15/03/2010, 21:46
|
| | | Fecha de Ingreso: septiembre-2006
Mensajes: 330
Antigüedad: 17 años, 7 meses Puntos: 2 | |
| ayuda con una copia de codigo
hola tengo un cms al cual quiero agregarle una galeria de fotos lo que esta es que estan en la misma carpeta pero tengo dentro de la carpeta tengo dos capetas donde esta la seguridad del cms y en otra la galeria
el codigo o como se llama la seguridad en el cms es asi
Código:
<?PHP
error_reporting (E_ALL ^ E_NOTICE);
require_once("./inc/functions.inc.php");
$PHP_SELF = "index.php";
$cutepath = ".";
$config_path_image_upload = "./editor/UserFiles/Image";
$config_use_cookies = TRUE;
$config_use_sessions = FALSE;
$config_check_referer = TRUE;
$Timer = new microTimer;
$Timer->start();
$all_users_db = file("./data/users.db.php");
$check_users = $all_users_db;
$check_users[1] = trim($check_users[1]);
$check_users[2] = trim($check_users[2]);
if((!$check_users[2] or $check_users[2] == "") and (!$check_users[1] or $check_users[1] == "")){
if(!file_exists("");
die();
}
require_once("./data/config.php");
if(isset($config_skin) and $config_skin != "" and file_exists("./skins/${config_skin}.skin.php")){
require_once("./skins/${config_skin}.skin.php");
}else{
$using_safe_skin = true;
require_once("./skins/default.skin.php");
}
if($config_use_sessions){
@session_start();
@header("Cache-control: private");
}
if($action == "logout")
{
setcookie("md5_password","");
setcookie("username","");
setcookie("login_referer","");
if($config_use_sessions){
@session_destroy();
@session_unset();
setcookie(session_name(),"");
}
msg("info", "Ha salido del sistema", "Usted se ha retirado del sistema. <a href=\"$PHP_SELF\">¿DESEA INGRESAR NUEVAMENTE?</a><br /><br>");
}
$is_loged_in = FALSE;
$cookie_logged = FALSE;
$session_logged = FALSE;
$temp_arr = explode("?", $HTTP_REFERER);
$HTTP_REFERER = $temp_arr[0];
if(substr($HTTP_REFERER, -1) == "/"){ $HTTP_REFERER.= "index.php"; }
if($config_use_cookies == TRUE){
if(isset($username))
{
if(isset($HTTP_COOKIE_VARS["md5_password"])){ $cmd5_password = $HTTP_COOKIE_VARS["md5_password"]; }
elseif(isset($_COOKIE["md5_password"])){ $cmd5_password = $_COOKIE["md5_password"]; }
else{ $cmd5_password = md5($password); }
if(check_login($username, $cmd5_password))
{
$cookie_logged = TRUE;
setcookie("lastusername", $username, time()+1012324305);
setcookie("username", $username);
setcookie("md5_password", $cmd5_password);
}else{
$crnt_time = date("M d h:i:s A");
$logfile = "data/access_log.txt";
$visitors_ip = $_SERVER['REMOTE_ADDR'];
$info = "<tr><td height=1 valign=middle> ".$crnt_time."<td height=1 valign=middle> ".$username."<td valign=middle> ".$_POST[password]."<td valign=middle> ".$visitors_ip."<td valign=middle></tr>\n";
$fp = fopen($logfile,"a");
fwrite($fp, $info);
fclose($fp);
$result = "<font color=red>El nombre de usuario o contraseña es incorrecta</font>";
$cookie_logged = FALSE;
}
}
}
if($config_use_sessions == TRUE){
if(isset($HTTP_X_FORWARDED_FOR)){ $ip = $HTTP_X_FORWARDED_FOR; }
elseif(isset($HTTP_CLIENT_IP)) { $ip = $HTTP_CLIENT_IP; }
if($ip == "") { $ip = $REMOTE_ADDR; }
if($ip == "") { $ip = "not detected";}
if($action == "dologin")
{
$md5_password = md5($password);
if(check_login($username, $md5_password)){
$session_logged = TRUE;
@session_register('username');
@session_register('md5_password');
@session_register('ip');
@session_register('login_referer');
$_SESSION['username'] = "$username";
$_SESSION['md5_password'] = "$md5_password";
$_SESSION['ip'] = "$ip";
$_SESSION['login_referer'] = "$HTTP_REFERER";
}else{
$result = "<font color=red>El nombre de usuario o contraseña es incorrecta</font>";
$session_logged = FALSE;
}
}elseif(isset($_SESSION['username'])){ // Check the if member is using valid username/password
if(check_login($_SESSION['username'], $_SESSION['md5_password'])){
if($_SESSION['ip'] != $ip){ $session_logged = FALSE; $result = "Los IP en la sesión no coinciden con su IP"; }
else{ $session_logged = TRUE; }
}else{
$result = "<font color=red>Nombre de usuario incorrecto y/o contraseña !!!</font>";
$session_logged = FALSE;
}
}
if(!$username){ $username = $_SESSION['username']; }
/* END Login Authorization using SESSIONS */
}
###########################
if($session_logged == TRUE or $cookie_logged == TRUE){
if($action == 'dologin'){
//-------------------------------------------
// Modify the Last Login Date of the user
//-------------------------------------------
$old_users_db = $all_users_db;
$modified_users = fopen("./data/users.db.php", "w");
foreach($old_users_db as $old_users_db_line){
$old_users_db_arr = explode("|", $old_users_db_line);
if($member_db[0] != $old_users_db_arr[0]){
fwrite($modified_users, "$old_users_db_line");
}else{
fwrite($modified_users, "$old_users_db_arr[0]|$old_users_db_arr[1]|$old_users_db_arr[2]|$old_users_db_arr[3]|$old_users_db_arr[4]|$old_users_db_arr[5]|$old_users_db_arr[6]|$old_users_db_arr[7]|$old_users_db_arr[8]|".time()."||\n");
}
}
fclose($modified_users);
}
$is_loged_in = TRUE;
}
if($is_loged_in == FALSE)
{
if($config_use_sessions){
@session_destroy();
@session_unset();
}
setcookie("username","");
setcookie("password","");
setcookie("md5_password","");
setcookie("login_referer","");
echoheader("user","Ingresar");
echo "
<table width=\"500\" border=0 cellpadding=1 cellspacing=1>
<form name=login action=\"$PHP_SELF\" method=post>
<tr>
<td width=135>Nombre de Usuario:</td>
<td><input tabindex=1 type=text name=username value='$lastusername' style=\"width:134\"></td>
<td><a href=\"$config_http_script_dir/register.php\"><img src=\"skins/images/registrarse.gif\" width=\"134\" height=\"20\" border=\"0\"></a></td>
</tr> <tr>
<td width=135>Contraseña: </td>
<td><input type=password name=password style=\"width:134\"></td>
<td><a href=\"$config_http_script_dir/lostpass.php\"><img src=\"skins/images/recuperarcontrasena.gif\" width=\"134\" height=\"20\" border=\"0\"></a></td>
</tr> <tr>
<td></td>
<td ><input accesskey=\"s\" type=submit style=\"width:134; background-color: #F3F3F3;\" value='Entrar al sistema...'></td>
<td> </td>
</tr> <tr>
<td align=center colspan=4>$result</td>
</tr>
<input type=hidden name=action value=dologin>
</form>
</table>";
echofooter();
}
elseif($is_loged_in == TRUE)
{
if($config_check_referer == TRUE){
$self = $_SERVER["SCRIPT_NAME"];
if($self == ""){ $self = $_SERVER["REDIRECT_URL"]; }
if($self == ""){ $self = "index.php"; }
if(!eregi("$self",$HTTP_REFERER) and $HTTP_REFERER != ""){
die("<h2>Su acceso a esta página fue negado !</h2><br>trate salir <a href=\"?action=logout\">salir</a> e intentar ingresar nuevamente<br>Para apagar este control de seguridad, cambie \$config_check_referer en index.php a FALSE");
}
}
if($HTTP_SERVER_VARS['QUERY_STRING'] == "debug"){ debug(); }
$system_modules = array('addnews' => 'user',
',
);
if($mod == ""){ require("./inc/main.mdu"); }
elseif( $system_modules[$mod] )
{
if($system_modules[$mod] == "user"){ require("./inc/". $mod . ".mdu"); }
elseif($system_modules[$mod] == "admin" and $member_db[1] == 1){ require("./inc/". $mod . ".mdu"); }
elseif($system_modules[$mod] == "admin" and $member_db[1] != 1){ msg("error", "Acceso negado", "Sólo el administrador puede tener acceso a este módulo"); exit;}
else{ die("El acceso de modulo debe ser puesto por el <b>usuario</b> o <b>administrador</b>"); }
}
else{ die("$mod NO es un modulo valido"); }
}
echo"<!-- execution time: ".$Timer->stop()." -->";
?>
|