login to a group of page

[Synook]

No I meant just echo it to see whether there is anything in the variable...

echo $row['password'];echo md5($password);

And if you don't see one of those variables there is something wrong.

[KYKK]

it sayParse error: syntax error, unexpected T_ECHO in /home/ksbsm/public_html/TESTING/login.php on line 23when i put else if (echo $row['password'] echo md5($password)) else if (echo $row['password'] != echo md5($password)) else if (echo $row['password'] != md5($password))....y it don't work do you know ?....thanks

[Synook]

I didn't mean put the echoes inside the conditions... I meant just echo the two variables to check whether they both exist...

echo $row['password'];echo md5($password);

[KYKK]

haha yes it show 5bd913e4a9549e34d1e55c18fff1315a70b25304c128191f728b161bec468aa1but it didn;t show the username i put in..5bd913e4a9549e34d1e55c18fff1315a this what i show but idk what the behind one is.idk what this is d41d8cd98f00b204e9800998ecf8427e i enter nothing to the password and click login and it show this....and if i put in my password it show5bd913e4a9549e34d1e55c18fff1315a and +70 then d41d8cd98f00b204e9800998ecf8427e maybe i can't login because there d41d8cd98f00b204e9800998ecf8427e behind every code i put it y is that there ?? if you want o see the login one go to http://ksbsm.co.cc/TESTING/login.php thahks

[Synook]

Ok this is confusing, explicitly seperate the two variables:

echo "From database: " . $row['password'] . "<br />";echo "Input: " . md5($password);

[KYKK]

haha good! it say 'From database: 5bd913e4a9549e34d1e55c18fff1315aInput: 70b25304c128191f728b161bec468aa1from database it right but what that input thing ? also the mybb is md5 that for sureso now even i put the wrong password it show me the right one too.. so ?? what next step thanks

[Synook]

Well that output says that you entered a different password compared to the one in the DB... are you sure they are supposed to be identical?

[KYKK]

well yes....OO my password have @@ this kind of sign stuff so will it change ?? now i try using a letter passwordand it showFrom database: 30e9a3824f66b7fee9e9fca147a72f82Input: fa95d0036f03387d33f2ff5a9c5c5396still differentmaybe myBB forums using md4 or some other code ?? um.. you have any clue what the problem is...if not then maybe i can just like make a password...and ppl using the same password to login ..then don;t need to go to database and md5 stuff.....

[Synook]

But do you know what the password in the database is supposed to be...??? To match, you have to enter the same password as the one you entered when registering.Also, looking at the MyBB table structure, there is another column "salt". is it empty?

[KYKK]

YSE i see salt in some other code... hQUTA5Xl.... OO so salt is my password in md5 not password ?OOOO and i went to see what the forums login page look like and it say require something and i go look at the something and i see salt......

if(!$user['salt'])	{		// Generate a salt for this user and assume the password stored in db is a plain md5 password		$user['salt'] = generate_salt();		$user['password'] = salt_password($user['password'], $user['salt']);		$sql_array = array(			"salt" => $user['salt'],			"password" => $user['password']		);		$db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$user['uid'], 1);	}

here everything in the functions_user.php maybe it useful to you ^^

<?php/** * Checks if a user with uid $uid exists in the database. * * @param int The uid to check for. * @return boolean True when exists, false when not. */function user_exists($uid){	global $db;	$query = $db->query("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='".intval($uid)."' LIMIT 1");	if($db->fetch_array($query))	{		return true;	}	else	{		return false;	}}/** * Checks if $username already exists in the database. * * @param string The username for check for. * @return boolean True when exists, false when not. */function username_exists($username){	global $db;	$query = $db->query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='".$db->escape_string($username)."' LIMIT 1");	if($db->fetch_array($query))	{		return true;	}	else	{		return false;	}}/** * Checks a password with a supplied username. * * @param string The username of the user. * @param string The plain-text password. * @return boolean|array False when no match, array with user info when match. */function validate_password_from_username($username, $password){	global $db;	$query = $db->query("SELECT uid,username,password,salt,loginkey,remember FROM ".TABLE_PREFIX."users WHERE username='".$db->escape_string($username)."' LIMIT 1");	$user = $db->fetch_array($query);	if(!$user['uid'])	{		return false;	}	else	{		return validate_password_from_uid($user['uid'], $password, $user);	}}/** * Checks a password with a supplied uid. * * @param int The user id. * @param string The plain-text password. * @param string An optional user data array. * @return boolean|array False when not valid, user data array when valid. */function validate_password_from_uid($uid, $password, $user = array()){	global $db, $mybb;	if($mybb->user['uid'] == $uid)	{		$user = $mybb->user;	}	if(!$user['password'])	{		$query = $db->query("SELECT uid,username,password,salt,loginkey FROM ".TABLE_PREFIX."users WHERE uid='".intval($uid)."' LIMIT 1");		$user = $db->fetch_array($query);	}	if(!$user['salt'])	{		// Generate a salt for this user and assume the password stored in db is a plain md5 password		$user['salt'] = generate_salt();		$user['password'] = salt_password($user['password'], $user['salt']);		$sql_array = array(			"salt" => $user['salt'],			"password" => $user['password']		);		$db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$user['uid'], 1);	}	if(!$user['loginkey'])	{		$user['loginkey'] = generate_loginkey();		$sql_array = array(			"loginkey" => $user['loginkey']		);		$db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$user['uid'], 1);	}	if(salt_password(md5($password), $user['salt']) == $user['password'])	{		return $user;	}	else	{		return false;	}}/** * Updates a user's password. * * @param int The user's id. * @param string The md5()'ed password. * @param string (Optional) The salt of the user. * @return array The new password. */function update_password($uid, $password, $salt=""){	global $db, $plugins;	$newpassword = array();	//	// If no salt was specified, check in database first, if still doesn't exist, create one	//	if(!$salt)	{		$query = $db->query("SELECT salt FROM ".TABLE_PREFIX."users WHERE uid='$uid' LIMIT 1");		$user = $db->fetch_array($query);		if($user['salt'])		{			$salt = $user['salt'];		}		else		{			$salt = generate_salt();		}		$newpassword['salt'] = $salt;	}	//	// Create new password based on salt	//	$saltedpw = salt_password($password, $salt);	//	// Generate new login key	//	$loginkey = generate_loginkey();	//	// Update password and login key in database	//	$newpassword['password'] = $saltedpw;	$newpassword['loginkey'] = $loginkey;	$db->update_query(TABLE_PREFIX."users", $newpassword, "uid='$uid'", 1);	$plugins->run_hooks("password_changed");	return $newpassword;}/** * Salts a password based on a supplied salt. * * @param string The md5()'ed password. * @param string The salt. * @return string The password hash. */function salt_password($password, $salt){	return md5(md5($salt).$password);}/** * Generates a random salt * * @return string The salt. */function generate_salt(){	return random_str(8);}/** * Generates a 50 character random login key. * * @return string The login key. */function generate_loginkey(){	return random_str(50);}/** * Updates a user's salt in the database (does not update a password). * * @param int The uid of the user to update. * @return string The new salt. */function update_salt($uid){	global $db;	$salt = generate_salt();	$sql_array = array(		"salt" => $salt	);	$db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$uid, 1);	return $salt;}/** * Generates a new login key for a user. * * @param int The uid of the user to update. * @return string The new login key. */function update_loginkey($uid){	global $db;	$loginkey = generate_loginkey();	$sql_array = array(		"loginkey" => $loginkey	);	$db->update_query(TABLE_PREFIX."users", $sql_array, "uid = ".$uid, 1);	return $loginkey;}/** * Adds a thread to a user's favorite thread list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The tid of the thread to add to the list. * @param int (Optional) The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function add_favorite_thread($tid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$query = $db->query("SELECT * FROM ".TABLE_PREFIX."favorites WHERE tid='".intval($tid)."' AND type='f' AND uid='".intval($uid)."' LIMIT 1");	$favorite = $db->fetch_array($query);	if(!$favorite['tid'])	{		$db->query("INSERT INTO ".TABLE_PREFIX."favorites (uid,tid,type) VALUES ('".intval($uid)."','".intval($tid)."','f')");	}	return true;}/** * Removes a thread from a user's favorite thread list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The tid of the thread to remove from the list. * @param int (Optional)The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function remove_favorite_thread($tid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$db->query("DELETE FROM ".TABLE_PREFIX."favorites WHERE tid='".intval($tid)."' AND type='f' AND uid='".intval($uid)."'");	return true;}/** * Adds a thread to a user's thread subscription list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The tid of the thread to add to the list. * @param int (Optional) The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function add_subscribed_thread($tid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$query = $db->query("SELECT * FROM ".TABLE_PREFIX."favorites WHERE tid='".intval($tid)."' AND type='s' AND uid='".intval($uid)."' LIMIT 1");	$favorite = $db->fetch_array($query);	if(!$favorite['tid'])	{		$db->query("INSERT INTO ".TABLE_PREFIX."favorites (uid,tid,type) VALUES ('".intval($uid)."','".intval($tid)."','s')");	}	return true;}/** * Remove a thread from a user's thread subscription list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The tid of the thread to remove from the list. * @param int (Optional) The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function remove_subscribed_thread($tid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$db->query("DELETE FROM ".TABLE_PREFIX."favorites WHERE tid='".$tid."' AND type='s' AND uid='".$uid."'");	return true;}/** * Adds a forum to a user's forum subscription list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The fid of the forum to add to the list. * @param int (Optional) The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function add_subscribed_forum($fid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$query = $db->query("SELECT * FROM ".TABLE_PREFIX."forumsubscriptions WHERE fid='".$fid."' AND uid='".$uid."' LIMIT 1");	$fsubscription = $db->fetch_array($query);	if(!$fsubscription['fid'])	{		$db->query("INSERT INTO ".TABLE_PREFIX."forumsubscriptions (fid,uid) VALUES ('".$fid."','".$uid."')");	}	return true;}/** * Removes a forum from a user's forum subscription list. * If no uid is supplied, the currently logged in user's id will be used. * * @param int The fid of the forum to remove from the list. * @param int (Optional) The uid of the user who's list to update. * @return boolean True when success, false when otherwise. */function remove_subscribed_forum($fid, $uid=""){	global $mybb, $db;	if(!$uid)	{		$uid = $mybb->user['uid'];	}	if(!$uid)	{		return;	}	$db->query("DELETE FROM ".TABLE_PREFIX."forumsubscriptions WHERE fid='".$fid."' AND uid='".$uid."'");	return true;}/** * Constructs the usercp navigation menu. * */function usercp_menu(){	global $mybb, $templates, $theme, $plugins, $lang, $usercpnav, $usercpmenu;	$lang->load("usercpnav");	// Add the default items as plugins with separated priorities of 10	if($mybb->settings['enablepms'] != "no")	{		$plugins->add_hook("usercp_menu", "usercp_menu_messenger", 10);	}	$plugins->add_hook("usercp_menu", "usercp_menu_profile", 20);	$plugins->add_hook("usercp_menu", "usercp_menu_misc", 30);	//	// Run the plugin hooks	//	$plugins->run_hooks("usercp_menu");	global $usercpmenu;	eval("\$usercpnav = \"".$templates->get("usercp_nav")."\";");	$plugins->run_hooks("usercp_menu_built");}/** * Constructs the usercp messenger menu. * */function usercp_menu_messenger(){	global $db, $mybb, $templates, $theme, $usercpmenu, $lang;	$foldersexploded = explode("$%%$", $mybb->user['pmfolders']);	foreach($foldersexploded as $key => $folders)	{		$folderinfo = explode("**", $folders, 2);		$folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);		$folderlinks .= "<li class=\"pmfolders\"><a href=\"private.php?fid=$folderinfo[0]\">$folderinfo[1]</a></li>\n";	}	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_messenger")."\";");}/** * Constructs the usercp profile menu. * */function usercp_menu_profile(){	global $db, $mybb, $templates, $theme, $usercpmenu, $lang;	if($mybb->usergroup['canchangename'] != "no")	{		eval("\$changenameop = \"".$templates->get("usercp_nav_changename")."\";");	}	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_profile")."\";");}/** * Constructs the usercp misc menu. * */function usercp_menu_misc(){	global $db, $mybb, $templates, $theme, $usercpmenu, $lang;	$query = $db->query("SELECT COUNT(*) AS draftcount FROM ".TABLE_PREFIX."posts WHERE visible='-2' AND uid='".$mybb->user['uid']."'");	$count = $db->fetch_array($query);	$draftcount = "(".my_number_format($count['draftcount']).")";	if($count['draftcount'] > 0)	{		$draftstart = "<strong>";		$draftend = "</strong>";	}	eval("\$usercpmenu .= \"".$templates->get("usercp_nav_misc")."\";");}/** * Gets the usertitle for a specific uid. * * @param int The uid of the user to get the usertitle of. * @return string The usertitle of the user. */function get_usertitle($uid=""){	global $db, $mybb;	if($mybb->user['uid'] == $uid)	{		$user = $mybb->user;	}	else	{		$query = $db->query("SELECT usertitle,postnum FROM ".TABLE_PREFIX."users WHERE uid='$uid' LIMIT 1");		$user = $db->fetch_array($query);	}	if($user['usertitle'])	{		return $user['usertitle'];	}	else	{		$query = $db->query("SELECT title FROM ".TABLE_PREFIX."usertitles WHERE posts<='".$user['postnum']."' ORDER BY posts DESC");		$usertitle = $db->fetch_array($query);		return $usertitle['title'];	}}/** * Updates a users private message count in the users table with the number of pms they have. * * @param int The user id to update the count for. If none, assumes currently logged in user. * @param int Bitwise value for what to update. 1 = total, 2 = new, 4 = unread. Combinations accepted. * @param int The unix timestamp the user with uid last visited. If not specified, will be queried. */function update_pm_count($uid=0, $count_to_update=7, $lastvisit=0){	global $db, $mybb;	static $pm_lastvisit_cache;		$uid = intval($uid);		// If no user id, assume that we mean the current logged in user.	if($uid == 0)	{		$uid = $mybb->user['uid'];	}	// If using current user, use the last visit	if($uid == $mybb->user['uid'])	{		$lastvisit = $mybb->user['lastvisit'];	}	// Else, if no last visit is specified, query for it.	elseif(intval($lastvisit) < 1)	{		if(!$pm_lastvisit_cache[$uid])		{			$query = $db->query("SELECT lastvisit FROM ".TABLE_PREFIX."users WHERE uid='".$uid."'");			$user = $db->fetch_array($query);			$pm_lastvisit_cache[$uid] = $user['lastvisit'];		}		$lastvisit = $pm_lastvisit_cache[$uid];	}	// Update total number of messages.	if($count_to_update & 1)	{		$query = $db->query("SELECT COUNT(pmid) AS pms_total FROM ".TABLE_PREFIX."privatemessages WHERE uid='".$uid."'");		$total = $db->fetch_array($query);		$pmcount['totalpms'] = $total['pms_total'];	}	// Update number of new messages.	if($count_to_update & 2)	{		$query = $db->query("SELECT COUNT(pmid) AS pms_new FROM ".TABLE_PREFIX."privatemessages WHERE uid='".$uid."' AND dateline>'".$lastvisit."' AND folder=1");		$new = $db->fetch_array($query);		$pmcount['newpms'] = $new['pms_new'];	}	// Update number of unread messages.	if($count_to_update & 4)	{		$query = $db->query("SELECT COUNT(pmid) AS pms_unread FROM ".TABLE_PREFIX."privatemessages WHERE uid='".$uid."' AND status=0 AND folder='1'");		$unread = $db->fetch_array($query);		$pmcount['unreadpms'] = $unread['pms_unread'];	}	if(is_array($pmcount))	{		$db->update_query(TABLE_PREFIX."users", $pmcount, "uid='".$uid."'");	}	return $pmcount;}/** * Return the language specific name for a PM folder. * * @param int The ID of the folder. * @param string The folder name - can be blank, will use language default. * @return string The name of the folder. */function get_pm_folder_name($fid, $name=""){	global $lang;	if($name != '')	{		return $name;	}	switch($fid)	{		case 1;			return $lang->folder_inbox;			break;		case 2:			return $lang->folder_sent_items;			break;		case 3:			return $lang->folder_drafts;			break;		case 4:			return $lang->folder_trash;			break;		default:			return $lang->folder_untitled;	}}?>

tell me if you want the login page too it very long also.....thanksi tried to echo salt but it don't show //

[Synook]

Uh don't panic... ok to hash the password they do md5(md5($salt).$password); ...So, change your query to look like

$result = db_query("SELECT username,password,salt FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'");

and your conditional to look like

elseif ($row['password'] != md5(md5($row['salt']).$password))

[KYKK]

ook..so.. it no work.. i change it to

<?phpsession_start();require_once 'db.php';$page_mode = isset($_POST['page_mode']) ? $_POST['page_mode'] : '';$error_string = '';if ($page_mode == 'login'){  $username = $_POST['username'];  $password = $_POST['password'];  $salt = $_POST['salt'];  if (trim($username) == '' || trim($password) == '')    $error_string .= 'Please enter your username and password.<br>';  else  {$result = db_query("SELECT username,password,salt FROM mybb_users WHERE username='" . mysql_real_escape_string($username) . "'");    if (!($row = mysql_fetch_assoc($result)))      $error_string .= 'The username was not found.<br>';elseif ($row['password'] != md5(md5($row['salt']).$password))      $error_string .= 'The password did not match.<br>';    else    {      $_SESSION['user_id'] = $row['id'];      $_SESSION['username'] = $row['username'];      $_SESSION['password'] = $row['password'];      $_SESSION['salt'] = $row['salt'];      header('Location: index.php');      exit();    }  }}?>

the right place ? and i add echo "Input: " . md5($password);?> in the HTML and it show the right "salt" but it would login or it still say password don;t match....this where i put it...http://ksbsm.co.cc/TESTING/login.php login with KS, pass is ksclans this from the databaseusername: KSpassword: 30e9a3824f66b7fee9e9fca147a72f82salt:hQUTA5Xlbtw other then salt there login key..

[KYKK]

um,, so ,, any clue y it don;t work ?? thanks

[Wander]

try to echo each query and print_r the arrays at different places at the pagethen see where it doesnt do what u want it to do

[KYKK]

well the problem is the input is different from the database and input using md5 and the forums is md5 too..or maybe i just add a password field and if it match some password then it allow to go in ? then do it need PHP ? like don;t connect to database and stuff just a password i set and everyone enter the same password... how can i do that ?