问题
i make the admin panel and have a problem. need some help to make form for change password in ac-config.php file.
need form for change the adminpassword $adminpass = "adminpassword";
thankyou wait for useaful help.
ac-config.php
<?php
//Admin Username and password
$adminuser = "admin";
$adminpass = "adminpassword";
//Error message variables
$not_logged_in_message_error_message = "Error<br><br>You Are not logged in. Go back and try again!<br><br>";
$incorrect_error_message = "Error<br><br>You have entered the incorrect username and/or password, please go back and try again!<br><br>";
$no_pass_or_user_error_message = "Error<br><br>You have either not entered a password or a username, please go back and try again!<br><br>";
//The first page you want the script to go to after creating those cookies (this page must include the validating code as seen in admin1.php)
$first_page = "ac-admin.php";
?>
that is my login verify ac-login.php
<?php
$formuser = $_POST["formuser"];
$formpass = $_POST["formpass"];
$formpass = md5($formpass);
if($formuser && $formpass) {
setcookie ("cookuser");
setcookie ("cookpass");
setcookie ("cookuser", $formuser);
setcookie ("cookpass", $formpass);
header("Location: ac-admin.php");
}
else {
include("ac-config.php");
echo($no_pass_or_user_error_message);
}
?>
ac-admin.php
<link href="css.css" rel="stylesheet" type="text/css" />
<?php error_reporting(E_ALL ^ E_NOTICE); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin</title>
</head>
<body>
<div id="content">
<div id="logo"></div>
<?php include("nav.php"); ?>
<?php
include("ac-config.php");
$cookuser = $_COOKIE["cookuser"];
$cookpass = $_COOKIE["cookpass"];
$adminpass = md5($adminpass);
$moderatorpass = md5($moderatorpass);
if($cookuser && $cookpass) {
if(($cookuser == $adminuser || $cookuser == $moderatoruser) && ($cookpass == $adminpass || $cookpass == $moderatorpass)){
//Any protected stuff you want goes in here!
echo'<green>Successfully logged in!</green><br /><br />';
}
else{
echo($incorrect_error_message);
}
}
else{
echo($not_logged_in_message_error_message);
}
?>
This is Admin Page<br />
Anything want can place here<br />
<div id="footer">CopyRight 2011 - All Rights Reserved</div>
</div>
</body>
</html>
回答1:
this what you are doing here is what we call "hard coded" passwords into the code, try reading some more on how to use databases or file system, then you can change your password dynamically;
回答2:
Create another file, which we will use to contain a hashed version of your password. (As this is in another file, you can read/write/edit it as you wish without taking a chance of killing the PHP script which is working with it.)
Create a file "_something_random.txt"
Into that file, paste the following (and only the following - no new lines, or spaces, or anything):
11982574c05624fd4946dda5298cf9db6c679ef4
This is an SHA1 hash of "StackOverflow" - basically a one-way encryption of the word.
Within your existing files:
"ac-config.php"
<?php
//Admin Username and password
$adminuser = "admin";
$adminhashfile = '_something_random.txt';
$adminhash = file_get_contents( $adminhashfile );
.... (rest of the file as-is) ...
"ac-login.php"
<?php
$formuser = $_POST["formuser"];
$formpass = sha1( $_POST["formpass"] );
if( $formuser==$adminuser && $formpass==$adminhash ){
setcookie ("cookuser", $formuser);
setcookie ("cookpass", $formpass);
header( "Location: ac-admin.php" );
} else {
include("ac-config.php");
echo($no_pass_or_user_error_message);
}
?>
If you want to change the password at anytime, you can either manually calculate the SHA-1 hash of your new password and paste it into the "_something_random.txt" file, or you can create a PHP script which (authenticates you as already being logged-in and then) takes the new password and writes it into that file for you.
<?php
include("ac-config.php");
$newPassword = $_POST['newPassword'];
file_put_contents( $adminhashfile , sha1( $newPassword ) );
回答3:
file_*_contents() & heredoc example...
<?php
//Replacing the values into the config
$config_file="";
if(isset($_POST['update']) && isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$config_file = <<<CONFIG
<?php
//Admin Username and password
\$adminuser = "$user";
\$adminpass = "$pass";
//Error message variables
\$not_logged_in_message_error_message = "Error<br><br>You Are not logged in. Go back and try again!<br><br>";
\$incorrect_error_message = "Error<br><br>You have entered the incorrect username and/or password, please go back and try again!<br><br>";
\$no_pass_or_user_error_message = "Error<br><br>You have either not entered a password or a username, please go back and try again!<br><br>";
//The first page you want the script to go to after creating those cookies (this page must include the validating code as seen in admin1.php)
\$first_page = "ac-admin.php";
?>
CONFIG;
file_put_contents('ac-config.php',$config_file);
//Where to send after update
header('Location: ./admin.php?page=changepass');
}
//Getting the values for the form
$config_file = file_get_contents('ac-config.php');
$match = preg_match('%adminuser = \"(.*?)\"%',$config_file,$confuser);
$match = preg_match('%adminpass = \"(.*?)\"%',$config_file,$confpass);
//$confuser[0] & $confpass[0] can be used to insert the values into the form
?>
<form method="POST" action="">
<input type="hidden" name="page" value="changepass">
<input type="hidden" name="update" value="go">
<h1>Change Logins</h1>
<p>Username:<input type="text" name="user" value="<?php echo $confuser[0];?>" size="20"></p>
<p>Password:<input type="password" name="pass" value="<?php echo $confpass[0];?>" size="20"></p>
<p><input type="submit" value="Submit"></p>
</form>
来源:https://stackoverflow.com/questions/6742976/change-admin-password-need-to-make-form