PHP form girmek bana metin alanlarını vermeyecektir .. [güvenliği için http-auth giriş]

0 Cevap php
<?php $prev_path = "./../../."; $dont_redirect = true; require_once "${prev_path}./config.php";

    session_start();

    function http_digest_parse($txt){
        $needed_parts = array("nonce"=>1, "nc"=>1, "cnonce"=>1, "qop"=>1, "username"=>1, "uri"=>1, "response"=>1);
        $data = array();
        $keys = implode("|", array_keys($needed_parts));

        preg_match_all("@(" . $keys . ")=(?:(['\"])([^\\2]+?)\\2|([^\s,]+))@", $txt, $matches, PREG_SET_ORDER);

        foreach ($matches as $m) {
            $data[$m[1]] = $m[3] ? $m[3] : $m[4];
            unset($needed_parts[$m[1]]);
        }

        return $needed_parts ? false : $data;
    }

    if($_REQUEST["task"] == "logout") {
        unset($_SESSION["KEY"]);
        unset($_SESSION["SUCCESS"]);
        unset($_SERVER["PHP_AUTH_DIGEST"]);
    }

    if (!isset($_SESSION["SUCCESS"])){
        $_SESSION["KEY"] = $_SESSION["KEY"] ? $_SESSION["KEY"] : uniqid();

        $realm = "Restricted area, KEY: " . $_SESSION["KEY"];
        $users = array("user" => "pass", "google" => "stackoveflow");

        header("HTTP/1.1 401 Unauthorized");
        header("WWW-Authenticate: Digest realm=\"" . $realm . "\",qop=\"auth\",nonce=\"" . uniqid() . "\",opaque=\"" . md5($realm) . "\"");
        echo "Hello Guest, you are not permitted to view this page..";

        if (!($data = http_digest_parse($_SERVER["PHP_AUTH_DIGEST"])) || !isset($users[$data["username"]])) {
            unset($_SESSION["SUCCESS"]);
            die("Incorrect Username!");
        }

        $A1 = md5($data["username"] . ":" . $realm . ":" . $users[$data["username"]]);
        $A2 = md5($_SERVER["REQUEST_METHOD"].":".$data["uri"]);
        $valid_response = md5($A1.":".$data["nonce"].":".$data["nc"].":".$data["cnonce"].":".$data["qop"].":".$A2);

        if ($data["response"] != $valid_response) {
            unset($_SESSION["SUCCESS"]);
            die("Incorect Password!");
        }

        $_SESSION["SUCCESS"] = true;
    } else {
        if($_REQUEST["task"]=="newItem") {
            sql("INSERT INTO ITEM VALUES('','${_REQUEST["code"]}','${_REQUEST["pic"]}','${_REQUEST["size"]}','${_REQUEST["description"]}','${_REQUEST["retail"]}','','${_REQUEST["instock"]}','1')", 0);
        }
?>
<!doctype html>
<html>
    <head>
        <title></title>
    <head>
    <body><?print_r($_REQUEST)?>
        <fieldset>
            <legend>Create one new shop item:</legend>
            <form action="./?task=newItem" method="GET">
                <table>
                    <tr><td>Pic:</td><td><input id="pic" /></td></tr>
                    <tr><td>Code:</td><td><input id="code" /></td></tr>
                    <tr><td>Description:</td><td><textarea id="description"></textarea></td></tr>
                    <tr><td>Retail:</td><td><input id="retail" /></td></tr>
                    <tr><td>In Stock:</td><td><input id="instock" /></td></tr>
                    <tr><td></td><td><input type="submit" /></td></tr>
                </table>
            </form>
        </feildset>
    </body>
</html>
<?}?>

Eser tür-Login ama formu asla çalışır .. ve her ikisi için düzeltmeler güzel olurdu.

0 Cevap