Page 1 of 1

login script help

Posted: Wed Oct 08, 2008 12:58 pm
by gaogier
I have a login script, that works great, using the old forum database for the forum software phpbb2.

The only thing that I can do, (know what to do) is to change the database info...

The only problem is, i get this error

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/gaogier/public_html/login.php on line 43

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/gaogier/public_html/login.php on line 44

I think, its because i need to edit more on the script, but what?

What should I change?

Code: Select all

<?php
include ('diffhead.inc');
?><img src="images/homepage13.jpg" alt="" width="727" height="48"></td>
                                                    </tr>
                                                    <tr>
                                                        <td><table width="100%" border="0" cellspacing="0" cellpadding="0" id="box4" class="box">
                                                                <tr>
                                                                    <td class="content">
<center>
<?php
 
if(isset($_POST['submit'])){
    if(empty($_POST['username'])){
        $username = FALSE;
        $message = '<table width=98% bgcolor=#353E48 class=logfail align=center><tr>
                            <td width=40 bgcolor=#353E48><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            No username entered.
                            <BR>Please Try again<br />
                            </table><br /><br />';
    }else{
        $username = mysql_real_escape_string($_POST['username']);
    }
    if(empty($_POST['password'])){
        $password = FALSE;
        $message1 = '<br /><table width=98% bgcolor=#353E48 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            No password entered.
                            <BR>Please Try again<br />
                            </table><br /><br />';
    }else{
        $password1 = mysql_real_escape_string($_POST['password']);
        $password = md5($password1);        
    }
    //echo $password1 .' ' .$password. ' ' .$username;
    if($username && $password){
        require_once ('../mysql_connect1.php');
        $query = "SELECT user_id, username, user_email, user_active, user_password, user_sitemod FROM phpbb_users WHERE username='$username' AND user_password='$password' AND user_sitemod = '1'";
        $result = mysql_query ($query);
        $row = mysql_fetch_array ($result);
        if(mysql_num_rows($result) > 0)
                {
                    $_SESSION['user_sitemod'] = $row['user_sitemod'];
                    $_SESSION['user_avatar'] = $row['user_avatar'];
                    $_SESSION['user_email'] = $row['user_email'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['user_id'] = $row['user_id'];
                    //ob_end_clean();
                //  include('diffhead.inc');
                    include ('admin.inc');
                    echo '<p align="center">You\'ve logged in successfully.</p>';
                    include('difffooter.inc');
                }else{
                    $message = '<table width=98% bgcolor=#353E48 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            The login combination you entered was not found. 
                            <BR>Please Try again<br />
                            </table><br /><br />';      
                    }
    
    
    }
}
 
echo '<font face=verdana size=2> <b>Login</b></font><br /><br />'.$message.$message1.'
Your browser must allow cookies in order to login.<br />';
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                            <table width=98% bgcolor=#353E48 class=blueborder align=center>
                              <tr>
                            <td width=40><img src=images/keylogin.gif></td>
                            <td align=right>                            
                            <B>Username:</B> <br /><br />
                            <B>Password:</B> <br /></td>
                            <td align=left>
                            <input type="text" name="username" size="10" maxlength="20" class="login" value ="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />&nbsp;&nbsp;<small><i>Please enter your username</small></i><br /><br />                          
                            <input type="password" name="password" size="20" maxlength="20" class="login"/>&nbsp;&nbsp;<small><i>Please enter your password</small></i></td></tr>
                            <tr><td width=40></td><td align="center"><input type="submit" name="submit" class="login" value="Login" /></td></tr>
            </table><br /><br />
</form></center>
<?php
include ('difffooter.inc');
?>

Re: login script help

Posted: Thu Oct 09, 2008 5:39 pm
by gaogier
I am told that, the encryption has changed between, phpbb2, and phpbb3. Anyone know what i need to do for this to work?

Re: login script help

Posted: Fri Oct 10, 2008 3:48 pm
by gaogier
I have been looking at other scripts, they work, and have this line of code in them

if(phpbb_check_hash($password, $user->user_password))

How can i add that to my script

Re: login script help

Posted: Fri Oct 10, 2008 4:02 pm
by koen.h
You can use mysql_error() to see if that tells you what went wrong.

Also, I'm not sure what you did here. You took the phpbb2 database and this part of the script and are now trying to integrate it in your own project?

Re: login script help

Posted: Fri Oct 10, 2008 4:45 pm
by gaogier
the login page would use the data from the old phpbb2 forums.

Then, it would allow you to login.

What i have done, is change the login info, delete the part that checks if a user is active or not (not in phpbb3), then i attempted to login.

I cant login, no errors, or anything comes up.

I have done some research on this, and it appears that phpbb has changed its password encryption. some people have said they use their own encryption now. I have a few login scripts. They all use this line of code.

if(phpbb_check_hash($password, $user->user_password))

They also use a hash.php file. Which i have, and added this to an includes file.

This is now my code.

Code: Select all

<?php
include ('diffhead.inc');
?><img src="images/homepage13.jpg" alt="" width="727" height="48"></td>
                                                    </tr>
                                                    <tr>
                                                        <td><table width="100%" border="0" cellspacing="0" cellpadding="0" id="box4" class="box">
                                                                <tr>
                                                                    <td class="content">
<center>
<?php
 
include('includes/hash.php');
 
if(isset($_POST['submit'])){
if(empty($_POST['username'])){
        $username = FALSE;
        $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <b>Login Failed!</b> <br />
                            No username entered.
                            <br />Please Try again<br />
                            </table><br /><br />';
    }else{
        $username = $_POST['username'];
    }
    if(empty($_POST['password'])){
        $password = FALSE;
        $message1 = '<br /><table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <b>Login Failed!</b> <br />
                            No password entered.
                            <br />Please Try again<br />
                            </table><br /><br />';
    }else{
        $password = $_POST['password'];
        //$password = md5($password1);      
    }
    //echo $password1 .' ' .$password. ' ' .$username;
    if($username && $password){
 
 
        require_once ('../mysql_connect1.php');
        $query = "SELECT user_id, username, user_email, user_password, user_sitemod FROM phpbb_users WHERE username='$username' AND user_password='$password' AND user_sitemod = '1'";
        $result = mysql_query ($query) or DIE ("Error in query $query" . mysql_error());
        $row = mysql_fetch_array ($result);
        if(mysql_num_rows($result) > 0)
                {
                    $_SESSION['user_sitemod'] = $row['user_sitemod'];
                    $_SESSION['user_avatar'] = $row['user_avatar'];
                    $_SESSION['user_email'] = $row['user_email'];
                    $_SESSION['username'] = $row['username'];
                    $_SESSION['user_id'] = $row['user_id'];
                    //ob_end_clean();
 
                //  include('diffhead.inc');
                    include ('admin.inc');
                    echo '<p align="center">You\'ve logged in successfully.</p>';
                    include('difffooter.inc');
                }else{
                    $message = '<table width=98% bgcolor=#342d25 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <B>Login Failed!</B> <BR>
                            The login combination you entered was not found. 
                            <BR>Please Try again<br />
                            </table><br /><br />';      
                    }
    
    
    }
}
 
echo '<font face=verdana size=2> <b>Login</b></font><br /><br />'.$message.$message1.'
Your browser must allow cookies in order to login.<br />';
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                            <table width=98% bgcolor=#342d25 class=blueborder align=center>
                              <tr>
                            <td width=40><img src=images/keylogin.gif></td>
                            <td align=right>                            
                            <B>Username:</B> <br /><br />
                            <B>Password:</B> <br /></td>
                            <td align=left>
                            <input type="text" name="username" size="10" maxlength="20" class="login" value ="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />&nbsp;&nbsp;<small><i>Please enter your username</i></small><br /><br />                          
                            <input type="password" name="password" size="20" maxlength="20" class="login"/>&nbsp;&nbsp;<small><i>Please enter your password</i></small></td></tr>
                            <tr><td width=40></td><td align="center"><input type="submit" name="submit" class="login" value="Login" /></td></tr>
            </table><br /><br />
</form></center>
<?php
include ('difffooter.inc');
?>

The code that I know works, but for something different.

Code: Select all

<html>
<body>
<?php
 
include('generate_sig.php');
include('includes/hash.php');
include('mysql_connect_sig.php');
 
if(isset($_POST['submit'])){
if(empty($_POST['username'])){
        $username = FALSE;
        $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <b>Login Failed!</b> <br />
                            No username entered.
                            <br />Please Try again<br />
                            </table><br /><br />';
    }else{
        $username = $_POST['username'];
    }
    if(empty($_POST['password'])){
        $password = FALSE;
        $message1 = '<br /><table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                            <td width=40><img src=images/exclamation.gif></td>
                            <td align=left>
                            <b>Login Failed!</b> <br />
                            No password entered.
                            <br />Please Try again<br />
                            </table><br /><br />';
    }else{
        $password = $_POST['password'];
        //$password = md5($password1);      
    }
    //echo $password1 .' ' .$password. ' ' .$username;
    if($username && $password){
        
        /* Connect to the database and prepare the signature */
        //require_once ('../mysql1_connect1.php');
        
        //echo 'username: ' . USERNAME;
        $db_connection = mysql_connect(HOST, USERNAME, PASSWORD) or die("Could not connect to DB");
        
        /* Select the database we need */
        mysql_select_db(DBNAME, $db_connection) or die("Could not find DB");
            
        $query = "SELECT u.user_id, u.username, u.user_posts, u.user_password, u.user_form_salt, p.pf_runescape_user FROM phpbb_users u, phpbb_profile_fields_data p WHERE u.username='$username' AND u.user_id=p.user_id";
        $result = mysql_query($query, $db_connection);
        
        if (!$result) {
            die(mysql_error());
        }
        
        $user = mysql_fetch_object($result);
 
        if($user != NULL)
        {
            
            if(phpbb_check_hash($password, $user->user_password))
            {
                if($user->user_posts < 10) { // User MUST have 10 or more posts in order to get the signature
                    
                   $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                        <td width=40><img src=images/exclamation.gif></td>
                        <td align=left>
                        <B>Signature Retrieval Failed!</B> <BR>
                        You need to have made at least 10 posts before you can retrieve your signature.
                        </table><br /><br />';
                } else {
                    if($user->pf_runescape_user != '') {
                        ?>
                        <form name="myform" action="/dynsig/image.php" method="post">
                            <input type="hidden" name="username" value="<?php if ($user->pf_runescape_user) echo $user->pf_runescape_user; ?>">
                            <input type="hidden" name="userid" value="<?php if ($user->user_id) echo $user->user_id; ?>">
                        </form>
                        
                        <script language="javascript">
                            document.myform.submit();
                        </script>
                        <?php
                    } else {
                        $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                                <td width=40><img src=images/exclamation.gif></td>
                                <td align=left>
                                <b>No Registered Runescape User!</b> <br /><br />
                                <form name="myform" action="/dynsig/image.php" method="post">
                                    Please enter your Runescape username:<input type="text" name="rsuser" size="10" maxlength="20" class="login" value ="'.$_POST["pf_runescape_user"].'" />&nbsp;&nbsp;<br /><br />
                                    <input type="hidden" name="userid" value="'.$user->user_id.'">
                                    <input type="submit" name="rs_submit" value="Submit" />
                                </form>
                                </table><br /><br />';
                    }
                }
            } else {
                $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                        <td width=40><img src=images/exclamation.gif></td>
                        <td align=left>
                        <B>Login Failed!</B> <BR>
                        The login combination you entered was not found.
                        <BR>Please Try again<br />
                        </table><br /><br />';  
            }
        } else {
            $message = '<table width=98% bgcolor=#faf5f4 class=logfail align=center><tr>
                    <td width=40><img src=images/exclamation.gif></td>
                    <td align=left>
                    <B>Login Failed!</B> <BR>
                    The login combination you entered was not found. 
                    <BR>Please Try again<br />
                    </table><br /><br />';      
        }
    }
}
if(!isset($_POST['submit'])){
echo '<font face=verdana size=2 color=#3FC7C9> <b>Login</b></font><br /><br />'.$message.$message1.'
Login using your forum account.<br />
You must have a forum account and have set the "Username" field in order to use our dynamic sigs.<br />';
 
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
                            <table width=98% bgcolor=#f5f8ff class=blueborder align=center><tr>
                            <td align=right>
                            <B>Username:</B> <br /><br />
                            <B>Password:</B> <br /></td>
                            <td align=left>
                            <input type="text" name="username" size="10" maxlength="20" class="login" value ="<?php if (isset($_POST['username'])) echo $_POST['username']; ?>" />&nbsp;&nbsp;<small><i>Please enter your forum username</small></i><br /><br />
                            <input type="password" name="password" size="10" maxlength="20" class="login" value ="<?php if (isset($_POST['password'])) echo $_POST['password']; ?>" />&nbsp;&nbsp;<small><i>Please enter your forum password</small></i><br /><br />
                            <tr><td width=40></td><td align="center"><input type="submit" name="submit" class="login" value="Login" /></td></tr>
                            </table><br /><br />
</form>
<?php
} else {
    echo($message);
}
 
?>
</body>
</html>
 


I just need that code somehow merged with my login script. Then it should work, but I dont know what I am doing, and im asking for help

Re: login script help

Posted: Sun Oct 12, 2008 3:13 pm
by gaogier
dose anyone know how to get this working for phpbb3 database?