Page 1 of 1

Login Class problem

Posted: Mon Apr 26, 2010 2:52 pm
by greg7
Hi guys, since i'm a newbie to php i have some problems. I want to use joomla `jos_users` for authentication in an external application. I've made it using the following

Code: Select all


$con = mysql_connect('*****', '***', '***');
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}
@mysql_select_db("****", $con);

// username and password sent from a form in another page
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT `password` FROM `jos_users` WHERE username= '$myusername' ";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$joom_pass =$row['password'];	

//explode pass  on colon
$parts = explode( ':', $joom_pass );
$pass =$parts[0];
$salt = $parts[1];

//make up the new md5 password using the user submitted password and salt from above
$genpassword = md5($mypassword . $salt) . ":" . $salt;

//if passwords match set session vars and redirect to new page
if ($genpassword == $joom_pass)
{
	echo "OK";
}
I also have a login class which i use for the application login system and here is the problen, when i use the script above into the function signin. Because i don't have a very good knowledge of php i think that there must be something inside the function signin that made my login form to freeze and do nothing. I've tried some other code in there (like read and write to db) and works perfect. I don't know i'am stuck. The login system i use can be found in http://www.chazzuka.com/blog/?p=82

Code: Select all

<?php

if(!defined('VALID_ACL_')) exit('direct access is not allowed.');

class Authorization
{
	
	public function check_status()
		{
			if(empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time())
			{
				return false;
			}
			else
			{
				return true;
			}
		}
		
	public function form()
		{
			global $ACL_LANG;
			$htmlForm =	'<form id="frmlogin">'.'<img src="images/logo.png" class="img1"/>'.
						'<label>';
			switch(LOGIN_METHOD)
			{
				case 'both':
					$htmlForm .= $ACL_LANG['USERNAME'].'/'.$ACL_LANG['EMAIL'];
					break;
				case 'email':
					$htmlForm .= $ACL_LANG['EMAIL'];
					break;
				default:
					$htmlForm .= $ACL_LANG['USERNAME'];
					break;
			}						
			$htmlForm .= 
						':</label>'.
						 '<input type="text" name="u" id="u" class="textfield" />'.
						 '<label>'.$ACL_LANG['PASSWORD'].'</label>'.
						 '<input type="password" name="p" id="p" class="textfield" />'.
						 '<input type="submit" name="btn" id="btn" class="buttonfield"  value="'.$ACL_LANG['LOGIN'].'" />'.
						 '<input type="reset" name="rst" id="rst" class="buttonfield1" value="Reset" />'.
						 '</form>';
			return $htmlForm;
		}
	
	public function signin($u,$p)
	{
		global $db_config,$user_config;
			
		$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
		
		if(!$this->db) return false;
							
		$opendb = @mysql_select_db($db_config['name'], $this->db);
			
		if(!$opendb) return false;
		
		$sql = "SELECT `password` FROM `jos_users` WHERE `username`= '$myusername' ";
		$result = @mysql_query($sql,$this->db);
		$row = mysql_fetch_array($result);
		$joom_pass =$row['password'];	
		
		//explode pass  on colon
		$parts = explode( ':', $joom_pass );
		$pass =$parts[0];
		$salt = $parts[1];
		
		//make up the new md5 password using the user submitted password and salt from above
               $genpassword = md5($mypassword . $salt) . ":" . $salt;
				
		$return = false;
			
		if ($genpassword != $joom_pass)
		{	
			if (USEDB)
				{
					if($u&&$p)
						{
							$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
							if(!$this->db) return false;
							
							$opendb = @mysql_select_db($db_config['name'], $this->db);
							if(!$opendb) return false;
							
							$sql = "SELECT * FROM `jos_users` WHERE `username`= '$myusername' ";							$rs = @mysql_query($sql,$this->db);
							
							if(!$rs) return false;
							
							if(mysql_num_rows($rs))
							{ 
								$this->set_session(array_merge(mysql_fetch_assoc($result),array('expires'=>time()+(120*60))));
								$return = true;
							}	
							mysql_free_result($rs);
							mysql_close($this->db);
							unset($rs,$sql);
						}
				}
			return $return;		
		}
	}
	
	private function set_session($a=false)
		{
			if(!empty($a))
				{
					$_SESSION['exp_user'] = $a;
				}
		}
}
?>

Any help would be appreaciated, thanks in advance!

Re: Login Class problem

Posted: Mon Apr 26, 2010 3:03 pm
by Jonah Bron
What is the problem? What isn't working? Do you get an error?

Re: Login Class problem

Posted: Mon Apr 26, 2010 3:08 pm
by greg7
Thanks for your interest, no i didn't get any error, just my login form freezes when i submit it and nothing happens. If i use the script standalone without the class it works. The other thing i thought is if there is a problem with the JSON, the JS that i use expect jquery, is the following :

Code: Select all

$(document).ready(function(){ 

	var wrapperId 	=	'#wrapper';		// main container
	var waitId		=	'#wait';		// wait message container
	var formId		=	'#frmLogin';	// submit button identifier
	var userId		=	'#u';			// user input identifier
	var passId		=	'#p';			// password input identifier
	
	var waitNote	=	'Loading...';											// loading message
	var jsErrMsg	=	'Username or password is not valid';						// clientside error message
	
	var postFile	=	'login.post.php';	// post handler
	
	var autoRedir	=	true;			// auto redirect on success
	
	// hide first
	$(waitId).hide(); $(wrapperId).hide();
	
	// FirstLoad
	$(waitId).html(waitNote).fadeIn('fast',function(){
		// get request to load form
		$.getJSON(postFile, function(data){
			
			if(data.status==true)
			{
				// status is authorized
				if(autoRedir){ 
					$(waitId).hide().html('Redirecting...').fadeIn('fast', function(){window.location=data.url;});
				} else {
					$(waitId).fadeOut('slow', function(){ $(wrapperId).html(data.message).slideDown(); }).html();
				}
			} 
			else 
			{
				// show form
				$(wrapperId).html(data.message).slideDown('slow',function(){
					// hide  message
					$(waitId).fadeOut('fast',function(){
						
						//*/ submit handler
						$("#frmlogin").submit( function() { 
							// loading
							$(waitId).html(waitNote).fadeIn();
								
							var _u = $(userId).val();	// form user
							var _p = $(passId).val();	// form id
							
							//@ valid user ( modify as needed )
							if(_u.length<4) 
								{
									$(waitId).html(jsErrMsg).fadeIn('fast',function(){ 
										$(userId).focus();
									});
								} 
							else
								{
									//@ valid password ( modify as needed )
									if(_p.length<4)
										{
											$(waitId).html(jsErrMsg).fadeIn('fast',function(){ 
												$(passId).focus();
											});
										}
									else
										{
											$.post(postFile, { u: _u, p: _p }, function(data) {
												if(data.status==true){ 
													if(autoRedir){ 
														$(waitId).html('Redirecting...').fadeIn('fast', function(){
															window.location=data.url;
														});
													} else {
														$(waitId).fadeOut('slow', function(){ 
															$(wrapperId).slideUp('slow',function(){
																$(this).html(data.message).slideDown();
															}); 
														}).html();
													}
												} 
												else
												{
													$(waitId).html(data.message).slideDown('fast', function(){ 
														$(userId).focus(); 
													}); 
												}
											}
											,'json');
										}
								}
							return false;
						});				
						//*/
						$(userId).focus();
					}).html();
				});
				
			}
			
		 });
	});
});

Re: Login Class problem

Posted: Mon Apr 26, 2010 3:20 pm
by greg7
To be more specific, if use the class with this piece of code in signin function it works fine but i fail to generate password md5 hash with salt.

Code: Select all

<?php
/*
**	@desc:		PHP ajax login form using jQuery
**	@author:	programmer@chazzuka.com
**	@url:		http://www.chazzuka.com/blog
**	@date:		15 August 2008
**	@license:	Free!, but i'll be glad if i my name listed in the credits'
*/
//@ validate inclusion
if(!defined('VALID_ACL_')) exit('direct access is not allowed.');

class Authorization
{
	public function check_status()
		{
			if(empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time())
				{
					return false;
				}
			else
				{
					return true;
				}
		}
		
	public function form()
		{
			global $ACL_LANG;
			$htmlForm =	'<form id="frmlogin">'.'<img src="images/logo.png" class="img1"/>'.
						'<label>';
			switch(LOGIN_METHOD)
			{
				case 'both':
					$htmlForm .= $ACL_LANG['USERNAME'].'/'.$ACL_LANG['EMAIL'];
					break;
				case 'email':
					$htmlForm .= $ACL_LANG['EMAIL'];
					break;
				default:
					$htmlForm .= $ACL_LANG['USERNAME'];
					break;
			}						
			$htmlForm .= 
						':</label>'.
						 '<input type="text" name="u" id="u" class="textfield" />'.
						 '<label>'.$ACL_LANG['PASSWORD'].'</label>'.
						 '<input type="password" name="p" id="p" class="textfield" />'.
						 '<input type="submit" name="btn" id="btn" class="buttonfield" value="'.$ACL_LANG['LOGIN'].'" />'.
						 '<input type="reset" name="rst" id="rst" class="buttonfield1" value="Reset" />'.
						 '</form>';
			return $htmlForm;
		}
		
	public function signin($u,$p)
		{
			global $db_config,$user_config;
			
			$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
			if(!$this->db) return false;
							
			$opendb = @mysql_select_db($db_config['name'], $this->db);
			if(!$opendb) return false;
			
			$sql = "SELECT `password` FROM `jos_users` WHERE `username`='$u' ";
			$result = @mysql_query($sql,$this->db);
			
			if (mysql_num_rows($result)>0)
			{
				$info = mysql_fetch_array($result);
				$dbpassword=$info['password'];			
				list($md5pass, $saltpass) = split(":", $dbpassword);		
				$md=md5($p.$saltpass);
			}
			
			$return = false;
		if ($md==$md5pass)
		{	
			if (USEDB)
				{
					if($u&&$p)
						{
							$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
							if(!$this->db) return false;
							
							$opendb = @mysql_select_db($db_config['name'], $this->db);
							if(!$opendb) return false;
							
							$sql = "SELECT * FROM `jos_users` WHERE `username`='$u' ";						
							$rs = @mysql_query($sql,$this->db);
							
							if(!$rs) return false;
							
							if(mysql_num_rows($rs))
							{
								$this->set_session(array_merge(mysql_fetch_assoc($rs),array('expires'=>time()+(120*60))));
								$return = true;
							}	
							mysql_free_result($rs);
							mysql_close($this->db);
							unset($rs,$sql);
						}
				}
			return $return;		
		}
	}
	
	private function set_session($a=false)
		{
			if(!empty($a))
				{
					$_SESSION['exp_user'] = $a;
				}
		}
}
?>

Re: Login Class problem

Posted: Mon Apr 26, 2010 5:14 pm
by Jonah Bron
It could be that there's an error in your code, but you have error reporting off. Try turning it on.

http://www.bradino.com/php/error-reporting/

Re: Login Class problem

Posted: Mon Apr 26, 2010 5:56 pm
by greg7
Thanks for the reply, i have

Code: Select all

ini_set('display_errors',1);
error_reporting(E_ALL);
in my index.php where i have my login form. But nevermind i solved it, i was made a lot of changes, at last it was very simple but i cannot explain thoroughly what it was due to the extent, although if somebody needs some code or a complete login system to integrate with joomla jos_users, post here and i will send whole of it. Or I will make a tutorial in tutorial sector.