SitePoint Sponsor |
|
User Tag List
Results 1 to 5 of 5
-
Aug 7, 2003, 15:40 #1
- Join Date
- Jan 2003
- Location
- DeKalb, IL
- Posts
- 290
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
selecting encrypted passwords <-Pictures!
well ive been using my "dawg" K Yank's login script for quite a while now. I decided that it was time to take the next big step forward with my new site.
the first thing i wanted to do was integrate the users from a new forum i found at http://www.punbb.org/ with the rest of my site. the problem is that i dont think im pulling the password fields from the punbb board database correctly.
im thinking users could signup at my forum then get access to other parts of my site with that same username and password if i can pull the login information correctly with my script.
here is an example page they could see call protectedpage.php.
PHP Code:<?php include 'accesscontrol2.php'; ?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
<head>
<title> Members-Only Page </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1
</head>
<body>
<p>Welcome, <?=$username?>! You have entered a members-only area
of the site. Don't you feel special?</p>
</body>
</html>
PHP Code:<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';
session_start();
$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("f8_thug");
$sql = "SELECT * FROM forum_users WHERE
username = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact [email=you@example.com.']you@example.com.'[/email]);
}
if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"[url=http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<html xmlns="[url=http://www.w3.org/1999/xhtml]http://www.w3.org/1999/xhtml[/url]">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SESSION['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
?>
PHP Code:dbConnect("f8_thug");
$sql = "SELECT * FROM forum_users WHERE
username = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact [email=you@example.com.']you@example.com.'[/email]);
}
http://www.sporkit.com/misc_links/database1.jpg
http://www.sporkit.com/misc_links/database2.jpg
however i was just pulling the code from this old database in a table called user just fine.
http://www.sporkit.com/misc_links/database3.jpg
im thinking that its this select statement in accesscontrol2.php thats throwing me off.
PHP Code:dbConnect("f8_thug");
$sql = "SELECT * FROM forum_users WHERE
username = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact [email=you@example.com.']you@example.com.'[/email]);
}
the only difference i noticed between the old table user and the new table from the forum im trying to use is the password fields are 16 and the other 32. not sure if that would make a differance.
anyway, if you have some suggestion i would love to hear them. i also hope i didnt scare anybody away with all the information i posed (not sure if thats a good thing).
ill probably be messing with it till then.
thanks everybody!
-
Aug 7, 2003, 16:13 #2
- Join Date
- Jun 2003
- Location
- Waterloo, ON
- Posts
- 1,517
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This may be the problem -- PASSWORD is a reserved term for MySQL's management of its own internal passwords. You will most likely want to replace this function with MD5, the likely equivalent in use on your forum.
Cheers!My name is Steve, and I'm a super-villian.
-
Aug 7, 2003, 16:23 #3
- Join Date
- Jan 2003
- Location
- DeKalb, IL
- Posts
- 290
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Originally Posted by lieut_data
-
Aug 7, 2003, 16:32 #4
- Join Date
- Jun 2003
- Location
- Waterloo, ON
- Posts
- 1,517
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
See MySQL Manual for more information -- but really, it should be as simple as replacing PASSWORD w/ MD5
Cheers!My name is Steve, and I'm a super-villian.
-
Aug 7, 2003, 16:57 #5
- Join Date
- Jan 2003
- Location
- DeKalb, IL
- Posts
- 290
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
darnit! haha! how disappointing i spent a long time putting this post together!
oh well at least it works. thanks man.
Bookmarks