[PHP] Maintenance Panel Tutorial

~~Caleb~~ · 02-02-2008, 01:28 PM

Originally Posted by lolwut

Yes, I do know how insecure this is... It's intended for beginners.
That means someone whos new?
God, what happened to the nice Caleb? >_>

If it was intended for more advanced coders then I'd have used sessions.
Cookies are simple and are good for a PHP first-time programmer.

EDIT: Just noticed a huge error in edit.php:
Replace the previous edit.php code with this code: (I'd be greatful if a Moderator could replace the current edit.php file with the one below on the first post please!)

PHP Code:


 <?php
require("config.php"); //Includes the configuration file.
if($_COOKIE[loggedin] == "yes"){ //If they're logged in...
        if(!isset($_POST['update'])){ //Check to see if they've posted the form yet.
            echo("Please choose the setting to edit here:<br />
            <form method=\"post\">
            Site Status: <select name=\"status\"><option value=\"on\">On</option><option value=\"off\">Off</option></select>
            <br />
            Offline Message: <input type=\"text\" name=\"offmsg\" size=\"40\">
            <br />
            Online Page To Redirect To: <input type=\"text\" name=\"onpage\" size=\"30\">
            <br />
            <input type=\"submit\" value=\"Update!\" name=\"update\">
            </form>");
            //^^ Show them the form because they haven't posted it yet.
        }else{ //If they have posted the form...
            $status = $_POST['status']; //Makes the variable easier to handle.
            $offmsg = $_POST['offmsg']; //Makes the variable easier to handle.
            $onpage = $_POST['onpage']; //Makes the variable easier to handle.
            mysql_query("UPDATE `sitestatus` SET `status` = '" . $status . "', `offmsg` = '" . $offmsg . "', `onpage` = '" . $onpage . "' ;"); //Updates the MySQL database with the information they specified in the form.
            echo("The site has been succesfully updated!"); //Tells them that the database has been updated.
             setcookie("loggedin","",time() - 3600); //Unsets the logged in cookie.
         } //End the if statement (if have(n't) posted the form yet.
}else{ //If they're not logged in...
    die("Please login to edit the site status!"); //End the if statement(if they're (not) logged in.
} //End the if statment (if not logged in)
mysql_close(); //Closes any remaining MySQL connections.
?>

I am just telling you, because some person is going to grab that code, and just use it somewhere.. then complain because they got hacked.

MrCraig · 02-02-2008, 08:06 PM

Oh fgs.

The last thing you tell 'beginners' how to do is produce insecure code.
They just run round forum going "OMGZ! HOW 1337 AM I? I CAN CODE!?!"

Need to secure the system for it to be of any use...

Dr222 · 02-02-2008, 09:09 PM

nicely done

Westman40 · 10-05-2008, 10:35 AM

Code:

Warning: Cannot modify header information - headers already sent by (output started at /home/habmaste/public_html/[removed]/config.php:13) in /home/habmaste/public_html/[removed]/login.php on line 16
 
Warning: Cannot modify header information - headers already sent by (output started at /home/habmaste/public_html/[removed]/config.php:13) in /home/habmaste/public_html/[removed]/login.php on line 17

I am also getting these errors! I believe its to do with the cookies thing. I am a bit of a noob at PHP at the moment, is it possible to use sessions? (is so, can anybody attempt it?)

I am using crisphosting at the moment... They dont suck lol. I hope they aint blocking something.

Bonxy · 10-05-2008, 11:55 AM

nice....

Bonxy · 10-05-2008, 02:49 PM

when i try to run this query i get this message

Error

SQL query:

CREATE TABLE `sitestatus` (
`id` INT( 2 ) NOT NULL AUTO_INCREMENT ,
`status` VARCHAR( 10 ) NOT NULL ,
`offmsg` TEXT NOT NULL ,
`onpage` VARCHAR( 50 ) NOT NULL ,
PRIMARY KEY ( `id` )
) ENGINE = MYISAM INSERT INTO `sitestatus` ( `id` , `status` , `offmsg` , `onpage` )
VALUES (
'1', 'off', 'The site is currently offline for some much needed maintenance work on the frameworks!', 'http://example.com/'
)

MySQL said: Documentation
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO `sitestatus` (
`id` ,
`status` ,
`offmsg` ,
`onpage`
)
VALUES ' at line 9

anyone know why ?

Bonxy · 15-05-2008, 07:28 PM

im getting these errors when i log in

Warning: Cannot modify header information - headers already sent by (output started at /home/HIDDEN/public_html/panel/extras/status/login.php:9) in /home/HIDDEN/public_html/panel/extras/status/login.php on line 24

Warning: Cannot modify header information - headers already sent by (output started at /home/HIDDEN/public_html/panel/extras/status/login.php:9) in /home/HIDDEN/public_html/panel/extras/status/login.php on line 25

lolwut · 24-05-2008, 04:05 PM

All anyone every does these days is moan.

Fully fixed and uses sessions because i couldn't think of a workaround if I used cookies.

NOT TESTED!

PHP Code:


MYSQL QUERY (Fixed) :


CREATE TABLE `sitestatus` (
`id` INT( 2 ) NOT NULL AUTO_INCREMENT ,
`status` VARCHAR( 10 ) NOT NULL ,
`offmsg` TEXT NOT NULL ,
`onpage` VARCHAR( 50 ) NOT NULL ,
PRIMARY KEY (`id`)
) ENGINE = MYISAM ;

INSERT INTO `sitestatus` ( `id` , `status` , `offmsg` , `onpage` )
VALUES ( '1', 'off', 'The site is currently offline for some much needed maintenance work on the frameworks!', 'http://example.com/'
) ;

------------------

CONFIG.PHP :

<?php
//==============================================================================
$host = "localhost";     //Set this to the database host.
$user = "root";          //Set this to the database username.
$pass = "";              //Set this to the database password.
$name = "users";         //Set this to the database name.
$set_password = "12321"; //Set this to the password you want the user to provide before they're given access to the site.
//==============================================================================
mysql_connect($host,$user,$pass); //Connects to the database.
mysql_select_db($name); //Selects the database.
$info = mysql_query("SELECT * FROM `sitestatus` WHERE `id` = '1' ;"); //Is getting the information we need.
$i = mysql_fetch_object($info); //Is formatting the information we need.
session_start(); // ;)
?> 

------------------

LOGIN.PHP :

<?php
require("config.php"); //Includes the configuration file we made earlier. 
if(!isset($_POST['login'])){ //If they haven't posted the login form...
    echo("Please enter the password to edit the site status!<br />
    <form method=\"post\">
    Password: <input type=\"password\" name=\"password\">
    <br />
    <input type=\"submit\" value=\"Login\" name=\"login\">
    </form>");
    //^^ Then show the login form so they can login.
}else{ //If they have posted the login form...
    $s_password = $_POST['password']; //Change the password variable to something easier to handle.
    if($s_password != $set_password){ //If the supplied password doens't match the set password in the configuration file...
        die("You did not enter the correct password!"); //Tell them so, and close the session so they can't edit anything.
    } //Ends the if statement (the supplied password didn't match the set one)
    $_SESSION['loggedin'] = "yes"; //Sets a session with the users information in, will be used in the next step.
    header("Location: edit.php"); //Sends them off to the edit info page.
} //End the if statement (the login from hasn't been posted)
mysql_close(); //Close any remaining MySQL connections.
?> 

------------------

EDIT.PHP :

<?php
require("config.php"); //Includes the configuration file.
if($_SESSION[loggedin] == "yes"){ //If they're logged in...
        if(!isset($_POST['update'])){ //Check to see if they've posted the form yet.
            echo("Please choose the setting to edit here:<br />
            <form method=\"post\">
            Site Status: <select name=\"status\"><option value=\"on\">On</option><option value=\"off\">Off</option></select>
            <br />
            Offline Message: <input type=\"text\" name=\"offmsg\" size=\"40\">
            <br />
            Online Page To Redirect To: <input type=\"text\" name=\"onpage\" size=\"30\">
            <br />
            <input type=\"submit\" value=\"Update!\" name=\"update\">
            </form>");
            //^^ Show them the form because they haven't posted it yet.
        }else{ //If they have posted the form...
            $status = $_POST['status']; //Makes the variable easier to handle.
            $offmsg = $_POST['offmsg']; //Makes the variable easier to handle.
            $onpage = $_POST['onpage']; //Makes the variable easier to handle.
            mysql_query("UPDATE `sitestatus` SET `status` = '" . $status . "', `offmsg` = '" . $offmsg . "', `onpage` = '" . $onpage . "' ;"); //Updates the MySQL database with the information they specified in the form.
            echo("The site has been succesfully updated!"); //Tells them that the database has been updated.
             session_destroy($_SESSION['loggedin']; //Unsets the logged in cookie.
         } //End the if statement (if have(n't) posted the form yet.
}else{ //If they're not logged in...
    die("Please login to edit the site status!"); //End the if statement(if they're (not) logged in.
} //End the if statment (if not logged in)
mysql_close(); //Closes any remaining MySQL connections.
?> 

------------------

INDEX.PHP (Example) :

<?php
require("config.php"); //Includes the configuration file we made earlier.
if($i->status == "on"){ //If the site status is set to on...
    header($i->onpage); //Then forward the user to the online page.
}elseif($i->status == "off"){ //If the site status is set to off...
    echo("The site is currently in offline mode!<br />The reason for this is: <b>" . $i->offmsg . "</b><br />We appologise for any disturbance this may cause.");
    //^^ Then tell them so, and show the offline message.
} //Closes the statement.
mysql_close(); //Stops any MySQL connections we had running.
?>

Decode · 24-05-2008, 05:23 PM

I would simply do

maintanance.php

PHP Code:


<?php
$maintanance = file_get_contents("maintanance.txt");
if ( $maintanance == "true" ){
echo "site is offline";
exit();
}
?>

2hsus7sjs.php (has a funny name so no one will find it lol)

PHP Code:


<?php
if ( $_GET['action'] == "submit" ) {
$maintanance = $_POST['maintanance'];
$changefile = file("maintanance.txt");
$update = fopen($changefile , "w");
fputs($update , "$maintanance");
fclose($update);
}
?>
<form method="post" action="?action=submit">
<table>
<tr><td>Close?</td>
<td>
<select name="maintanance">
<option value="true" selected>Put site offline
<option value="false">Put site Online
</select>
</td></tr><tr><td colspan="2">
<center><input type="submit" value="change"></center>
</td></tr></table>
</form>

Not tested, should work

Also, it requires no database.

EDIT: allmost forgot lol, to make the script work add

PHP Code:


<?php include("maintanance.php"); ?>

to the index page of your site.

lolwut · 25-05-2008, 10:34 AM

Could do, but that's less secure and part of the objective of mine is to help people use databases.

Thread: [PHP] Maintenance Panel Tutorial

Thread Tools

Posting Permissions