[Resolved] Sorry -- But I need help.

robert_w_ark

After helping many people of PHP, I am ashamed to ask for help, but I really need it. I cannot find the problem in these 2 scripts at all. So here I go.

I am running Apache2 with PHP 5 (but some PHP 4 Modules.)

Please view the attachment for all information regarding Apache and PHP -- You may need to review it.

Here is the code that wont work. When going to the page in my browser (ex: http://localhost:500/Band%20CMS/) It will sit for about 20 seconds, and come up to say "The operation timed out when attempting to contact www.localhost.com." -- So here is the code.

index.php:

<?php
session_start();
include("band-cms_config.php");
include("band-cms_functs.php");

$action = clean(@$_GET['action']);
switch($action)
{
  case "login":
    draw_header();
    login(clean(@$_GET['next']));
    draw_footer();
    break;
  case "logout":
    draw_header();
    logout();
    draw_footer();
    break;
  case "news_area":
    draw_header();
    edit_news(clean(@$_GET['cmd']));
    draw_footer();
    break;
  case "home":
    draw_header();
    home();
    draw_footer();
    break;
  default:
    draw_header();
    home();
    draw_footer();
    break;
}
?>

Here is band-cms_functs.php:

<?php
if (eregi("band-cms_functs", $_SERVER['PHP_SELF'])) die("Access Denied.");

function clean($data) { return htmlspecialchars(addslashes($data)); }

function draw_error($title = "Error", $message = "Unknown Error")
{
  ?>
  <table width="300" cellspacing="0" cellpadding="2">
  <tr>
    <td align="center">
      <?php echo $title; ?>
    </td>
  </tr>
  <tr>
    <td align="left">
      <p align="justify">
        <?php echo $message; ?>
      </p>
    </td>
  </tr>
  </table>
  <?php
}

function draw_table($width = "100%", $title = "", $message = "")
{
  ?>
  <table width="<?php echo $width; ?>" cellspacing="0" cellpadding="2">
  <tr>
    <td align="center">
      <?php echo $title; ?>
    </td>
  </tr>
  <tr>
    <td align="left">
      <p align="justify">
        <?php echo $message; ?>
      </p>
    </td>
  </tr>
  </table>
  <?php
}

function draw_header()
{
  $title = (isset($_GET['action']) && !empty($_GET['action'])) ? " - ".clean(@$_GET['action']) : "";
  ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <title>intercept designs - Band Content Manager<?php echo stripslashes(stripslashes(ucwords($title))); ?></title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta name="keywords" content="website design, web hosting, cms, erp, erm solutions, marketing, web development" />
  <meta name="description" content="Louisville, KY Website design, web hosting, CMS/ERP/ERM solutions." />
  <meta name="robots" content="FOLLOW,INDEX" />
  <script type="text/javascript"></script>
  <link rel="stylesheet" href="bandsheet.css" type="text/css" />
</head>
<body>
<img src="logo.jpg" alt="Logo image" />
<br />
<br />
<div class="left">
  <ul id="listnav">
    <li class="title">Administration Panel</li>
<?php if(is_logged_in()) { ?>
    <li><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=home" onfocus="blur();">News and Updates</a></li>
    <li><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=news_area" onfocus="blur();" class="over">&gt; News Panel</a></li>
    <li><a href="#" onfocus="blur();">Tour Management</a></li>
    <li><a href="#" onfocus="blur();">Band Biography</a></li>
    <li><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=logout" onfocus="blur();">Logout</a></li>
<?php } else { ?>
    <li><a href="<?php echo $_SERVER['PHP_SELF']; ?>?action=login" onfocus="blur();">Please Login</a></li>
<?php } ?>
  </ul>
</div>
<div class="right">
  <?php
}

function draw_footer()
{
  ?>
</div>
</body>
</html>
  <?php
}

function is_logged_in()
{
  if(is_logged_in()) draw_error("Error", "You are already logged in.");
  else
  {
    if(isset($_SESSION['username']) && isset($_SESSION['password']))
    {
      $username = clean($_SESSION['username']);
      $password = clean($_SESSION['password']);
      $query = mysql_query("SELECT * FROM `band-cms_admins` WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
      if(mysql_num_rows($query) == 1) return true;
      else return false;
    }
    else return false;
  }
}

function home()
{
  if(!is_logged_in()) login();
  else
  {
    $query = mysql_query("SELECT * FROM `band-cms_news` ORDER BY `id` DESC") or die(mysql_error());
    if(mysql_num_rows($query) == 0) draw_error("No News", "There is no news in the database.\n<br />\n<br />\nFeel free to <a href=\"".$_SERVER['PHP_SELF']."?action=add_news\">Add News</a>");
    else
    {
      while($row = mysql_fetch_array($query))
      {
        draw_table("100%", stripslashes(stripslashes($row['title'])), stripslashes(stripslashes($row['story']))."\n<br />\n<br />\nPosted on: ".stripslashes(stripslashes($row['date']))." By ".stripslashes(stripslashes($row['author']))."\n");
        echo "\n<br />\n";
      }
    }
  }
}

function login($next = "home")
{
  if(!isset($_GET['cmd']) || @$_GET['cmd'] != "do_login")
  {
    ?>
  <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?action=login&amp;cmd=do_login&amp;next=<?php echo $next; ?>">
  <table width="300" cellspacing="0" cellpadding="2">
  <tr>
    <td align="center" colspan="2">
      Please Login
    </td>
  </tr>
  <tr>
    <td align="left" width="50%">
      Username
    </td>
    <td align="left" width="50%">
      <input type="text" name="username">
    </td>
  </tr>
  <tr>
    <td align="left" width="50%">
      Password
    </td>
    <td align="left" width="50%">
      <input type="password" name="password">
    </td>
  </tr>
  <tr>
    <td align="center" colspan="2">
      <input type="submit" value=" Login " onfocus="blur();"> &bull; <input type="reset" value=" Reset Fields " onfocus="blur();">
    </td>
  </tr>
  </table>
  </form>
    <?php
  }
  else
  {
    $username = clean($_POST['username']);
    $password = md5($_POST['password']);
    $query = mysql_query("SELECT * FROM `band-cms_admins` WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
    if(mysql_num_rows($query) == 1)
    {
      $_SESSION['username'] = $username;
      $_SESSION['password'] = $password;
      echo "<script type=\"text/javascript\">window.location = '".$_SERVER['PHP_SELF']."?action=$next';</script>";
    }
    else draw_error("Invalid Login", "You have entered invalid login information. Please go <a href=\"javascript:history.back(-1);\">Back</a> and try again.");
  }
}

function logout()
{
  if(is_logged_in())
  {
    session_destroy();
    draw_table("300", "Success", "You are now logged out.");
  }
  else draw_error("Error", "You are not logged in.");
}

function news_area($cmd = "home")
{
  if(is_logged_in())
  {

function news_area_home()
{
  $query = mysql_query("SELECT * FROM `band-cms_news` ORDER BY `id` DESC") or die(mysql_error());
  if(mysql_num_rows($query) == 0) draw_error("No News", "There is no news in the database.\n<br />\n<br />\nFeel free to <a href=\"".$_SERVER['PHP_SELF']."?action=add_news\">Add News</a>");
  else
  {
    while($row = mysql_fetch_array($query))
    {
      draw_table("100%", stripslashes(stripslashes($row['title'])), stripslashes(stripslashes($row['story']))."\n<br />\n<br />\nPosted on: ".stripslashes(stripslashes($row['date']))." By ".stripslashes(stripslashes($row['author']))."\n<br />\n<br />\n<a href=\"".$_SERVER['PHP_SELF']."?action=news_area&amp;cmd=edit\">Edit Story</a> - <a href=\"".$_SERVER['PHP_SELF']."?action=news_area&amp;cmd=delete\">Delete</a>");
      echo "\n<br />\n";
    }
  }
}

function news_area_edit($id)
{
}

function news_area_add()
{
}

function news_area_delete($id)
{
}

switch($cmd)
{
  case "add":
    news_area_add();
    break;
  case "edit":
    news_area_edit(clean(@$_GET['id']));
    break;
  case "delete":
    news_area_delete(clean(@$_GET['id']));
    break;
  default:
  case "home":
    news_area_home();
    break;
}
  }
  else login();
}

?>

And here is band-cms_config.php:

<?php
if (eregi("band-cms_config", $_SERVER['PHP_SELF'])) die("Access Denied.");
$dbh = mysql_connect("localhost", "root", "mypassword") or die(mysql_error());
if($dbh) mysql_select_db("Band_CMS", $dbh);
else die(mysql_error());
?>

So there you go, please be sure to check out the attachment if you need it. Thanks a bunch, -Robert

Oh -- By the way: I can access any other file besides this index.php (not in this directory though), for example http://localhost:500/ works perfectly fine for me (and yes, it is a PHP page.)

If you would like to compile the source and test it out, feel free to 🙂

Thanks again, -Rob

leatherback

Hi,

IO am notr sure but.

function is_logged_in()
{
  if(is_logged_in()) draw_error("Error", "You are already logged in.");
  else
  {
    if(isset($_SESSION['username']) && isset($_SESSION['password']))
    {
      $username = clean($_SESSION['username']);
      $password = clean($_SESSION['password']);
      $query = mysql_query("SELECT * FROM `band-cms_admins` WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
      if(mysql_num_rows($query) == 1) return true;
      else return false;
    }
    else return false;
  }
}

Doesn't this function form an endless loop? Calling itself constantly?

robert_w_ark

Wow holy shit, I am a f****** moron.. Thanks a lot man!!