SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict sporkit's Avatar
    Join Date
    Jan 2003
    Location
    DeKalb, IL
    Posts
    290
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Talking selecting encrypted passwords <-Pictures!


    well ive been using my "dawg" K Yank's login script for quite a while now. I decided that it was time to take the next big step forward with my new site.

    the first thing i wanted to do was integrate the users from a new forum i found at http://www.punbb.org/ with the rest of my site. the problem is that i dont think im pulling the password fields from the punbb board database correctly.

    im thinking users could signup at my forum then get access to other parts of my site with that same username and password if i can pull the login information correctly with my script.

    here is an example page they could see call protectedpage.php.

    PHP Code:
    <?php include 'accesscontrol2.php'?>
    <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
      "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
    <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
    <head>
      <title> Members-Only Page </title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1
    </head>
    <body>
    <p>Welcome, <?=$username?>! You have entered a members-only area
       of the site. Don't you feel special?</p>
    </body>
    </html>
    the included file from protectedpage.php, is accesscontrol2.php
    PHP Code:
    <?php // accesscontrol.php
    include_once 'common.php';
    include_once 
    'db.php';
    session_start();
    $uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
    $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
    if(!isset(
    $uid)) {
      
    ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
      <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
      <head>
        <title> Please Log In for Access </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Login Required </h1>
      <p>You must log in to access this area of the site. If you are
         not a registered user, <a href="signup.php">click here</a>
         to sign up for instant access!</p>
      <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
        User ID: <input type="text" name="uid" size="8" /><br />
        Password: <input type="password" name="pwd" SIZE="8" /><br />
        <input type="submit" value="Log in" />
      </form></p>
      </body>
      </html>
      <?php
      
      
    exit;
    }
    $_SESSION['uid'] = $uid;
    $_SESSION['pwd'] = $pwd;
    dbConnect("f8_thug");
    $sql "SELECT * FROM forum_users WHERE
            username = '
    $uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact [email=you@example.com.']you@example.com.'[/email]);
    }
    if (mysql_num_rows($result) == 0) {
      unset($_SESSION['
    uid']);
      unset($_SESSION['
    pwd']);
      ?>
      <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
        "[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
      <html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
      <head>
        <title> Access Denied </title>
        <meta http-equiv="Content-Type"
          content="text/html; charset=iso-8859-1" />
      </head>
      <body>
      <h1> Access Denied </h1>
      <p>Your user ID or password is incorrect, or you are not a
         registered user on this site. To try logging in again, click
         <a href="<?=$_SESSION['
    PHP_SELF']?>">here</a>. To register for instant
         access, click <a href="signup.php">here</a>.</p>
      </body>
      </html>
      <?php
      exit;
    }
    $username = mysql_result($result,0,'
    fullname');
    ?>
    i think this code from the page dispalyed above

    PHP Code:
    dbConnect("f8_thug");
    $sql "SELECT * FROM forum_users WHERE
            username = '
    $uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact [email=you@example.com.']you@example.com.'[/email]);

    is trying to pull data from the punbb board database that looks like this.

    http://www.sporkit.com/misc_links/database1.jpg
    http://www.sporkit.com/misc_links/database2.jpg


    however i was just pulling the code from this old database in a table called user just fine.

    http://www.sporkit.com/misc_links/database3.jpg

    im thinking that its this select statement in accesscontrol2.php thats throwing me off.

    PHP Code:
    dbConnect("f8_thug");
    $sql "SELECT * FROM forum_users WHERE
            username = '
    $uid' AND password = PASSWORD('$pwd')";
    $result mysql_query($sql);
    if (!
    $result) {
      
    error('A database error occurred while checking your '.
            
    'login details.\\nIf this error persists, please '.
            
    'contact [email=you@example.com.']you@example.com.'[/email]);

    maybe its an encryption thingy?

    the only difference i noticed between the old table user and the new table from the forum im trying to use is the password fields are 16 and the other 32. not sure if that would make a differance.

    anyway, if you have some suggestion i would love to hear them. i also hope i didnt scare anybody away with all the information i posed (not sure if thats a good thing ).

    ill probably be messing with it till then.

    thanks everybody!

  2. #2
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This may be the problem -- PASSWORD is a reserved term for MySQL's management of its own internal passwords. You will most likely want to replace this function with MD5, the likely equivalent in use on your forum.

    Cheers!
    My name is Steve, and I'm a super-villian.

  3. #3
    SitePoint Addict sporkit's Avatar
    Join Date
    Jan 2003
    Location
    DeKalb, IL
    Posts
    290
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by lieut_data
    This may be the problem -- PASSWORD is a reserved term for MySQL's management of its own internal passwords. You will most likely want to replace this function with MD5, the likely equivalent in use on your forum.

    Cheers!
    i knew it! i did a search on this forum to see how to use the md5 thingy but didnt find much. i also checked the php.net site without much luck. do you know where i could find info on this or mabey how it should look?

  4. #4
    La la la la la bronze trophy lieut_data's Avatar
    Join Date
    Jun 2003
    Location
    Waterloo, ON
    Posts
    1,517
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    See MySQL Manual for more information -- but really, it should be as simple as replacing PASSWORD w/ MD5

    Cheers!
    My name is Steve, and I'm a super-villian.

  5. #5
    SitePoint Addict sporkit's Avatar
    Join Date
    Jan 2003
    Location
    DeKalb, IL
    Posts
    290
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    darnit! haha! how disappointing i spent a long time putting this post together!

    oh well at least it works. thanks man.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •