Starting

From a8ff78d15646e2132771a7f8112705849fe1ea70 Mon Sep 17 00:00:00 2001 From: Jean-Marc Pigeon Date: Thu, 4 Sep 2025 14:47:36 -0400 Subject: [PATCH] Detecting if logname is and php adin --- lib/unimar.c | 2 +- sql/datatest.sql | 11 +++++++ www/gessql.php | 9 ++++++ www/home.php | 63 --------------------------------------- www/index.php | 2 +- www/login.php | 76 +++++++++++++++++++++++++++++++++++++++--------- www/mailleur.php | 7 ++++- www/scrfun.php | 2 +- www/subrou.php | 9 +++--- 9 files changed, 96 insertions(+), 85 deletions(-) delete mode 100644 www/home.php diff --git a/lib/unimar.c b/lib/unimar.c index f296c21..e817329 100644 --- a/lib/unimar.c +++ b/lib/unimar.c @@ -291,7 +291,7 @@ locked=false; phase=0; proceed=true; while (proceed==true) { - (void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); + //(void) rou_alert(0,"%s JMPDBG phase='%d'",OPEP,phase); switch (phase) { case 0 : //Starting lock if (mar_request(marptr,"BEGIN")<0) { diff --git a/sql/datatest.sql b/sql/datatest.sql index ba678eb..efeb35a 100644 --- a/sql/datatest.sql +++ b/sql/datatest.sql @@ -8,7 +8,10 @@ DELETE FROM emails; //present password is crypted as a hash and in password too //adding a list of local email +//============================================================== //set for local test +INSERT INTO emails (email,password) \ + values ('root@example.com','4cabri'); INSERT INTO emails (email,password) \ values ('postmaster@example.com','postmaster'); INSERT INTO emails (email,password) \ @@ -30,6 +33,7 @@ INSERT INTO emails (email,password) \ INSERT INTO emails (email,password) \ values ('user2@mardb.example.com','user2'); +//============================================================== //List of remote IP status INSERT INTO remotes (remoteip,credit,lastscan) \ values ('127.127.0.25',10,now()); @@ -51,6 +55,7 @@ INSERT INTO remotes (remoteip) \ INSERT INTO remotes (remoteip) \ values ('193.111.208.122'); +//============================================================== //selected IP from from 'clean' server INSERT INTO remotes (remoteip) \ values ('192.219.254.189'); @@ -60,3 +65,9 @@ INSERT INTO remotes (remoteip) \ //selected IP with low credit INSERT INTO remotes (remoteip,credit) \ values ('127.127.127.127',-50); + +//============================================================== +//defining admin user +INSERT INTO admins (email) \ + values ('root@example.com'); +//============================================================== diff --git a/www/gessql.php b/www/gessql.php index 107498b..aed6b8c 100644 --- a/www/gessql.php +++ b/www/gessql.php @@ -71,8 +71,11 @@ return $isgood; function sql_getlogname($dbsql) { +global $isadmin; + $OPEP="gessql.php:sql_getlogname"; +$isadmin=0; $logname=NULL; $expire=NULL; $cookie=$_COOKIE[getenv("APPNAME")]; @@ -109,6 +112,12 @@ while ($proceed==true) { $phase=999; } break; + case 4 : //checking if logname is an admin + $stmt=$dbsql->Select("Select * from admins where email='$logname'"); + $id=$stmt->fetch(PDO::FETCH_ASSOC)['email']; + if ($id!=NULL) + $isadmin=true; + break; default : //SAFE Guard $proceed=false; break; diff --git a/www/home.php b/www/home.php deleted file mode 100644 index dff3648..0000000 --- a/www/home.php +++ /dev/null @@ -1,63 +0,0 @@ - - - -Starting - - - - - -Mailleur - -$login -$footer - - -EOT; - -return $STR; -} - -if ($_SERVER["REQUEST_METHOD"] == "POST") { - $pass=$_POST["passwd"]; - $logname=$_POST["email"]; - $dbsql=sql_connect(); - $isok=sql_checkpassword($dbsql,$logname,$pass); - sql_close($dbsql); - switch ($isok) { - case false : //trouble report - echo ""; - break; - default : - header('Location: mailleur.php'); - break; - } - } - -//display main screen -echo body(); -?> - - - diff --git a/www/index.php b/www/index.php index af1907f..ce0cbc5 120000 --- a/www/index.php +++ b/www/index.php @@ -1 +1 @@ -home.php \ No newline at end of file +login.php \ No newline at end of file diff --git a/www/login.php b/www/login.php index a81d71d..9b4c4e0 100644 --- a/www/login.php +++ b/www/login.php @@ -1,18 +1,68 @@ + + +Starting + + + + + +Mailleur + +$login +$footer + + +EOT; + +return $STR; +} if ($_SERVER["REQUEST_METHOD"] == "POST") { - $username = $_POST['username']; - $password = $_POST['password']; - - // Example: Check if username is 'test' and password is 'wrongpass' - if ($username === 'test' && $password === 'correctpass') { - // Successful login, redirect or set session - echo ""; - } else { - // Incorrect password, display a JavaScript alert as a popup - echo ""; + $pass=$_POST["passwd"]; + $logname=$_POST["email"]; + $dbsql=sql_connect(); + $isok=sql_checkpassword($dbsql,$logname,$pass); + sql_close($dbsql); + switch ($isok) { + case false : //trouble report + echo ""; + break; + default : + header('Location: mailleur.php'); + break; } -} + } + +//display main screen +echo body(); ?> + + + diff --git a/www/mailleur.php b/www/mailleur.php index 23ed234..237da88 100644 --- a/www/mailleur.php +++ b/www/mailleur.php @@ -14,6 +14,9 @@ include_once "gessql.php"; function body($logname) { +global $isadmin; + +rou_alert(0,"JMPDBG admin=$admin"); $footer=footer(getenv("APPNAME")); $cook=$_COOKIE[getenv("APPNAME")]; @@ -30,6 +33,8 @@ Within mailleur
LOGNAME=$logname
+ADMIN=$isadmin +
The cookies=$cook
@@ -53,7 +58,7 @@ if ($logname!=NULL) { echo body($logname); } else { - header('Location: home.php'); + header('Location: login.php'); } ?> diff --git a/www/scrfun.php b/www/scrfun.php index 42d3df1..09b9dd1 100644 --- a/www/scrfun.php +++ b/www/scrfun.php @@ -80,7 +80,7 @@ else {