tilføj admin!

<?php
session_start();
if (!isset($_SESSION['laccess']) && $_POST['referer'] != 'login') {
	header("Location: news.php?f=needlogin");
	exit;
}

include('../inc.config.php');

mysql_connect($cfg['mysql']['host'],$cfg['mysql']['username'],$cfg['mysql']['password']);
mysql_select_db($cfg['mysql']['database']);

if ($_POST['referer'] == 'login') {
	$kryptpassword = md5($_POST['password']);
	$kryptpassword2 = md5($_POST['password2']);
	if (($_POST['username'] == $cfg['admin']['username'] && $kryptpassword == $cfg['admin']['password']) || ($_POST['username'] == $cfg['admin']['username2'] && $kryptpassword2 == $cfg['admin']['password2'])) {
		$_SESSION['laccess'] = 1;
		header("Location: administration.php");
	} else {
		header("Location: news.php?f=wronglogin");
	}
}

if ($_POST['referer'] == 'post_news') {
	if ($_FILES['image']['name'] != '') {
		$image = time().substr($_FILES['image']['name'],strrpos($_FILES['image']['name'],'.'));
		move_uploaded_file($_FILES['image']['tmp_name'], '../files/'.$image);
	} elseif ($_POST['standard'] != '') {
		$image = $_POST['standard'];
	} else {
		$image = '';
	}
	mysql_query("INSERT INTO news VALUES ('','".$_POST['title']."','".$_POST['author']."',now(),'".$_POST['synopsis']."','".$_POST['text']."','".$image."')") or die(mysql_error());
	header("Location: news.list.php");
}
if ($_POST['referer'] == 'edit_news') {
	mysql_query("UPDATE news SET title='".$_POST['title']."', author='".$_POST['author']."', synopsis='".$_POST['synopsis']."', text='".$_POST['text']."', image='".$_POST['image']."' WHERE id=".$_POST['id']."") or die(mysql_error());
	header("Location: news.list.php?offset=".$_POST['offset']);
}

if ($_POST['referer'] == 'upload') {
	for ($i=0;$i<count($_FILES['file']['name']);$i++) {
		if ($_FILES['file']['name'][$i] != '') {
			move_uploaded_file($_FILES['file']['tmp_name'][$i], '../files/'.$_FILES['file']['name'][$i]);
		}
	}
	header("Location: files.list.php");
}
?>

Krypter passwordet så du kan sætte det ind i config.php filen i beskyttet form.

krypterpass.php

<form action="krypterpass.php" method="post">
<b>Password:</b><br />
<input type="password" name="password" /><br />
<b>Password2:</b><br />
<input type="password" name="password2" /><br />
<input type="submit" value="Krypter" />
</form>

<?PHP
$password = md5($_POST['password']);
$password2 = md5($_POST['password2']);

echo "
<b>Password 1:</b> $password<br />
<b>Password 2:</b> $password2";
?>

Kan se du bruger hent password i fil metoden, så vil nok foreslår du nok skal gøre sådan her:

SELVE CONFIG!

<?php
$cfg['mysql']['host']     = 'HOST';
$cfg['mysql']['username'] = 'MYSQL BRUGERNAVN';
$cfg['mysql']['password'] = 'MYSQL PASSWORD';
$cfg['mysql']['database'] = 'DATABASE NAVN';

/* Indstillinger : administrationsmodul */
$cfg['admin']['username'] = 'ADMIN BRUGERNAVN';
$cfg['admin']['password'] = 'ADMIN PASSWORD';
$cfg['admin']['username2'] = 'ADMIN BRUGERNAVN2';
$cfg['admin']['password2'] = 'ADMIN PASSWORD2';

$cfg['limit']             = 10; // ANTAL PR SIDE
$cfg['pages_each_way']    = 7; // PEGENDE SIDER
?>

Så skal du i login filen fx lave:

if(($cfg['admin']['username'] == $_POST['brugernavn'] AND $cfg['admin']['password'] == $_POST['password']) OR ($cfg['admin']['username2'] == $_POST['brugernavn'] AND $cfg['admin']['password2'] == $_POST['password']))
{
echo "admin";
} else {
echo "blablabla";
}

Men husk nu at krypter passwordene.

forstår ikke helt men dette er min handle som jeg kalder den

<?php
session_start();
if (!isset($_SESSION['laccess']) && $_POST['referer'] != 'login') {
	header("Location: news.php?f=needlogin");
	exit;
}

include('../inc.config.php');

mysql_connect($cfg['mysql']['host'],$cfg['mysql']['username'],$cfg['mysql']['password']);
mysql_select_db($cfg['mysql']['database']);

if ($_POST['referer'] == 'login') {
	if ($_POST['username'] == $cfg['admin']['username'] && $_POST['password'] == $cfg['admin']['password']) {
		$_SESSION['laccess'] = 1;
		header("Location: administration.php");
	} else {
		header("Location: news.php?f=wronglogin");
	}
}

if ($_POST['referer'] == 'post_news') {
	if ($_FILES['image']['name'] != '') {
		$image = time().substr($_FILES['image']['name'],strrpos($_FILES['image']['name'],'.'));
		move_uploaded_file($_FILES['image']['tmp_name'], '../files/'.$image);
	} elseif ($_POST['standard'] != '') {
		$image = $_POST['standard'];
	} else {
		$image = '';
	}
	mysql_query("INSERT INTO news VALUES ('','".$_POST['title']."','".$_POST['author']."',now(),'".$_POST['synopsis']."','".$_POST['text']."','".$image."')") or die(mysql_error());
	header("Location: news.list.php");
}
if ($_POST['referer'] == 'edit_news') {
	mysql_query("UPDATE news SET title='".$_POST['title']."', author='".$_POST['author']."', synopsis='".$_POST['synopsis']."', text='".$_POST['text']."', image='".$_POST['image']."' WHERE id=".$_POST['id']."") or die(mysql_error());
	header("Location: news.list.php?offset=".$_POST['offset']);
}

if ($_POST['referer'] == 'upload') {
	for ($i=0;$i<count($_FILES['file']['name']);$i++) {
		if ($_FILES['file']['name'][$i] != '') {
			move_uploaded_file($_FILES['file']['tmp_name'][$i], '../files/'.$_FILES['file']['name'][$i]);
		}
	}
	header("Location: files.list.php");
}
?>

efter jeg lige så lidt på koden fandt jeg stedet

if ($_POST['referer'] == 'login') {
	if ($_POST['username'] == $cfg['admin']['username'] && $_POST['password'] == $cfg['admin']['password'])

og tilføjede så den så sådan her ud

if ($_POST['referer'] == 'login') {
	if ($_POST['username'] == $cfg['admin']['username'] && $_POST['password'] == $cfg['admin']['password']) or ($_POST['username'] == $cfg['admin']['username2'] && $_POST['password'] == $cfg['admin']['password2']) {

men det virker ikke

<?php
session_start();
if (!isset($_SESSION['laccess']) && $_POST['referer'] != 'login') {
	header("Location: news.php?f=needlogin");
	exit;
}

include('../inc.config.php');

mysql_connect($cfg['mysql']['host'],$cfg['mysql']['username'],$cfg['mysql']['password']);
mysql_select_db($cfg['mysql']['database']);

if ($_POST['referer'] == 'login') {
	if (($_POST['username'] == $cfg['admin']['username'] && $_POST['password'] == $cfg['admin']['password']) || ($_POST['username'] == $cfg['admin']['username2'] && $_POST['password'] == $cfg['admin']['password2'])) {
		$_SESSION['laccess'] = 1;
		header("Location: administration.php");
	} else {
		header("Location: news.php?f=wronglogin");
	}
}

if ($_POST['referer'] == 'post_news') {
	if ($_FILES['image']['name'] != '') {
		$image = time().substr($_FILES['image']['name'],strrpos($_FILES['image']['name'],'.'));
		move_uploaded_file($_FILES['image']['tmp_name'], '../files/'.$image);
	} elseif ($_POST['standard'] != '') {
		$image = $_POST['standard'];
	} else {
		$image = '';
	}
	mysql_query("INSERT INTO news VALUES ('','".$_POST['title']."','".$_POST['author']."',now(),'".$_POST['synopsis']."','".$_POST['text']."','".$image."')") or die(mysql_error());
	header("Location: news.list.php");
}
if ($_POST['referer'] == 'edit_news') {
	mysql_query("UPDATE news SET title='".$_POST['title']."', author='".$_POST['author']."', synopsis='".$_POST['synopsis']."', text='".$_POST['text']."', image='".$_POST['image']."' WHERE id=".$_POST['id']."") or die(mysql_error());
	header("Location: news.list.php?offset=".$_POST['offset']);
}

if ($_POST['referer'] == 'upload') {
	for ($i=0;$i<count($_FILES['file']['name']);$i++) {
		if ($_FILES['file']['name'][$i] != '') {
			move_uploaded_file($_FILES['file']['tmp_name'][$i], '../files/'.$_FILES['file']['name'][$i]);
		}
	}
	header("Location: files.list.php");
}
?>

Kan du ikke bare selv lave et nyheds system, med en admin database ? Så ville det være nemmer for dig selv.

Jeg har selv brugt netop dette nyheds system, men fandt hurtigt ud af at det var nemmer og lave selv, så kan du jo også selv bestemme hvad det skal indholde