Page 1 of 1

Phpnuke module problim - please help

Posted: Mon Jan 19, 2004 7:08 am
by doggy
The login function doesn`t work.
[syntax=php]<?php

/************************************************************************/
/* PHP-NUKE: Web Portal System */
/* =========================== */
/* */
/* Copyright (c) 2002 by Francisco Burzi */
/* http://phpnuke.org */
/* */
/* This program is free software. You can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License. */
/************************************************************************/

require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
get_lang($module_name);
$userpage = 1;

include("modules/$module_name/navbar.php");

function makepass() {
$cons = "bcdfghjklmnpqertvwyz";
$vocs = "aeiou";
for ($x=0; $x < 6; $x++) {
mt_srand ((double) microtime() * 1000000);
$con[$x] = substr($cons, mt_rand(0, strlen($cons)-1), 1);
$voc[$x] = substr($voc, mt_rand(0, strlen($voc)-1), 1);
}
$makepass = $con[0] . $voc[0] .$con[2] . $con[1] . $voc[1] . $con[3] . $voc[3] . $con[4];
return($makepass);
}

function main($user) {
global $stop, $module_name, $redirect;
if (!is_user($user)) {
include("header.php");
if ($stop) {
OpenTable();
echo "<center><font class=\"title\"><b>"._LOGINCOR."</b></font></center>\n";
CloseTable();
echo "<br>\n";
} else {
OpenTable();
echo "<center><font class=\"title\"><b>"._USERREGLOGIN."</b></font></center>\n";
CloseTable();
echo "<br>\n";
}
if (!is_user($user)) {
OpenTable();
echo "<form action=\"modules.php?name=$module_name\" method=\"post\">\n"
."<b>"._USERLOGIN."</b><br><br>\n"
."<table border=\"0\"><tr><td>\n"
.""._NICKNAME.":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n"
."<tr><td>"._PASSWORD.":</td><td><input type=\"password\" name=\"password\" size=\"15\" maxlength=\"20\"></td></tr>\n"
."</table><input type=\"hidden\" name=\"redirect\" value=\"$redirect\">\n"
."<input type=\"hidden\" name=\"op\" value=\"login\">\n"
."<input type=\"submit\" value=\""._LOGIN."\"></form><br>\n\n"
."<center><font class=\"content\">[ <a href=\"modules.php?name=$module_name&op=pass_lost\">"._PASSWORDLOST."</a> ]"
."</font></center>\n";
CloseTable();
}
include("footer.php");
} elseif (is_user($user)) {
global $cookie;
cookiedecode($user);
userinfo($cookie[1]);
}
}

function pass_lost() {
global $user, $module_name;
if (!is_user($user)) {
include("header.php");
OpenTable();
echo "<center><font class=\"title\"><b>"._USERREGLOGIN."</b></font></center>";
CloseTable();
echo "<br>\n";
OpenTable();
echo "<b>"._PASSWORDLOST."<\b><br><br>\n"
.""._NOPROBLEM."<br><br>\n"
."<form action=\"modules.php?name=$module_name\" method=\"post\">\n"
."<table border=\"0\"><tr><td>\n"
.""._NICKNAME.":</td><td><input type=\"text\" name=\"username\" size=\"15\" maxlength=\"25\"></td></tr>\n"
."<input type=\"hidden\" name=\"op\" value=\"mailpasswd\">\n"
."<input type=\"submit\" value=\""._SENDPASSWORD."\"></form><br>\n\n"
."<center><font class=\"content\">[ <a href=\"modules.php?name=$module_name&op=pass_lost\">"._PASSWORDLOST."</a> ]"
."</font></center>\n";
CloseTable();
include("footer.php");
} elseif (is_user($user)) {
global $cookie;
cookiedecode($user);
userinfo($cookie[1]);
}
}

function logout() {
global $prefix, $db, $user, $cookie, $redirect;
cookiedecode($user);
$r_uid = $cookie[0];
$r_username = $cookie[1];
setcookie("user");
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$r_username'");
$user = "";
include("header.php");
OpenTable();
if ($redirect != "") {
echo "<META HTTP-EQUIV=\"refresh\" content=\"3;URL=modules.php?name=$redirect\">";
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"3;URL=index.php\">";
}
echo "<center><font class=\"option\"><b>"._YOUARELOGGEDOUT."</b></font></center>";
CloseTable();
include("footer.php");
}

function mailpasswd($username) {
global $sitename, $adminmail, $nukeurl, $user_prefix, $db, $module_name;
$sql = "SELECT user_email, user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
if (!$result) {
include("header.php");
OpenTable();
echo "<center>"._SORRYNOUSERINFO."</center>";
CloseTable();
include("footer.php");
} else {
$host_name = $_SERVER["REMOTE_ADDR"];
$row = $db->sql_fetchrow($result);
$user_email = $row[user_email];
$newpass=makepass();
$message = ""._USERACCOUNT." '$username' "._AT." $sitename "._HASTHISEMAIL." "._AWEBUSERFROM." $host_name "._HASREQUESTED."\n\n"._YOURNEWPASSWORD." $newpass\n\n "._YOUCANCHANGE." $nukeurl/modules.php?name=$module_name\n\n"._IFYOUDIDNOTASK."";
$subject = ""._USERPASSWORD4." $username";
mail($user_email, $subject, $message, "From: $adminmail\nX-Mailer: PHP/" . phpversion());
$cryptpass = md5($newpass);
$query = "UPDATE ".$user_prefix."_users SET user_password='$cryptpass' WHERE username = '$username'";
if (!$db->sql_query($query)) {
echo ""._UPDATEFAILED."";
}
include("header.php");
OpenTable();
echo "<center>"._PASSWORD4." $username "._MAILED."<br><br>"._GOBACK."</center>";
CloseTable();
include("footer.php");
}
}

function decookie($setuid, $setusername, $setpass) {
$info = base64_encode("$setuid:$setusername:$setpass");
setcookie("user","$info",time()+600);
}

function login($username, $user_password, $redirect) {
global $setinfo, $user_prefix, $db, $module_name, $prefix;
include("config.php");
$sql = "SELECT user_password, user_id FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
$setinfo = $db->sql_fetchrow($result);
if (($db->sql_numrows($result)==1) AND ($setinfo[user_id] != 1) AND ($setinfo[user_password] !="")) {
$non_crypt_pass = $user_password;
$old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
$new_pass = md5($user_password);
if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
$db->sql_query("UPDATE ".$user_prefix."_users SET user_password='$new_pass' WHERE username='$username'");
$sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$username'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$dbpass = $row[user_password];
}
if ($dbpass != $newpass) {
Header("Location: modules.php?name=$module_name&stop=1");
return;
}
} else {
decookie($setinfo[user_id], $username, $new_pass);
$uname = $_SERVER["REMOTE_ADDR"];
$db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
}
if ($redirect == "") {
Header("Location: modules.php?name=$module_name&op=userinfo&bypass=1&username=$username");
} else {
Header("modules.php?name=$module_name&stop=1");
}
}

function edituser() {
global $user, $userinfo, $cookie, $module_name, $bgcolor2, $bgcolor3;
getuserinfo($user);
if (($userinfo[username] != $cookie[1]) AND ($userinfo[user_password] != $cookie[2])) {
include("header.php");
OpenTable();
echo "<center><font class=\"title\"><b>"._PERSONALINFO."</b></font></center>";
CloseTable();
echo "<br>";
OpenTable();
nav();
CloseTable();
echo "<br>";
OpenTable();
echo "<table cellpadding=\"3\" border=\"0\" width=\"100%\">"
."<tr><td bgcolor='$bgcolor2'>"
."<form name=\"Register\" action=\"modules.php?name=$module_name\" method=\"post\">"
."<b>"._USRACCOUNT."</b>:"
."</td><td bgcolor='$bgcolor3'>"
."<b>$userinfo[username]</b>"
."</td></tr><tr>"
."<td bgcolor='$bgcolor2'><b>"._USRNAME."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"name\" value=\"$userinfo[name]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRSURNAME."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"surname\" value=\"$userinfo[surname]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USREMAIL."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"email\" value=\"$userinfo[email]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRHOMEA."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"homea\" value=\"$userinfo[homea]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRHOMET."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"homet\" value=\"$userinfo[homet]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRWORKA."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"worka\" value=\"$userinfo[worka]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRWORKT."</b>:<br>"._OPTIONAL."</td>"
."<td><input type=\"text\" name=\"workt\" value=\"$userinfo[workt]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRPOSTA."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"posta\" value=\"$userinfo[posta]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRIDNB."</b>:<br>"._REQUIRED."</td>"
."<td><input type=\"text\" name=\"idnb\" value=\"$userinfo[idnb]\" size=\"50\" maxlength=\"50\"></td>"
."<td bgcolor='$bgcolor2'><b>"._USRPASSWORD."</b>:<br>"._TYPENEWPASS."</td>"
."<td><input type=\"password\" name=\"user_password\" size=\"20\" maxlength=\"20\">&nbsp;&nbsp;&nbsp;<input type=\"password\" name=\"vpass\" size=\"20\" maxlength=\"20\"></td>"
."<input type=\"hidden\" name=\"username\" value=\"$userinfo[username]\">"
."<input type=\"hidden\" name=\"user_id\" value=\"$userinfo[user_id]\">"
."<input type=\"hidden\" name=\"op\" value=\"saveuser\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\">"
."</form></td></tr></table>";
CloseTable();
include("footer.php");
} else {
main($user);
}
}

function saveuser($name, $surname, $email, $homea, $homet, $worka, $workt, $posta, $idnb, $user_password, $vpass, $username, $user_id) {
Global $user, $cookie, $userinfo, $user_prefix, $db, $module_name, $minpass;
cookiedecode($user);
$check = $cookie[1];
$check2 = $cookie[2];
$sql = "SELECT user_id, user_password FROM ".$user_prefix."_users WHERE username='$check'";
$result = $db->sql_query($sql);
$row = $db->sql_fetch($result);
$vuid = $row[user_id];
$ccpass = $row[user_password];
$atl_name = "$name";
$atl_surname = "$surname";
$atl_email = "$email";
$atl_homea = "$homea";
$atl_homet = "$homet";
$atl_worka = "$worka";
$atl_workt = "$workt";
$atl_posta = "$posta";
$atl_idnb = "$idnb";
if ((isset($user_password)) && ("$user_pass" != "$vpass")) {
echo "<center>"._PASSDIFFERENT."</center>";
} elseif (($user_password != "") && (strlen($user_password) < $minpass)) {
echo "<center>"._YOUPASSMUSTBE."<b>$minpass</b>"._CHARLONG."</center>";
} else {
if ($user_password != "") {
cookiedecode($user);
$db->sql_query("LOCK TABLES ".$user_prefix."_users WRITE");
$user_password = md5($user_password);
$db->sql_query("UPDATE ".$user_prefix."_users SET name='$atl_name', surname='$atl_surname', email='$atl_email', homea='$atl_homea', homet='$atl_homet', worka='$atl_worka', workt='$atl_workt', posta='$atl_posta', idnb='$atl_idnb',user_password='$user_password' WHERE user_id='$user_id'");
$sql = "SELECT user_id, username, user_password FROM ".$user_prefix."_users WHERE username='$username' AND user_password='$user_password'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetch(result);
decookie($userinfo[user_id],$userinfo[username],$userinfo[user_password]);
} else {
echo "<center>"._SOMETHIGNWRONG."</center><br>";
}
$db->sql_query("UNLOCK TABLES");
} else {
$db->sql_query("UPDATE ".$user_prefix."_users SET name='$atl_name', surname='$atl_surname', email='$atl_email', homea='$atl_homea', homet='$atl_homet', worka='$atl_worka', workt='$atl_workt', posta='$atl_posta', idnb='$atl_idnb',user_password='$user_password' WHERE user_id='$user_id'");
}
Header("Location: modules.php?name=$module_name");
}
}

switch($op) {
case "logout":
logout();
break;

case "lost_pass":
lost_pass();
break;

case "mailpasswd":
mailpasswd($username);
break;

case "login":
login($username, $user_password, $dedirect);
break;

case "edituser":
edituser();
break;

case "saveuser":
saveuser($name, $surname, $email, $homea, $homet, $worka, $workt, $posta, $idnb, $user_password, $vpass, $username, $user_id);
break;

case "pass_lost":
pass_lost();
break;

default:
main($user);
break;
}

?>[/syntax]

Posted: Mon Jan 19, 2004 7:10 am
by DuFF
It would be nice to know whats wrong with it . . .

Posted: Mon Jan 19, 2004 7:14 am
by doggy
I made a user from the administrator site and that user cant login .. and i have no idea what can be wrong .

Posted: Mon Jan 19, 2004 7:20 am
by DuFF
#1. Check the database, was his username even entered into it?

#2. Try creating it again.

#3. If his username is in the database, and this didn't work for a second time, try creating a test user.

Use the signup form to make a user with username: ADMIN and password: ADMIN (thats just an example, try using a different username and password). Then find the MD5 of the password and check it with what you have in your database.

I also forgot to ask, what is the error saying? "Incorrect Password" or something?

Posted: Mon Jan 19, 2004 7:25 am
by doggy

Posted: Mon Jan 19, 2004 8:28 am
by Straterra
You see, this is why I wrote my own portal. I would suggest everyone to do the same. When you write your own, it integrates perfectly into any website because you made it. Also, you can only put into the portal what you need, not a bunch of extra crap...just a thought.