php - Login virker, men nemt at snyde! - Udvikleren.dk - Programmering, webdesign og grafik

Tags: php
<< < 1 2 > >>
Bruger #8021 @ 28.10.05 19:31
Davs
Har lavet et lille login system som bruger database. Login virker fint, men det kan omgås ved at skrive en direkte url til en af de sider som skal beskyttes. Hvordan løser jeg det problem?
Anders!
14 svar postet i denne tråd vises herunder
4 indlæg har modtaget i alt 4 karma
Sorter efter stemmer Sorter efter dato
Bruger #8021 @ 28.10.05 23:57
Ok her kommer koden så til der hvor man bliver smidt hen efter man har logget ind, kan nogen belære mig om hvad jeg skal smide derind for at den kræver jeg er logget ind, og husker det?
Kode
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>.:Basic CMS:.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<style type="text/css">


<!--
body,td,th {
	font-family: Verdana, Arial, Helvetica, sans-serif;
	font-size: 10px;
	color: #999999;
}
body {
	background-color: #CCCCCC;
}
div.contentBox {
   width: 421px;
   height: 356px;
   overflow: auto;
   
   
   
  
}
a {
	font-size: 10px;
	color: #666666;
}
a:link {
	text-decoration: underline;
}
a:visited {
	text-decoration: none;
	color: #666666;
}
a:hover {
	text-decoration: none;
	color: #999999;
}
a:active {
	text-decoration: none;
	color: #666666;
}
-->
</style></head>
<body>
<div align="center">
<table id="Table_01" width="600" border="0" cellpadding="0" cellspacing="0">
	<tr>
		<td>
			<a href="index.php"><img src="images/home.jpg" width="178" height="44" alt="" border="0"/></a></td>
		<td colspan="2">
			<img id="Untitled_1_02" src="images/Untitled-1_02.gif" width="422" height="44" alt="" /></td>
	</tr>
	<tr>
		<td style="background-color: #ffffff; width: 178;" valign="top">
		    <div align="left">
			     <a href="login.php?side=forside">Forside</a>
                             <a href="login.php?side=tilbud">Tilbud</a>
                             <a href="login.php?side=om">Om</a>
                             <a href="login.php?side=kontakt">Kontakt</a>
                             <a href="login.php?side=produkter">Produkter</a>
                             <a href="login.php?side=delik">Delikatesser</a>
                             <a href="login.php?side=kurio">Kuriosa</a>
                             <a href="login.php?side=bruger">Rediger Bruger</a>
                             <a href="login.php?side=brugerb2b">Rediger B2B-Bruger</a>
			     <a href="login.php?side=billeder">Upload Billede</a>
                        
			
												
			</div>
			</td>
		<td>
			<img id="Untitled_1_04" src="images/Untitled-1_04.gif" width="1" height="356" alt="" /></td>
		<td style="background-color: #ffffff; width: 421;" valign="top">
		     <div class="contentBox" align="left">


<?php


//Forsiden start
if($_GET[side] == "") 
                      {
                        
                        
                      
                   echo "<div align=\\"center\\">
				         Velkommen til Basic CM system v 1.0
						 </div> 
					   ";
                      
                      }
//Forsiden Slut
					  
//Om start
if($_GET[side] == "om") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Om</b>
                      <a href=\\"login.php?side=omny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=omo\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=oms\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "omo") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM om order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['overskrift']."<a href=\\"login.php?side=omop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "omop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM om WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=omop&id=$id\\">";
	echo "<b>Overskrift:</b>";
	echo "<textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['overskrift']."</textarea>";
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "omny") 
                      {
                        
             echo "<div align=\\"center\\">
			<form method=\\"post\\" action=\\"func.php?side=omny\\"> 
            <b>Overskrift:</b>
            <textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\"></textarea>
            <textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\"></textarea>
			<input type=\\"submit\\" name=\\"Add\\" value=\\"Send\\">
			</form>
			</div>
               ";      
	        }

if($_GET[side] == "oms") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM om order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['overskrift']."<a href=\\"func.php?side=omslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


//om Slut

//Forside start
if($_GET[side] == "forside") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Forside</b>
                      <a href=\\"login.php?side=forsideny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=forsideo\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=forsides\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "forsideo") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM forside order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['overskrift']."<a href=\\"login.php?side=forsideop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "forsideop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM forside WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=forsideop&id=$id\\">";
	echo "<b>Overskrift:</b>";
	echo "<textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['overskrift']."</textarea>";
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "forsideny") 
                      {
                        
             echo "<div align=\\"center\\">
			<form method=\\"post\\" action=\\"func.php?side=forsideny\\"> 
            <b>Overskrift:</b>
            <textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\"></textarea>
            <textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\"></textarea>
			<input type=\\"submit\\" name=\\"Add\\" value=\\"Send\\">
			</form>
			</div>
               ";      
	        }

if($_GET[side] == "forsides") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM forside order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['overskrift']."<a href=\\"func.php?side=forsideslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


//Forside Slut

//Tilbud start
if($_GET[side] == "tilbud") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Tilbud</b>
                      <a href=\\"login.php?side=tilbudny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=tilbudo\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=tilbuds\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "tilbudo") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM tilbud order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['indhold']."<a href=\\"login.php?side=tilbudop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "tilbudop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM tilbud WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=tilbudop&id=$id\\">";
	
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "tilbudny") 
                      {
                        
             echo "<div align=\\"center\\">
			<form method=\\"post\\" action=\\"func.php?side=tilbudny\\"> 
            <b>Indhold:</b>
            
            <textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\"></textarea>
			<input type=\\"submit\\" name=\\"Add\\" value=\\"Send\\">
			</form>
			</div>
               ";      
	        }

if($_GET[side] == "tilbuds") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM tilbud order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['indhold']."<a href=\\"func.php?side=tilbudslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//Tilbud Slut

//kontakt start
if($_GET[side] == "kontakt") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Kontakt</b>
                      <a href=\\"login.php?side=kontaktny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=kontakto\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=kontakts\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "kontakto") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM kontakt order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['overskrift']."<a href=\\"login.php?side=kontaktop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "kontaktop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM kontakt WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=kontaktop&id=$id\\">";
	echo "<b>Overskrift:</b>";
	echo "<textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['overskrift']."</textarea>";
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
        echo "<b>Adresse:</b>";
	echo "<textarea name=\\"adresse\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['adresse']."</textarea>";
        echo "<b>Mail:</b>";
	echo "<textarea name=\\"mail\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['mail']."</textarea>";
        echo "<b>TLF:</b>";
	echo "<textarea name=\\"tlf\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['tlf']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "kontaktny") 
                      {
                        
            echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=kontaktny\\">";
	echo "<b>Overskrift:</b>";
	echo "<textarea name=\\"overskrift\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['overskrift']."</textarea>";
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
        echo "<b>Adresse:</b>";
	echo "<textarea name=\\"adresse\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['adresse']."</textarea>";
        echo "<b>Mail:</b>";
	echo "<textarea name=\\"mail\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['mail']."</textarea>";
        echo "<b>TLF:</b>";
	echo "<textarea name=\\"tlf\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['tlf']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Send\\">";
	echo "</form>";
	echo "</div>";      
	        }

if($_GET[side] == "kontakts") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM kontakt order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['overskrift']."<a href=\\"func.php?side=kontaktslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


//kontakt Slut	

//produkter start
if($_GET[side] == "produkter") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Produkter</b>
                      <a href=\\"login.php?side=produkterny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=produktero\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=produkters\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "produktero") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM produkter order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['indhold']."<a href=\\"login.php?side=produkterop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "produkterop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM produkter WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=produkterop&id=$id\\">";
	
	echo "<b>Indhold:</b>";
	echo "<textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['indhold']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "produkterny") 
                      {
                        
             echo "<div align=\\"center\\">
			<form method=\\"post\\" action=\\"func.php?side=produkterny\\"> 
            <b>Indhold:</b>
            
            <textarea name=\\"indhold\\" rows=\\"15\\" style=\\"width: 80%\\"></textarea>
			<input type=\\"submit\\" name=\\"Add\\" value=\\"Send\\">
			</form>
			</div>
               ";      
	        }

if($_GET[side] == "produkters") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM produkter order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['indhold']."<a href=\\"func.php?side=produkterslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//produkter Slut

//delikatesser start
if($_GET[side] == "delik") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Delikatesser</b>
                      <a href=\\"login.php?side=delikny\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=deliko\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=deliks\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "deliko") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM delik order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['navn']."<a href=\\"login.php?side=delikop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "delikop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM delik WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=delikop&id=$id\\">";
	
	echo "<b>Navn:</b>";
	echo "<textarea name=\\"navn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['navn']."</textarea>";
        echo "<b>Beskrivelse:</b>";
        echo "<textarea name=\\"besk\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['besk']."</textarea>";
        echo "<b>Billede:</b>";
        echo "<textarea name=\\"pic\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['pic']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "delikny") 
                      {
                        
             echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=delikny\\">";
	
	echo "<b>Navn:</b>";
	echo "<textarea name=\\"navn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['navn']."</textarea>";
        echo "<b>Beskrivelse:</b>";
        echo "<textarea name=\\"besk\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['besk']."</textarea>";
        echo "<b>Billede:</b>";
        echo "<textarea name=\\"pic\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['pic']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Tilføj\\">";
	echo "</form>";
	echo "</div>";
	        }

if($_GET[side] == "deliks") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM delik order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['navn']."<a href=\\"func.php?side=delikslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//delikatesser Slut

//bruger start
if($_GET[side] == "bruger") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Brugere</b>
                      
                      <a href=\\"login.php?side=brugero\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=brugers\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "brugero") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM users order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['brugernavn']."<a href=\\"login.php?side=brugerop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "brugerop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM users WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=brugerop&id=$id\\">";
	echo "<b>Brugernavn:</b>";
	echo "<textarea name=\\"brugernavn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['brugernavn']." - kan ikke ændres</textarea>";
        echo "<b>Kode:</b>";
        echo "<textarea name=\\"password\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['password']."</textarea>";
        echo "<b>Mail:</b>";
        echo "<textarea name=\\"mail\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['mail']."</textarea>";
        echo "<b>Adresse:</b>";
        echo "<textarea name=\\"adresse\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['adresse']."</textarea>";
        echo "<b>TLF:</b>";
        echo "<textarea name=\\"tlf\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['tlf']."</textarea>";
        echo "<b>Post Nr:</b>";
        echo "<textarea name=\\"zip\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['zip']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}



if($_GET[side] == "brugers") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM users order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['brugernavn']."<a href=\\"func.php?side=brugerslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//bruger Slut

//b2bbruger start
if($_GET[side] == "brugerb2b") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: B2B-Brugere</b>
                      
                      <a href=\\"login.php?side=b2bbrugero\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=b2bbrugers\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "b2bbrugero") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM b2busers order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['brugernavn']."<a href=\\"login.php?side=b2bbrugerop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "b2bbrugerop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM b2busers WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=b2bbrugerop&id=$id\\">";
	echo "<b>Brugernavn:</b>";
	echo "<textarea name=\\"brugernavn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['brugernavn']." - kan ikke ændres</textarea>";
        echo "<b>Kode:</b>";
        echo "<textarea name=\\"password\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['password']."</textarea>";
        echo "<b>Mail:</b>";
        echo "<textarea name=\\"mail\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['mail']."</textarea>";
        echo "<b>Adresse:</b>";
        echo "<textarea name=\\"adresse\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['adresse']."</textarea>";
        echo "<b>TLF:</b>";
        echo "<textarea name=\\"tlf\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['tlf']."</textarea>";
        echo "<b>Post Nr:</b>";
        echo "<textarea name=\\"zip\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['zip']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}



if($_GET[side] == "b2bbrugers") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM b2busers order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['brugernavn']."<a href=\\"func.php?side=b2bbrugerslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//b2bbruger Slut

//kuriosa start
if($_GET[side] == "kurio") 
                      {
                      echo "<div align=\\"center\\">
                      <b>Menu: Kuriosa</b>
                      <a href=\\"login.php?side=kuriony\\"><img src=\\"images/ny.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=kurioo\\"><img src=\\"images/rediger.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>    
                      <a href=\\"login.php?side=kurios\\"><img src=\\"images/slet.jpg\\" width=\\"60\\" height=\\"23\\" alt=\\"\\" border=\\"0\\" /></a>
                      </div>

                      ";  
                        
      
			
                      
                      }




if($_GET[side] == "kurioo") 
                      {
                        
                        include("config.php");
                        mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		        mysql_select_db("$database");
		         
		        $find=mysql_query("SELECT * FROM kurio order by id desc limit 9")or die(mysql_error());
                        while ($mp3 = mysql_fetch_array($find))
                      
                   echo "<div align=\\"center\\">
			".$mp3['navn']."<a href=\\"login.php?side=kurioop&id=".$mp3['id']."\\">Rediger</a>
			</div> 
			";
                      
                      }

if($_GET[side] == "kurioop")
{
	include("config.php");
	mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
	mysql_select_db("$database");

	$id = $_GET["id"];
	$find = mysql_query("SELECT * FROM kurio WHERE id=$id")or die(mysql_error());
    $mp3 = mysql_fetch_array($find);

	echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=kurioop&id=$id\\">";
	
	echo "<b>Navn:</b>";
	echo "<textarea name=\\"navn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['navn']."</textarea>";
        echo "<b>Beskrivelse:</b>";
        echo "<textarea name=\\"besk\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['besk']."</textarea>";
        echo "<b>Billede:</b>";
        echo "<textarea name=\\"pic\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['pic']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Opdater\\">";
	echo "</form>";
	echo "</div>";
}


if($_GET[side] == "kuriony") 
                      {
                        
             echo "<div align=\\"center\\">";
	echo "<form method=\\"post\\" action=\\"func.php?side=kuriony\\">";
	
	echo "<b>Navn:</b>";
	echo "<textarea name=\\"navn\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['navn']."</textarea>";
        echo "<b>Beskrivelse:</b>";
        echo "<textarea name=\\"besk\\" rows=\\"15\\" style=\\"width: 80%\\">".$mp3['besk']."</textarea>";
        echo "<b>Billede:</b>";
        echo "<textarea name=\\"pic\\" rows=\\"1\\" style=\\"width: 80%\\">".$mp3['pic']."</textarea>";
	echo "<input type=\\"submit\\" name=\\"Add\\" value=\\"Tilføj\\">";
	echo "</form>";
	echo "</div>";
	        }

if($_GET[side] == "kurios") 
                      {
                        
                include("config.php");
                mysql_connect($host, $brugernavn, $kodeord) or die(mysql_error());
		mysql_select_db("$database");
		$find=mysql_query("SELECT * FROM kurio order by id desc limit 9")or die(mysql_error());
                while ($mp3 = mysql_fetch_array($find))
  
               echo "<div align=\\"center\\">
               ".$mp3['navn']."<a href=\\"func.php?side=kurioslet&id=".$mp3['id']."\\">Slet</a>
               </div>";
}


 
//Kuriosa Slut

//billeder Start
if ($_GET[side] == "billeder")
   
   {  
	 
         echo "
		  
                  <div align=\\"center\\">
                  <form action=\\"upload.php\\" method=\\"post\\" enctype=\\"multipart/form-data\\">
                  <b>Upload billede:</b>
                  Billede:
                  <input type=\\"file\\" name=\\"upfil\\" />
                  <input type=\\"submit\\" value=\\"upload\\" />
                  </form>
                  <a href=\\"pics.php\\" target=\\"_blank\\">.:Se alle billeder:.</a>
                  </div>
                  
             ";
   
   }
//billeder Slut	

											  


?>			 
			 
			 
			 </div>
			</td>
	</tr>
</table>
</div>
</body>
</html>
Anders!
Bruger #8021 @ 29.10.05 00:03
Davs
Har lavet et lille login system som bruger database. Login virker fint, men det kan omgås ved at skrive en direkte url til en af de sider som skal beskyttes. Hvordan løser jeg det problem?
Anders!

i undervisningen på min skole har vi nettop lavet et login system med php md5 og sessions dette er forholdsvist sikert. men alt er jo relativt.

jeg har ikke benytter database af den grund at min free host ikk eunderstøttede det men du burde kunne bruge noget af det. du kan få koden fra min side og se om det kan hjælpe dig.

håber det hjælper dig
Det kunne være guld, kan du smide den herinde?
Anders!
Bruger #6045 @ 30.10.05 01:21
Det kunne være guld, kan du smide den herinde?
Anders!
jo kan jeg godt hvis jeg kan finde ud af hvordan kan du ikke lige sige hvorn jeg smider det ind?
Bruger #6045 @ 02.11.05 19:06
sån her ? :::hvordan indsætter man kode??
<< < 1 2 > >>
Login virker, men nemt at snyde!

Karma barometer (30 dage)

Modtaget

Givet

Favorit hos
Forum tråde
Artikler