I have a simple gallery script in flash that has a php admin. The login works in firefox but no IE it redirects you right back to the login page can anyone figure this out it's 3 files index.php admin.php config.php the index.php redirects you to admin.php.
index.php
<?
$login=$_POST['login'];
$pass=$_POST['pass'];
if (!isset($login)&&!isset($pass)) {
print'<html><link href="main.css" rel="stylesheet" type="text/css"><body style="background-color: #161616;">';
print'<table width="100%" height="100%" border="0"><tr><td valign="middle" style="color:#FFFFFF;font-family: Tahoma; font-size:11px " align="center">';
print'<img src="pics/text_top.jpg" border="0"><br><br>';
print'<img src="pics/logo.jpg" border="0">';
print'<form action="index.php" method="post">';
print '<strong>Login:</strong> <input name="login" type="text" maxlength="16" style="border-color:#777777; border-width:1px; border-style:solid; background-color:#000000; color:#777777 "/><br><br>';
print '<strong>Password:</strong> <input name="pass" type="password" maxlength="16" style="border-color:#777777; border-width:1px; border-style:solid; background-color:#000000; color:#777777 "/><br><br>';
print'<input name="ENTER" type="submit" value="" style="width:78px; height:21px; border-width:0px; border-style:solid; background-image:url(pics/submit.jpg)"/>';
print'</form>';
print'</td></tr></table></body</html>';
} else {
$login = str_replace("'", "", $login);
$login = substr($login,0,16);
require ("config.php");
$a1=strcmp($admin_login,$login);unset($admin_login);
$a2=strcmp($admin_pass,$pass);unset($admin_pass);
$COOKIE_LOGIN_NAME='login';
$COOKIE_PASSW_NAME='pass';
if (($a1==0)&&($a2==0)) {
setcookie($COOKIE_LOGIN_NAME, $login, time()+3600);
setcookie($COOKIE_PASSW_NAME, md5($pass), time()+3600);
header("Location: admin.php");
exit;
} else {
unset($pass);unset($login);
setcookie($COOKIE_LOGIN_NAME, '', time()+3600);
setcookie($COOKIE_PASSW_NAME, '', time()+3600);
header("Location: index.php");
};
}
print "<noscript>";
?>
admin.php
<?
require ("config.php");
$COOKIE_LOGIN_NAME='login';
$COOKIE_PASSW_NAME='pass';
$login = $_COOKIE[$COOKIE_LOGIN_NAME];
$pass = $_COOKIE[$COOKIE_PASSW_NAME];
$a1=strcmp($admin_login,$login);unset($admin_login);
$a2=strcmp(md5($admin_pass),$pass);unset($admin_pass);
if (($a1!=0)or($a2!=0)) {
header("Location: index.php");
exit;
} else {
Header('Cache-Control: no-cache, must-revalidate');
Header('Pragma: no-cache');
Header('Expires: Mon,26 Jul 1980 05:00:00 GMT');
include("inc/header.php");
$edit_dir=$_GET['edit_dir'];
$dir_selected=0;
if ($_GET['dir_selected']) {$dir_selected=$_GET['dir_selected'];};
if ($_POST['dir_selected']) {$dir_selected=$_POST['dir_selected'];};
if ($edit_dir!='') {
print '<table><tr><td style="color:#ffffff">'."\n";
print "<form action=\"admin.php\" method=\"post\">\n";
print "Category to rename:<br />\n";
print "<b>$edit_dir</b><br />\n";
print "<input name=\"ren_dir\" type=\"hidden\" value=\"$edit_dir\" /><br />\n";
print "New category name:<br />\n";
print "<input name=\"ren_dir2\" type=\"text\" /><br />\n";
print "<input type=\"submit\" /></form>\n";
print "</td></tr></table>\n";
print "</body></html>";
} else {
include("inc/top.php");
// rename category
$ren_dir=$_POST['ren_dir'];
$ren_dir2=$_POST['ren_dir2'];
if (($ren_dir!='')&&($ren_dir2!='')) {
rename($gallery_path."/".$ren_dir, $gallery_path."/".$ren_dir2);
};
// add new category
$new_dir=$_POST['new_dir'];
if (($new_dir!='')&&(!is_dir($gallery_path."/".$new_dir))) {
mkdir($gallery_path."/".$new_dir, 0777);
mkdir($gallery_path."/".$new_dir."/pix", 0777);
mkdir($gallery_path."/".$new_dir."/thumbs", 0777);
};
// delete category
$del_dir=$_GET['del_dir'];
if (($del_dir!='')&&(is_dir($gallery_path."/".$del_dir))) {
$Open=opendir($gallery_path."/".$del_dir."/thumbs");
if ($Open) {
while ($Files=readdir($Open)) {
if (($Files!='.')&&($Files!='..')) {
if (file_exists($gallery_path."/".$del_dir."/thumbs/".$Files)) {
unlink($gallery_path."/".$del_dir."/thumbs/".$Files);
};
if (file_exists($gallery_path."/".$del_dir."/pix/".$Files)) {
unlink($gallery_path."/".$del_dir."/pix/".$Files);
};
};
};
};
$tmp=rmdir($gallery_path."/".$del_dir."/pix");
$tmp=rmdir($gallery_path."/".$del_dir."/thumbs");
if (file_exists($gallery_path."/".$del_dir."/settings.dat")) {
unlink($gallery_path."/".$del_dir."/settings.dat");
};
$tmp=rmdir($gallery_path."/".$del_dir);
};
//
$dirs_count=0;
$category_settings='';
$Open=opendir($gallery_path);
while ($Files=readdir($Open)) {
if (!is_file($Files)&&$Files!='.'&&$Files!='..') {
print '<table width="239"><tr><td style="color:#ffffff">';
print "<a href=\"admin.php?del_dir=$Files\" class=\"menu_2\"><img src=\"pics/delete.gif\" border=0 alt=\"delete\"></a> ";
print "<a href=\"admin.php?edit_dir=$Files\" class=\"menu_2\"><img src=\"pics/edit.gif\" border=0 alt=\"edit\"></a> ";
if ($dir_selected==$dirs_count) {
$selectDir=$Files;
print "<a href=\"admin.php?dir_selected=$dirs_count\" class=\"menu_1\">$Files</a>";
//read category settings
$FileName="$gallery_path/$Files/settings.dat";
if (is_file($FileName)) {
$File=fopen($FileName,'r');
if (filesize($FileName)>0) {
$category_settings=fread($File,filesize($FileName));
};
fclose($File);
};
} else {
print "<a href=\"admin.php?dir_selected=$dirs_count\" class=\"menu_2\">$Files</a>";
};
print '</td></tr></table>';
$dirs_count++;
};
};
print '<br><br><table width="100%"><tr><td style="color:#FFFFFF "><strong class="white" style=" font-size:11px ">Add new category:</strong><form action="admin.php" method="post"><input name="dir_selected" type="hidden" value="'.$dir_selected.'"><input type="text" name="new_dir" style="border-color:#777777; border-width:1px; border-style:solid; background-color:#000000; color:#777777 "><input name="OK" type="submit" value="" style="width:51px; height:21px; border-width:0px; border-style:solid; background-image:url(pics/add.jpg)"></form></td></tr></table>';
print "</td><td>";
//select image - save category settings
$select_file=$_GET['select_file'];
if (($select_file!='')&&($dirs_count!=0)) {
$FileName="$gallery_path/$selectDir/settings.dat";
$File=fopen($FileName,'w');
fwrite($File,$select_file);
fclose($File);
$category_settings=$select_file;
};
// add new picture
if (isset($_FILES["new_file"])) {
if (is_uploaded_file($_FILES['new_file']['tmp_name'])) {
$filename = $_FILES['new_file']['tmp_name'];
$upload_name = $_FILES['new_file']['name'];
$ext = substr($_FILES['new_file']['name'],
1 + strrpos($_FILES['new_file']['name'], "."));
$size = GetImageSize($filename);
if (($size)&&($size[0]<$pic_max_size_x)&&($size[1]<$pic_max_size_y)) {
if (copy($filename, $gallery_path."/".$selectDir."/pix/".$upload_name)) {
require ('inc/imgresize.php');
img_resize($filename, $gallery_path."/".$selectDir."/thumbs/".$upload_name, $thumb_size_x, $thumb_size_y);
};
unlink($filename);
} else {
print "<center><strong class=\"white\" style=\" font-size:11px \">Size of new picture is very large. Please resize this.<br /><br />";
print "Maximum size of new picture must be: ".$pic_max_size_x."x".$pic_max_size_y."</center><br /><br />";
};
};
};
// delete picture
$delete_file=$_GET['delete_file'];
if ($delete_file) {
unlink($gallery_path."/".$selectDir."/thumbs/".$delete_file);
unlink($gallery_path."/".$selectDir."/pix/".$delete_file);
};
//
print '<br><br><table width="100%" style="margin-left:15px; margin-top:0px;"><tr><td colspan="3"><strong class="white" style=" font-size:11px ">Add new picture:</strong><form enctype="multipart/form-data" action="admin.php" method="post"><input name="dir_selected" type="hidden" value="'.$dir_selected.'"><input type="file" name="new_file" style="border-color:#777777; border-width:1px; border-style:solid; background-color:#000000; color:#777777 "> <input name="OK" type="submit" value="" style="width:51px; height:21px; border-width:0px; border-style:solid; background-image:url(pics/add.jpg)"></form></td></tr></table>';
if ($dirs_count>0) {
$k=0;
$Open=opendir($gallery_path."/".$selectDir."/thumbs");
if ($Open) {
while ($Files=readdir($Open)) {
$out = array();
preg_match('/\S+\.(\S+)$/', $Files, $out);
if ($out[1]==="jpg") {
print '<table width="100%" bgcolor="#161616" cellspacing="1" cellpadding="5" style="margin-left:15px; margin-top:0px;">';
if ($k==0) {
print '<tr bgcolor="#313131">';
$k++;
} else {
print '<tr bgcolor="#2d2d2d">';
$k=0;
};
print '<td width="38"><a href="admin.php?';
print "delete_file=$Files&dir_selected=$dir_selected";
print '"><img src="pics/delete.gif" border=0 alt="delete" style="margin-left:12px "></td>';
print '<td width="38"><a href="admin.php?';
if ($category_settings!=$Files) {
print "select_file=$Files&dir_selected=$dir_selected";
print '"><img src="pics/no_select.gif" border=0 alt="select" style="margin-left:12px ">';
} else {
print "select_file=$Files&dir_selected=$dir_selected";
print '"><img src="pics/select.gif" border=0 alt="select" style="margin-left:12px "></td>';
};
print '<td width="50"><a href="';
print $gallery_path."/".$selectDir."/pix/".$Files;
print '"><img src="';
print $gallery_path."/".$selectDir."/thumbs/".$Files;
print '" border="0" width="50" height="50"></a></td><td style="color:#FFFFFF ">';
print $Files;
print '</td></tr></table>';
};
};
} else {
print '<table width="100%">';
print '<tr>';
print '<td colspan="3">no files found</td>';
print '</td></tr></table>';
};
};
include("inc/bottom.php");
};
};
?>
config.php
<?
$admin_login="admin";
$admin_pass="pass";
$gallery_path="gallery";
$pic_max_size_x="547";
$pic_max_size_y="391";
$thumb_size_x="104";
$thumb_size_y="80";
?>