>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table width="90%" height="20%" border="0" align="center"><tr><td>
<div align="center"><table>
<?php if( array_key_exists( 'user', $_POST ) ){ ?>
<tr><td align="center" colspan="2"><font color=red>Invalid ID or Password. Please try again.</font><br><br></td></tr>
<?php } ?>
<tr><td align="right"><font face="Arial">ID</font></td><td><input type="text" name="user"></td>
<tr><td align="right"><font face="Arial">Password</font></td><td><input type="password" name="pass"></td>
<tr><td align="center" colspan="2"><br><input type="submit" value="login"></td></tr>
</table></div>
</tr></td></table>
<input type="hidden" name="done" value="<?php echo $_REQUEST['done']; ?>">
<input type="hidden" name="sign" value="<?php echo $_REQUEST['sign']; ?>">
</form>
</body>
</html>
<?php
define( 'LOGIN_PAGE', '/login.php' );
define( 'DB_DIR','/geo_cgi_private/db/' );
define( 'USER_DB','user.db' );
define( 'C_SEPA', '&' );
define( 'C_NAME', 'l' );
if( !file_exists( DB_DIR ) ) mkdir( DB_DIR );
function has_loggedin(){
if( !isset( $_COOKIE[C_NAME] ) ) return false;
list( $user, $time, $sign ) = split( C_SEPA, $_COOKIE[C_NAME] );
return ( $sign != '' && $sign === md5( $user . $time ) );
}
function get_passward_hash( $user_id ){
if( !$db = @dba_popen( DB_DIR.USER_DB , "r", "db3" ) )
return false;
$ph = dba_fetch( $user, 1, $db );
dba_close( $db );
if( !$ph ) return false;
return $ph;
}
function certify( $user_id, $passward ){
if( !$db = @dba_popen( DB_DIR . USER_DB , "r", "db3" ) )
return false;
$ph = dba_fetch( $user_id, 1, $db );
dba_close( $db );
return $ph === md5( $passward );
}
function set_login_cookie( $user_id ){
echo $user_id;
$time = time();
$sign = md5( $user_id . $time );
$cookie_string = join( C_SEPA, array( $user_id, $time, $sign ) );
setcookie( C_NAME, $cookie_string );
}
function redirect(){
$sign = md5( file_get_contents( DB_DIR.USER_DB ) );
if( isset( $_REQUEST['done'], $_REQUEST['sign'] ) && $_REQUEST['sign'] === $sign ){
header( 'Location: ' . $_REQUEST['done'] );
}else{
header( 'Location: /' );
}
exit;
}
?>
<?php
require_once( '/geo_cgi_private/bin/login_common.php' );
if( !has_loggedin() ){
$sign = md5( file_get_contents( DB_DIR.USER_DB ) );
$param = '?done=' . $_SERVER['PHP_SELF'] . '&sign=' . $sign;
header( 'Location: ' . LOGIN_PAGE . $param );
exit();
}
?>
