Login Class problem
Posted: Mon Apr 26, 2010 2:52 pm
Hi guys, since i'm a newbie to php i have some problems. I want to use joomla `jos_users` for authentication in an external application. I've made it using the following
I also have a login class which i use for the application login system and here is the problen, when i use the script above into the function signin. Because i don't have a very good knowledge of php i think that there must be something inside the function signin that made my login form to freeze and do nothing. I've tried some other code in there (like read and write to db) and works perfect. I don't know i'am stuck. The login system i use can be found in http://www.chazzuka.com/blog/?p=82
Any help would be appreaciated, thanks in advance!
Code: Select all
$con = mysql_connect('*****', '***', '***');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
@mysql_select_db("****", $con);
// username and password sent from a form in another page
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT `password` FROM `jos_users` WHERE username= '$myusername' ";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$joom_pass =$row['password'];
//explode pass on colon
$parts = explode( ':', $joom_pass );
$pass =$parts[0];
$salt = $parts[1];
//make up the new md5 password using the user submitted password and salt from above
$genpassword = md5($mypassword . $salt) . ":" . $salt;
//if passwords match set session vars and redirect to new page
if ($genpassword == $joom_pass)
{
echo "OK";
}
Code: Select all
<?php
if(!defined('VALID_ACL_')) exit('direct access is not allowed.');
class Authorization
{
public function check_status()
{
if(empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time())
{
return false;
}
else
{
return true;
}
}
public function form()
{
global $ACL_LANG;
$htmlForm = '<form id="frmlogin">'.'<img src="images/logo.png" class="img1"/>'.
'<label>';
switch(LOGIN_METHOD)
{
case 'both':
$htmlForm .= $ACL_LANG['USERNAME'].'/'.$ACL_LANG['EMAIL'];
break;
case 'email':
$htmlForm .= $ACL_LANG['EMAIL'];
break;
default:
$htmlForm .= $ACL_LANG['USERNAME'];
break;
}
$htmlForm .=
':</label>'.
'<input type="text" name="u" id="u" class="textfield" />'.
'<label>'.$ACL_LANG['PASSWORD'].'</label>'.
'<input type="password" name="p" id="p" class="textfield" />'.
'<input type="submit" name="btn" id="btn" class="buttonfield" value="'.$ACL_LANG['LOGIN'].'" />'.
'<input type="reset" name="rst" id="rst" class="buttonfield1" value="Reset" />'.
'</form>';
return $htmlForm;
}
public function signin($u,$p)
{
global $db_config,$user_config;
$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
if(!$this->db) return false;
$opendb = @mysql_select_db($db_config['name'], $this->db);
if(!$opendb) return false;
$sql = "SELECT `password` FROM `jos_users` WHERE `username`= '$myusername' ";
$result = @mysql_query($sql,$this->db);
$row = mysql_fetch_array($result);
$joom_pass =$row['password'];
//explode pass on colon
$parts = explode( ':', $joom_pass );
$pass =$parts[0];
$salt = $parts[1];
//make up the new md5 password using the user submitted password and salt from above
$genpassword = md5($mypassword . $salt) . ":" . $salt;
$return = false;
if ($genpassword != $joom_pass)
{
if (USEDB)
{
if($u&&$p)
{
$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
if(!$this->db) return false;
$opendb = @mysql_select_db($db_config['name'], $this->db);
if(!$opendb) return false;
$sql = "SELECT * FROM `jos_users` WHERE `username`= '$myusername' "; $rs = @mysql_query($sql,$this->db);
if(!$rs) return false;
if(mysql_num_rows($rs))
{
$this->set_session(array_merge(mysql_fetch_assoc($result),array('expires'=>time()+(120*60))));
$return = true;
}
mysql_free_result($rs);
mysql_close($this->db);
unset($rs,$sql);
}
}
return $return;
}
}
private function set_session($a=false)
{
if(!empty($a))
{
$_SESSION['exp_user'] = $a;
}
}
}
?>