The login function doesn`t work.
[syntax=php]<?php
/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/
require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$userpage = 1;
include("modules/$module_name/navbar.php");
function makepass() {
$cons = "bcdfghjklmnpqertvwyz";
$vocs = "aeiou";
for ($x=0; $x < 6; $x++) {
mt_srand ((double) microtime() * 1000000);
$con[$x] = substr($cons, mt_rand(0, strlen($cons)-1), 1);
$voc[$x] = substr($voc, mt_rand(0, strlen($voc)-1), 1);
}
$makepass = $con[0] . $voc[0] .$con[2] . $con[1] . $voc[1] . $con[3] . $voc[3] . $con[4];
return($makepass);
}
function main($user) {
global $stop, $module_name, $redirect;
if (!is_user($user)) {
include("header.php");
if ($stop) {
OpenTable();
echo "<center><font class=\"title\"><b>"._LOGINCOR."</b></font></center>\n";
CloseTable();
echo "<br>\n";
} else {
OpenTable();
echo "<center><font class=\"title\"><b>"._USERREGLOGIN."</b></font></center>\n";
CloseTable();
echo "<br>\n";
}
if (!is_user($user)) {
OpenTable();
echo "<form action=\"modules.php?name=$module_name\" method=\"post\">\n"
."<b>"._USERLOGIN."</b><br><br>\n"
."<table border=\"0\"><tr><td>\n"
.""._NICKNAME.":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n"
."<tr><td>"._PASSWORD.":</td><td><input type=\"password\" name=\"password\" size=\"15\" maxlength=\"20\"></td></tr>\n"
."</table><input type=\"hidden\" name=\"redirect\" value=\"$redirect\">\n"
."<input type=\"hidden\" name=\"op\" value=\"login\">\n"
."<input type=\"submit\" value=\""._LOGIN."\"></form><br>\n\n"
."<center><font class=\"content\">[ <a href=\"modules.php?name=$module_name&op=pass_lost\">"._PASSWORDLOST."</a> ]"
."</font></center>\n";
CloseTable();
}
include("footer.php");
} elseif (is_user($user)) {
global $cookie;
cookiedecode($user);
userinfo($cookie[1]);
}
}
function pass_lost() {
global $user, $module_name;
if (!is_user($user)) {
include("header.php");
OpenTable();
echo "<center><font class=\"title\"><b>"._USERREGLOGIN."</b></font></center>";
CloseTable();
echo "<br>\n";
OpenTable();
echo "<b>"._PASSWORDLOST."<\b><br><br>\n"
.""._NOPROBLEM."<br><br>\n"
."<form action=\"modules.php?name=$module_name\" method=\"post\">\n"
."<table border=\"0\"><tr><td>\n"
.""._NICKNAME.":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n"
."<input type=\"hidden\" name=\"op\" value=\"mailpasswd\">\n"
."<input type=\"submit\" value=\""._SENDPASSWORD."\"></form><br>\n\n"
."<center><font class=\"content\">[ <a href=\"modules.php?name=$module_name&op=pass_lost\">"._PASSWORDLOST."</a> ]"
."</font></center>\n";
CloseTable();
include("footer.php");
} elseif (is_user($user)) {
global $cookie;
cookiedecode($user);
userinfo($cookie[1]);
}
}
function logout() {
global $prefix, $db, $user, $cookie, $redirect;
cookiedecode($user);
$r_uid = $cookie[0];
$r_username = $cookie[1];
setcookie("user");
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$r_username'");
$user = "";
include("header.php");
OpenTable();
if ($redirect != "") {
echo "<META HTTP-EQUIV=\"refresh\" content=\"3;URL=modules.php?name=$redirect\">";
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"3;URL=index.php\">";
}
echo "<center><font class=\"option\"><b>"._YOUARELOGGEDOUT."</b></font></center>";
CloseTable();
include("footer.php");
}
function mailpasswd($username) {
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;
$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if (!$result) {
include("header.php");
OpenTable();
echo "<center>"._SORRYNOUSERINFO."</center>";
CloseTable();
include("footer.php");
} else {
$host_name = $_SERVER["REMOTE_ADDR"];
$row = $db->sql_fetchrow($result);
$user_email = $row[user_email];
$newpass=makepass();
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._HASREQUESTED."\n\n"._YOURNEWPASSWORD." $newpass\n\n "._YOUCANCHANGE." $nukeurl/modules.php?name=$module_name\n\n"._IFYOUDIDNOTASK."";
$subject = ""._USERPASSWORD4." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
$cryptpass = md5($newpass);
$query = "UPDATE ".$user_prefix."_users SET user_password='$cryptpass' WHERE username = '$username'";
if (!$db->sql_query($query)) {
echo ""._UPDATEFAILED."";
}
include("header.php");
OpenTable();
echo "<center>"._PASSWORD4." $username "._MAILED."<br><br>"._GOBACK."</center>";
CloseTable();
include("footer.php");
}
}
function decookie($setuid, $setusername, $setpass) {
$info = base64_encode("$setuid:$setusername:$setpass");
setcookie("user","$info",time()+600);
}
function login($username, $user_password, $redirect) {
global $setinfo, $user_prefix, $db, $module_name, $prefix;
include("config.php");
$sql = "SELECT user_password, user_id FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
$setinfo = $db->sql_fetchrow($result);
if (($db->sql_numrows($result)==1) AND ($setinfo[user_id] != 1) AND ($setinfo[user_password] !="")) {
$non_crypt_pass = $user_password;
$old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
$new_pass = md5($user_password);
if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
$db->sql_query("UPDATE ".$user_prefix."_users SET user_password='$new_pass' WHERE username='$username'");
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$dbpass = $row[user_password];
}
if ($dbpass != $newpass) {
Header("Location: modules.php?name=$module_name&stop=1");
return;
}
} else {
decookie($setinfo[user_id], $username, $new_pass);
$uname = $_SERVER["REMOTE_ADDR"];
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
}
if ($redirect == "") {
Header("Location: modules.php?name=$module_name&op=userinfo&bypass=1&username=$username");
} else {
Header("modules.php?name=$module_name&stop=1");
}
}
function edituser() {
global $user, $userinfo, $cookie, $module_name, $bgcolor2, $bgcolor3;
getuserinfo($user);
if (($userinfo[username] != $cookie[1]) AND ($userinfo[user_password] != $cookie[2])) {
include("header.php");
OpenTable();
echo "<center><font class=\"title\"><b>"._PERSONALINFO."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
nav();
CloseTable();
echo "<br>";
OpenTable();
echo "<table cellpadding=\"3\" border=\"0\" width=\"100%\">"
."<tr><td bgcolor='$bgcolor2'>"
."<form name=\"Register\" action=\"modules.php?name=$module_name\" method=\"post\">"
."<b>"._USRACCOUNT."</b>:"
."</td><td bgcolor='$bgcolor3'>"
."<b>$userinfo[username]</b>"
."</td></tr><tr>"
."<td bgcolor='$bgcolor2'><b>"._USRNAME."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"name\" value=\"$userinfo[name]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRSURNAME."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"surname\" value=\"$userinfo[surname]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USREMAIL."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"email\" value=\"$userinfo[email]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRHOMEA."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"homea\" value=\"$userinfo[homea]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRHOMET."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"homet\" value=\"$userinfo[homet]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRWORKA."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"worka\" value=\"$userinfo[worka]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRWORKT."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"workt\" value=\"$userinfo[workt]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRPOSTA."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"posta\" value=\"$userinfo[posta]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRIDNB."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"idnb\" value=\"$userinfo[idnb]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRPASSWORD."</b>:<br>"._TYPENEWPASS."</td>"
."<td><input type=\"password\" name=\"user_password\" size=\"20\" maxlength=\"20\"> <input type=\"password\" name=\"vpass\" size=\"20\" maxlength=\"20\"></td>"
."<input type=\"hidden\" name=\"username\" value=\"$userinfo[username]\">"
."<input type=\"hidden\" name=\"user_id\" value=\"$userinfo[user_id]\">"
."<input type=\"hidden\" name=\"op\" value=\"saveuser\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\">"
."</form></td></tr></table>";
CloseTable();
include("footer.php");
} else {
main($user);
}
}
function saveuser($name, $surname, $email, $homea, $homet, $worka, $workt, $posta, $idnb, $user_password, $vpass, $username, $user_id) {
Global $user, $cookie, $userinfo, $user_prefix, $db, $module_name, $minpass;
cookiedecode($user);
$check = $cookie[1];
$check2 = $cookie[2];
$sql = "SELECT user_id, user_password FROM ".$user_prefix."_users WHERE username='$check'";
$result = $db->sql_query($sql);
$row = $db->sql_fetch($result);
$vuid = $row[user_id];
$ccpass = $row[user_password];
$atl_name = "$name";
$atl_surname = "$surname";
$atl_email = "$email";
$atl_homea = "$homea";
$atl_homet = "$homet";
$atl_worka = "$worka";
$atl_workt = "$workt";
$atl_posta = "$posta";
$atl_idnb = "$idnb";
if ((isset($user_password)) && ("$user_pass" != "$vpass")) {
echo "<center>"._PASSDIFFERENT."</center>";
} elseif (($user_password != "") && (strlen($user_password) < $minpass)) {
echo "<center>"._YOUPASSMUSTBE."<b>$minpass</b>"._CHARLONG."</center>";
} else {
if ($user_password != "") {
cookiedecode($user);
$db->sql_query("LOCK TABLES ".$user_prefix."_users WRITE");
$user_password = md5($user_password);
$db->sql_query("UPDATE ".$user_prefix."_users SET name='$atl_name', surname='$atl_surname', email='$atl_email', homea='$atl_homea', homet='$atl_homet', worka='$atl_worka', workt='$atl_workt', posta='$atl_posta', idnb='$atl_idnb',user_password='$user_password' WHERE user_id='$user_id'");
$sql = "SELECT user_id, username, user_password FROM ".$user_prefix."_users WHERE username='$username' AND user_password='$user_password'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetch(result);
decookie($userinfo[user_id],$userinfo[username],$userinfo[user_password]);
} else {
echo "<center>"._SOMETHIGNWRONG."</center><br>";
}
$db->sql_query("UNLOCK TABLES");
} else {
$db->sql_query("UPDATE ".$user_prefix."_users SET name='$atl_name', surname='$atl_surname', email='$atl_email', homea='$atl_homea', homet='$atl_homet', worka='$atl_worka', workt='$atl_workt', posta='$atl_posta', idnb='$atl_idnb',user_password='$user_password' WHERE user_id='$user_id'");
}
Header("Location: modules.php?name=$module_name");
}
}
switch($op) {
case "logout":
logout();
break;
case "lost_pass":
lost_pass();
break;
case "mailpasswd":
mailpasswd($username);
break;
case "login":
login($username, $user_password, $dedirect);
break;
case "edituser":
edituser();
break;
case "saveuser":
saveuser($name, $surname, $email, $homea, $homet, $worka, $workt, $posta, $idnb, $user_password, $vpass, $username, $user_id);
break;
case "pass_lost":
pass_lost();
break;
default:
main($user);
break;
}
?>[/syntax]
Phpnuke module problim - please help
Moderator: General Moderators
Phpnuke module problim - please help
Last edited by doggy on Mon Jan 19, 2004 7:10 am, edited 1 time in total.
#1. Check the database, was his username even entered into it?
#2. Try creating it again.
#3. If his username is in the database, and this didn't work for a second time, try creating a test user.
Use the signup form to make a user with username: ADMIN and password: ADMIN (thats just an example, try using a different username and password). Then find the MD5 of the password and check it with what you have in your database.
I also forgot to ask, what is the error saying? "Incorrect Password" or something?
#2. Try creating it again.
#3. If his username is in the database, and this didn't work for a second time, try creating a test user.
Use the signup form to make a user with username: ADMIN and password: ADMIN (thats just an example, try using a different username and password). Then find the MD5 of the password and check it with what you have in your database.
I also forgot to ask, what is the error saying? "Incorrect Password" or something?
no error ... the url it gose to is
invalied password & username
http://atlas-root:81/atlas-php/modules. ... username=1
http://atlas-root:81/atlas-php/modules. ... rname=kyle
valied username & password
http://atlas-root:81/atlas-php/modules. ... unt&stop=1
invalied password & username
http://atlas-root:81/atlas-php/modules. ... username=1
http://atlas-root:81/atlas-php/modules. ... rname=kyle
valied username & password
http://atlas-root:81/atlas-php/modules. ... unt&stop=1