Passwortabfrage einbauen

[MajorDisaster]

Servus, hab hier ein Artikelscript, dass allerdings keine Passwortabfrage für den Adminbereich hat, d.h. jeder könnte einen Artikel erstellen/editieren/löschen.

Jetzt wollt ich fragen, wie ich eine Passwortabfrage für den Adminbereich einbauen kann:

Code:

[admin.php]:

<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">

<html>
<head>
	<title>MD Article - Administration Area</title>
</head>

<body>



<?php

/*
---------------------------------------------------
|MD Article version 1.0                           |
|Copyright (c) Matthew Dingley 2003               |
|For any help or assistance go to MD Web at:      |
|www.matthewdingley.co.uk                         |
|                                                 |
|For information on how to install see the readme |
---------------------------------------------------
*/

$configFile="config.php";
require $configFile;

//Connect to database
$db = mysql_connect("$host", "$username", "$password");
mysql_select_db("$databasename", $db);

function doOptions()
{
echo "
<br>
<br>
<a href=\"$PHP_SELF?action=main\">Main Menu</a>&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"$PHP_SELF?action=add\">Add an article</a>&nbsp;&nbsp;&nbsp;&nbsp;<a href=\"$PHP_SELF?action=help\">Help</a>
<br>Get Help and support for MD Article as well as more cool programs to use on your website at <a href=\"http://www.matthewdingley.co.uk\" target=\"_blank\">MD Web</a>
<br>
<br>
MD Article &copy; <a href=\"http://www.matthewdingley.co.uk\" target=\"_blank\">Matthew Dingley</a> 2003
";
}

echo "<h2 align=\"left\">MD Article Administration Area</h2>";
echo "<p align=\"left\"><i>Version 1.0.0</i><br><br>";

//Date stuff
$today = getdate();
$month = $today["month"];
$mday = $today["mday"];
$year = $today["year"];
$theDate = "$mday $month $year";
//End date stuff

//Start add article
if($action=="add")
{

//If they have entered data into the form, do this
if($title||$summary||$author||$date||$full)
{
if($complete)
{
$insertIt=mysql_query("INSERT INTO $tablename (`title`, `summary`, `author`, `date`, `full`, `complete`) VALUES ('$title', '$summary', '$author', '$date', '$full', '$complete')",$db);
}
else
{
$insertIt=mysql_query("INSERT INTO `$tablename` (`title`, `summary`, `author`, `date`, `full`) VALUES ('$title', '$summary', '$author', '$date', '$full') ",$db);
}
if($insertIt)
{
echo "The article <i>$title</i> has been successfully added<br>";
}
else
{
echo "Sorry there has been an error, please try again<br>";
}
}

//Otherwise give them the form
else
{
echo "
<form action=\"$PHP_SELF\" method=\"post\">

<b>Title</b>:
<br>
<i>The title of your article</i>
<br>
<input name=\"title\" type=\"text\" value=\"\" size=\"35\" maxlength=\"70\">
<br>
<br>
<b>Summary</b>:
<br>
<i>A quick summary to tell your visitors what this article is all about</i>
<br>
<input name=\"summary\" type=\"text\" value=\"\" size=\"64\" maxlength=\"255\">
<br>
<br>
<b>Author</b>:
<br>
<i>The name of the author who wrote the article</i>
<br>
<input name=\"author\" type=\"text\" value=\"\" size=\"24\" maxlength=\"30\">
<br>
<br>
<b>Date</b>:
<br>
<i>The date on which this article was written (Note: this will have no effect on the order that this article is shown)</i>
<br>
<input name=\"date\" type=\"text\" value=\"$theDate\" size=\"16\" maxlength=\"20\">
<br>
<br>
<b>Full article</b>:
<br>
<i>The full text of the article. (Note: this can contain HTML. To include images, put the images into the images directory and use a HTML &lt;IMG&gt; tag</i>
<br>
<textarea name=\"full\" rows=\"14\" cols=\"70\" >
</textarea>
<br>
<br>
<b>Completed</b>:
<br>
<i>Tick this off when the article is complete. It won't be displayed in the index otherwise</i>
<br>
<input type=\"checkbox\" name=\"complete\" value=\"1\">
<br>
<br>
<input name=\"action\" type=\"hidden\" value=\"add\">

<input type=\"submit\" value=\"Add Article\">
</form>
";
}
doOptions();
}

//Start edit article
if($action=="edit")
{

//If they have entered data into the form, do this
if($title||$summary||$author||$date||$full)
{

$updateIt=mysql_query("UPDATE $tablename SET title='$title', summary='$summary', author='$author', date='$date', full='$full', complete='$complete' WHERE id='$id'",$db);

if($updateIt)
{
echo "The article <i>$title</i> has been successfully updated<br>";
}
else
{
echo "Sorry there has been an error, please try again<br>";
}
}

//Otherwise give them the form
else
{
$getUpdateInfo=mysql_query("SELECT * FROM $tablename WHERE id='$id'",$db);
if($updateInfo=mysql_fetch_array($getUpdateInfo))
{
echo "
<form action=\"$PHP_SELF\" method=\"post\">

<input name=\"id\" type=\"hidden\" value=\"$id\">

<b>Title</b>:
<br>
<i>The title of your article</i>
<br>
<input name=\"title\" type=\"text\" value=\"";
printf($updateInfo["title"]);
echo "\" size=\"35\" maxlength=\"70\">
<br>
<br>
<b>Summary</b>:
<br>
<i>A quick summary to tell your visitors what this article is all about</i>
<br>
<input name=\"summary\" type=\"text\" value=\"";
printf($updateInfo["summary"]);
echo "\" size=\"64\" maxlength=\"255\">
<br>
<br>
<b>Author</b>:
<br>
<i>The name of the author who wrote the article</i>
<br>
<input name=\"author\" type=\"text\" value=\"";
printf($updateInfo["author"]);
echo "\" size=\"24\" maxlength=\"30\">
<br>
<br>
<b>Date</b>:
<br>
<i>The date on which this article was written (Note: this will have no effect on the order that this article is shown)</i>
<br>
<input name=\"date\" type=\"text\" value=\"";
printf($updateInfo["date"]);
echo "\" size=\"16\" maxlength=\"20\">
<br>
<br>
<b>Full article</b>:
<br>
<i>The full text of the article. (Note: this can contain HTML. To include images, put the images into the images directory and use a HTML &lt;IMG&gt; tag</i>
<br>
<textarea name=\"full\" rows=\"14\" cols=\"70\" >";
printf($updateInfo["full"]);
echo "</textarea>
<br>
<br>
<b>Completed</b>:
<br>
<i>Tick this off when the article is complete. It won't be displayed in the index otherwise</i>
<br>";

if($updateInfo["complete"]=="1")
{
echo "<input type=\"checkbox\" name=\"complete\" value=\"1\" checked>";
}
else
{
echo "<input type=\"checkbox\" name=\"complete\" value=\"1\">";
}

echo "<br>
<br>
<input name=\"action\" type=\"hidden\" value=\"edit\">

<input type=\"submit\" value=\"Update\">
</form>
";
}
else
{
echo "Sorry, there has been an error. Please try again";
}
}
doOptions();
}

//Start Delete Article
if($action=="delete")
{
if($id)
{
if($check=="yes")
{
$deleteIt=mysql_query("DELETE FROM $tablename WHERE id='$id'",$db);
if($deleteIt)
{
echo "The article has been successfully deleted";
}
else
{
echo "Sorry there has been an error. Please try again";
}
}
else
{
$getDeleteInfo=mysql_query("SELECT title FROM $tablename WHERE id='$id'",$db);
if($deleteInfo=mysql_fetch_array($getDeleteInfo))
{
$title=$deleteInfo["title"];
echo "Are you sure you want to delete the article <b>$title</b>?<br>";
echo "<a href=\"$PHP_SELF?action=delete&id=$id&check=yes\">Yes</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href=\"$PHP_SELF?action=main\">No</a>";
}
else
{
echo "Sorry there has been an error, please try again";
}
}
}
else
{
echo "Sorry there has been an error, please try again";
}
doOptions();
}

//Start Help
if($action=="help")
{
echo "If you need any help or assistance, please go to MD Web at <a href=\"www.matthewdingley.co.uk\">
www.matthewdingley.co.uk</a>. Just go to the contact section and send me an e-mail with a description of your problem
";
doOptions();
}
//End help

//Start Full
if($action=="full")
{
$getFull=mysql_query("SELECT * FROM $tablename WHERE id=$id", $db);
if($theFull=mysql_fetch_array($getFull))
{
echo "
<h2 align=\"left\">
";
printf($theFull["title"]);
echo "
</h2>
<p align=\"left\">
By: 
";
printf($theFull["author"]);
echo "
</p>

<p align=\"left\">
";
printf($theFull["full"]);
echo "
</p>
<p align=\"left\">
";
printf($theFull["author"]);
echo "
</p>
";
}
else
{
echo "Sorry, there has been an error. Please try again";
}
doOptions();
}
//End full


//Start install
if($action=="install")
{
if(mysql_query("
CREATE TABLE $tablename (
  id int(5) NOT NULL auto_increment,
  title varchar(70) default NULL,
  date varchar(20) default NULL,
  summary varchar(255) default NULL,
  full text,
  author varchar(30) default NULL,
  novisitors int(5) default '0',
  complete tinyint(1) NOT NULL default '0',
  PRIMARY KEY  (id),
  UNIQUE KEY id (id)
)
",$db))
{
echo "MD Article has been installed successfully. Thank you for using MD Article.<br>
You can now <a href=\"$PHP_SELF?action=add\">add a download</a>
";
}
else
{
echo "Sorry, the install procedure was not sucessfull. If this error persists, please try checking that you have entered in your information into the config.php file correctly.
For any more help or assistance, please go to <a href=\"http://www.matthewdingley.co.uk\" target=\"_blank\">MD Web</a> and contact me.
";
}
}
//End install


//Start Main
if($action=="main"||!$action)
{
echo "<a href=\"$PHP_SELF?action=add\">Add article</a><br>";
//Start unfinished
$getArticles=mysql_query("SELECT id, title, date, summary, novisitors FROM $tablename WHERE complete='0'", $db);
if($articleInfo=mysql_fetch_array($getArticles))
{
echo "<h3 align=\"left\">Unfinished Articles</h3>";
echo "<table width=\"90%\" cellspacing=\"12\" cellpadding=\"0\">
<tr>
<td>
<b>ID</b>
</td>
<td>
&nbsp;
</td>
<td>
<b>Hits</b>
</td>
<td>
&nbsp;
</td>
<td>
&nbsp;
</td>
<td>
&nbsp;
</td>
<tr>
";
do
{
echo "
<tr>
<td>
";
printf($articleInfo["id"]);
echo "
</td>
<td>
<b>
";
printf($articleInfo["title"]);
echo "
</b>
<br>
<i>
";
printf($articleInfo["date"]);
echo "
</i>
<br>
";
printf($articleInfo["summary"]);
echo "
</td>
<td>
";
printf($articleInfo["novisitors"]);
echo "
</td>
<td>
<a href=\"$PHP_SELF?action=edit&id=
";
printf($articleInfo["id"]);
echo "
\">Edit</a>
</td>
<td>
<a href=\"$PHP_SELF?action=delete&id=
";
printf($articleInfo["id"]);
echo "
\">Delete</a>
</td>
<td>
<a href=\"$PHP_SELF?action=full&id=
";
printf($articleInfo["id"]);
echo "
\">View&nbsp;Full</a>
</td>
<tr>
";
}
while($articleInfo=mysql_fetch_array($getArticles));
echo "</table>";
echo "<hr><h3 align=\"left\">Finished Articles</h3>";
}
//End unfinished
$getArticles=mysql_query("SELECT id, title, date, summary, novisitors FROM $tablename WHERE complete='1'", $db);
if($articleInfo=mysql_fetch_array($getArticles))
{
echo "<table width=\"90%\" cellspacing=\"12\" cellpadding=\"0\">
<tr>
<td>
<b>ID</b>
</td>
<td>
&nbsp;
</td>
<td>
<b>Hits</b>
</td>
<td>
&nbsp;
</td>
<td>
&nbsp;
</td>
<td>
&nbsp;
</td>
<tr>
";
do
{
echo "
<tr>
<td>
";
printf($articleInfo["id"]);
echo "
</td>
<td>
<b>
";
printf($articleInfo["title"]);
echo "
</b>
<br>
<i>
";
printf($articleInfo["date"]);
echo "
</i>
<br>
";
printf($articleInfo["summary"]);
echo "
</td>
<td>
";
printf($articleInfo["novisitors"]);
echo "
</td>
<td>
<a href=\"$PHP_SELF?action=edit&id=
";
printf($articleInfo["id"]);
echo "
\">Edit</a>
</td>
<td>
<a href=\"$PHP_SELF?action=delete&id=
";
printf($articleInfo["id"]);
echo "
\">Delete</a>
</td>
<td>
<a href=\"$PHP_SELF?action=full&id=
";
printf($articleInfo["id"]);
echo "
\">View&nbsp;Full</a>
</td>
<tr>
";
}
while($articleInfo=mysql_fetch_array($getArticles));
echo "<tr><td colspan=\"6\">";
doOptions();
echo "</td></tr>";
echo "</table>";
}
else
{
echo "Sorry, there are no articles in the database";
doOptions();
}
}
?>
</body>
</html>

[config.php]

<?php

/*
---------------------------------------------------
|MD Article version 1.0                           |
|Copyright (c) Matthew Dingley 2003               |
|For any help or assistance go to MD Web at:      |
|www.matthewdingley.co.uk                         |
|                                                 |
|For information on how to install see the readme |
---------------------------------------------------
*/

//Your host name. This is usually localhost, but check with your administrator if you are not sure
$host = "localhost";

//The name of the database you want the MySQL table to be installed under
$databasename= "matthewd_mdweb";

//The name of the table you want the program to run on
$tablename = "mdarticle2";

//Your username for your database
$username = "matthewd_matthew";

//Your password for your database
$password = "tooltip";

//The number of articles you want to show on the 'latest articles' file
$numArticles = "2";

?>

 

[MajorDisaster]

[article.php]:

<?php

/*
---------------------------------------------------
|MD Article version 1.0                           |
|Copyright (c) Matthew Dingley 2003               |
|For any help or assistance go to MD Web at:      |
|www.matthewdingley.co.uk                         |
|                                                 |
|For information on how to install see the readme |
---------------------------------------------------
*/

$configFile="config.php";
require $configFile;

//Connect to database
$db = mysql_connect("$host", "$username", "$password");
mysql_select_db("$databasename", $db);

if($id)
{
$getArticle=mysql_query("SELECT * FROM $tablename WHERE id=$id", $db);

//This is errorCount
$eC;

//aC is articleContent
if($aC=mysql_fetch_array($getArticle))
{
$eC=false;

$newCount=$aC["novisitors"]+1;

$countVisit=mysql_query("UPDATE $tablename SET novisitors='$newCount' WHERE id='$id'",$db);
}
else
{
$eC=true;
}
$title=$aC['title'];
}
else
{
$title="Articles";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
	<title><?php echo $title;?></title>
</head>

<body>
		   

		   <h2 align="left">
		   <?php 
		   if(!$eC){echo $title;} else { echo "Error";}
		   echo "</h2>";
		   
		   if($id)
		   {
		   if(!$eC)
		   {
		   echo "<p align=\"left\">By ";
		   printf($aC["author"]);
		   echo "</p>";
		   }
		   echo "</p>
		   <p align=\"left\">";
		   if(!$eC)
		   {
		   printf($aC["full"]);
		   echo "</p>";
		   echo "<p align=\"left\"><i>This article is by ";
		   printf($aC["author"]);
		   echo "</i></p>";
		   } 
		   else 
		   {
		   echo "Sorry there has been a problem. Please try again";
		   }
echo "<br><br><a href=\"$PHP_SELF?action=main\">More articles</a>";
		   }
		   //Do main menu
		   if(!$id||$action=="main")
		   {
		   $result = mysql_query("SELECT * FROM `$tablename` WHERE complete!=0 ORDER BY `id` DESC",$db);

if ($therow = mysql_fetch_array($result))
{
do
{
echo "<b>";
printf($therow["title"]);
echo "</b><br><i>";
printf($therow["date"]);
echo "</i><br>";
printf($therow["summary"]);
echo "<br><a href=\"$PHP_SELF?id=";
printf($therow["id"]);
echo "\">Read</a>...";
echo "<br><br>";
}
while ($therow = mysql_fetch_array($result));
}
else
{
echo "Sorry there are no completed articles at the moment";
}
		   }
echo "MD Article &copy; <a href=\"http://www.matthewdingley.co.uk\" target=\"_blank\">Matthew Dingley</a> 2003";
?>  
</body>
</html>

[latest.php]:

<?php	
/*
---------------------------------------------------
|MD Article version 1.0                           |
|Copyright (c) Matthew Dingley 2003               |
|For any help or assistance go to MD Web at:      |
|www.matthewdingley.co.uk                         |
|                                                 |
|For information on how to install see the readme |
---------------------------------------------------
*/

$configFile="config.php";
require $configFile;

//Connect to database
$db = mysql_connect("$host", "$username", "$password");
mysql_select_db("$databasename", $db);
   
$smallresult = mysql_query("SELECT * FROM $tablename WHERE complete!=0 ORDER BY `id` DESC LIMIT 0, $numArticles",$db);
if ($therow = mysql_fetch_array($smallresult)){
echo "Here are the latest $numArticles articles:<br><br>";
do{
echo "<b>";
printf($therow["title"]);
echo "</b><br><i>";
printf($therow["date"]);
echo "</i><br>";
printf($therow["summary"]);
echo "<br><a href=\"articles/article.php?id=";
printf($therow["id"]);
echo "\">Read</a>...";
echo "<br><br>";
}
while ($therow = mysql_fetch_array($smallresult));
}
else{
echo "Sorry there are no completed articles at the moment";
}
?>

Wäre schön, wenn jemand, der Ahnung hat, mir helfen könnte.
Gruß Toni

 

[Operator_Jon]

mysql gesteuert oder nicht?
wenn nicht:

<?php
//formular:
echo '<form action="admin_verify.php" method="post">'.
'<table>'.
'<tr><td>Passwort<td>:<td><input type="password" name="pw" size=15>'.
'<tr><td><input type="submit" value="Login">'.
'</table>'.
'</form>';
//Check (sprich admin_verify.php):
if ($pw != "admin") {
  die('Passwort ist Inkorrekt"');
}
else {
  ?>
<script>
location.href="admin_logged.php";
</script>
  <?php
}

naja so in der art halt

 

[glen]

Herje hast du lange Scripte. An deiner Stelle würde ich etwas mehr includen oder die halt irgendwie verkürzen ^^

Also ohne Mysql DB:

<?php
//formular:
echo '<form action="admin_verify.php" method="post">'.
'<table>'.
'<tr><td>Passwort<td>:<td><input type="password" name="pw" size="15">'.
'<tr><td><input type="submit" value="Login">'.
'</table>'.
'</form>'.
//Check (sprich admin_verify.php):

$pw = $_POST['pw'];

if ($pw != "admin") {
die('Passwort ist Inkorrekt"');
}
else {
?>
<script>
location.href="admin_logged.php";
</script>
<?php
}

Aber ich würde es lieber mit Db machen ^^

 

[Tim C.]

Ich bitte den Threadstarter dringendst die Code-Ausschnitte auf das Wesentliche zu kürzen, sonst mach ich das *hrhr*

Also sowohl bei Koppelung an MySQL als auch bei direkter PW Eingabe zu jeder Aktion baut sich das ganze immer gleich auf

<?php
if($EingegebenesPasswort = $GespeichertesPasswort) { ?>

// PHP Aktionen

<?php
 }
else {
?>

// Erneut Formular und Fehlermeldung einblenden

<?php
}
?>

 

[MajorDisaster]

Ja es ist DB gesteuert.

Danke schonmal für die Antworten, aber wo soll ich das jetzt genau einbauen?
In die Admin.php oder wo? Und wenn ja, wie?

Gruß Toni.

 

[Tim C.]

1) Denken !

2) Die Logik hinter den if-Abfragen verstehen

3) Sie so setzen, dass in jedem Fall genau das angezeigt wird,
was angezeigt werden soll.

 

[MajorDisaster]

Okay, ich hab's geschafft.

Vielen Dank für die Hilfe!