Jump to content

Mysql Error Please Help....

shujjah

By shujjah
in PHP

Recommended Posts

shujjah Member

shujjah

Posted
Posted

Alright I am getting this error when trying to log in ...

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/xxxx/checkuser.php on line 107Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/xxxx/checkuser.php on line 108The username or password you entered is incorrect, please try again.
So heres my checkuser.php
<?  define ('_VALID_INCLUDE', TRUE);  include 'config.php';  $v1 = $_POST[username];  $v2 = $_POST[password];  if ($user_system == 'ccms')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo '<meta http-equiv="refresh" content="2; url=login.html">';	  echo '' . $font . ' ' . $lang_login_messagea;	}	$username = $_POST[username];	$password = $_POST[password];	$username_fixed = mysql_real_escape_string ($username);	$pass = md5 ($password);	$sql = mysql_query ('' . 'SELECT * FROM ccms_user WHERE username=\'' . $username_fixed . '\' AND PASSWORD=\'' . $pass . '\' AND activated=\'1\'');	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  $uid = $row[userid];	  if ((($row[user_level] == '0' OR $row[activated] == '0') OR $username == 'Guest'))	  {		echo '' . '<b>' . $lang_error . '</b>: ' . $lang_login_restricted;		continue;	  }	  else	  {		setcookie ('T4mv8', '' . $row['userid'], time () + 1209600);		setcookie ('Gw7q', '' . $row['password'], time () + 1209600);		$timenow = date ('YmdHis');		$timenow2 = date ('Y-m-d H:i:s');		$thetime = $timenow;		$thetime2 = $timenow2;		mysql_query (('' . 'UPDATE ccms_user SET last_login="' . $thetime2 . '" WHERE userid="' . $uid . '"'));		echo '<meta http-equiv="refresh" content="0; url= index.php">';		continue;	  }	}  }  if ($user_system == 'vb')  {	$username = $_POST[username];	$password = $_POST[password];	if ((!$_POST[username] OR !$_POST[password]))	{	  echo '<meta http-equiv="refresh" content="2; url=login.html">';	  echo '' . $font . ' ' . $lang_login_messagea;	}	$username_fixed = mysql_real_escape_string ($username);	$vbquery = mysql_query ('' . 'SELECT salt FROM ' . $user_system_usertable . ' WHERE username=\'' . $username . '\'');	$vb = mysql_fetch_array ($vbquery);	$salt = $vb[0];	$fullmd5 = md5 (md5 ($password) . $salt);	$sql = mysql_query ('' . 'SELECT * FROM ' . $user_system_usertable . ' WHERE username=\'' . $username_fixed . '\' AND password=\'' . $fullmd5 . '\'');	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  if ($row[user_level] == '0')	  {		echo '' . '<b>' . $lang_error . '</b>: ' . $lang_login_restricted;		continue;	  }	  else	  {		setcookie ('T4mv8', '' . $row['userid'], time () + 1209600);		setcookie ('Gw7q', '' . $row['password'], time () + 1209600);		echo '<meta http-equiv="refresh" content="0; url= index.php">';		continue;	  }	}  }  if ($user_system == 'smf')  {	$username = $_POST[username];	$password = $_POST[password];	$username_fixed = mysql_real_escape_string ($username);	$fullmd5 = sha1 (strtolower ($username_fixed) . $password);	$sql = mysql_query ('' . 'SELECT * FROM smf_members WHERE memberName=\'' . $username_fixed . '\' AND passwd=\'' . $fullmd5 . '\'');	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['ID_MEMBER'] . ';', time () + 1209600);	  setcookie ('Gw7q', '' . $row['passwd'], time () + 1209600);	  echo '<meta http-equiv="refresh" content="0; url= index.php">';	}  }  if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo '<meta http-equiv="refresh" content="2; url=login.html">';	  echo '' . $font . ' ' . $lang_login_messagea;	}	$username = $_POST[username];	$password = $_POST[password];	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);	$sql = mysql_query ('' . 'SELECT * FROM ' . $user_system_usertable . ' WHERE username=\'' . $username . '\' AND user_password=\'' . $md5 . '\'');	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);	  echo '<meta http-equiv="refresh" content="0; url= index.php">';	}  }  if ($user_system == 'ibp')  {  }  if (!$logincheck)  {	echo '<meta http-equiv= \'refresh\' content= \'2; url=login.html\'>';	echo '' . '<span class="content">' . $lang_login_messageb;  }?>

and here's my config.php

<?phpdefined('_VALID_INCLUDE') or die('Direct access to this file not allowed.');//------------------- Misc. Settings -------------------//putenv("TZ=America/Toronto");$stats = "0";			// Enable stats?$descriptions_enabled = "1";		// Show page descriptions in the admin cp?[color="#FF0000"]$user_system = "phpbb";		// User system $user_system_usertable = "speedyz_phpbb_users";	// The name of the user table (if you're using the default [ccms] user system leave it blank)[/color]$config_pm_popup = "1";		// Popup window when a new pm arrives? 1 = yes, anything else = no//------------------- Language -------------------//if ($adminp == '1') {	include "admincp/language/language.php";	include "admincp/language/language_desc.php";} else {	include "language/language.php";}//------------------- Change these values to reflect your database -------------------//$dbhost = 'localhost';		// db host$dbusername = 'xxxxx';		// db user name$dbpasswd = 'xxxxxx';			// db pasword$database_name = 'speedyz_ccms';	// db name$connection = mysql_connect("$dbhost","$dbusername","$dbpasswd") or die ("Couldn't connect to server.");$db = mysql_select_db("$database_name", $connection) or die ("Couldn't select database.");?>

Alright if I use the defualt CMS user sytem (see the red in the above code) then everything works fine but when I try to use the phpbb one it gives the above error ... and even though the username and password are current it still gives this

The username or password you entered is incorrect, please try again.

along with the mysql error...Thanks in Advance,

Link to comment
Share on other sites
jeffman w3schools Guru

jeffman

Posted
Posted

The first two errors occur because your query is returning false. You may be losing yourself in quotation marks. This is more common:$sql = mysql_query ("SELECT * FROM ccms_user WHERE username='$username_fixed' AND PASSWORD='$pass' AND activated='1'");If it doesn't work, then you can be sure your fieldnames or variables are broken.You really should use isset() or empty() to test your $_POST variables, rather than a simple Boolean test. If they turn up empty, send a location header, not a meta refresh. And explicitly exit the script at that point, or you're going to keep executing statements. That probably goes for other spots in the script where you're sending meta refresh.That's enough to get started on, anyway.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

Alright I tried the code that you gave me .....so now my file looks something like this concerned part of checkuser.php

if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo 'you cant fool me';	}	$username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);   $sql = mysql_query ("SELECT * FROM speedyz_phpbb_users WHERE username='$username_fixed' AND PASSWORD='$pass' AND activated='1'");	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);	  echo '<meta http-equiv="refresh" content="0; url= index.php">';	}  }

login_form.php

<table border="0" cellpadding="1" cellspacing="0"><form action="checkuser.php" method="post" name="" id=""><tr> 	<td><SPAN class="content"> <?echo "$lang_username"?>:</td>	<td><input name="username" size="25" type="text" id="username" class="input"></td></tr><tr>	<td><SPAN class="content"> <?echo "$lang_password"?>:</td>	<td><input name="password" type="password" size="25" id="password" class="input"></td></tr><tr>	<td></td>	<td><input TYPE="IMAGE" src="images/login.gif" name="Submit" value="Submit"></td></tr><tr>	<td></td>	<td><a class="contentlight" href="register.html"><?echo "$lang_create_account"?></a></td></tr><tr>	<td></td>	<td><a class="contentlight" href="forgotpw.php"><?echo "$lang_forgot_password"?></a></td></tr></form></table>

Also the fact since the same variables work when the system is ccms.. means that there is nothing wrong with them....maybe I was thinking there was something wrong with this ?see the red part in both scripts

<?phpdefined('_VALID_INCLUDE') or die('Direct access to this file not allowed.');//------------------- Misc. Settings -------------------//putenv("TZ=America/Toronto");$stats = "0";			// Enable stats?$descriptions_enabled = "1";		// Show page descriptions in the admin cp?$user_system = "phpbb";		// User system$user_system_usertable = "speedyz_phpbb_users";	// The name of the user table (if you're using the default [ccms] user system leave it blank)$config_pm_popup = "1";		// Popup window when a new pm arrives? 1 = yes, anything else = no//------------------- Language -------------------//if ($adminp == '1') {	include "admincp/language/language.php";	include "admincp/language/language_desc.php";} else {	include "language/language.php";}//------------------- Change these values to reflect your database -------------------//$dbhost = 'localhost';		// db host$dbusername = 'speedyz_shujjah';		// db user name$dbpasswd = 'speedyz9229';			// db pasword[color="#FF0000"]$database_name = 'speedyz_ccms';[/color]	// db name$connection = mysql_connect("$dbhost","$dbusername","$dbpasswd") or die ("Couldn't connect to server.");$db = mysql_select_db("$database_name", $connection) or die ("Couldn't select database.");?>

whereas in the check_user I am using a different database.... 

..................$sql = mysql_query ("SELECT * FROM [color="#FF0000"]speedyz_phpbb_users [/color]...............

thanks for your help in advance....

Link to comment
Share on other sites
jeffman w3schools Guru

jeffman

Posted
Posted

Well, you changed this part, so I don't think it will work. There is no $pass variable now.$md5 = md5 ($password);$sql = mysql_query ("SELECT * FROM speedyz_phpbb_users WHERE username='$username_fixed' AND PASSWORD='$pass' AND activated='1'");You might try building your query string, and echoing it, before passing it to mysql_query. $username_fixed and $md5 have been processed. It could be that the string looks exactly as you expect, or it might not. Either way, you want to be sure.As for the stuff you tried to put in red, one is a database and the other is a table. There should be no conflict there. Of course, only you can be sure what the actual names are.I assume you're getting a connection and a database, since you're not getting any die messages. So it has to be something in your query. You might try this, just to see if you're hitting the table correctly:$sql = mysql_query ("SELECT * FROM speedyz_phpbb_users");echo $sql;

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

alright now with this script.....

 if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo 'you cant fool me';	}	$username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);echo $username;echo $md5;$sql2 = mysql_query ("SELECT * FROM speedyz_phpbb_users");echo $sql2;    $sql = mysql_query ("SELECT * FROM speedyz_phpbb_users WHERE username='$username_fixed' AND PASSWORD='$md5' AND activated='1'");	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);		  }  }  if ($user_system == 'ibp')  {  }  if (!$logincheck)  {	echo 'wait.. I am working on it';     }?>

I get thisSpEeDyZe48xxx2xxxxx1xxxxxxxxf3d4e49c1Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 113Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 114wait.. I am working on itah man..thanks for your help in advance...

Link to comment
Share on other sites
jeffman w3schools Guru

jeffman

Posted
Posted

This statementecho $sql2; should be echoing a Resource ID. Since it doesn't, "SELECT * FROM speedyz_phpbb_users" is wrong somehow. So the error has nothing to do with your password or username. All I can guess is that the tablename is misspelled or the table doesn't exist in the database you connected to.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

thats exactly what I was trying to tell in my last post ..... in config I connect to speedyz_cms but then in checkuser.php I am using speedyz_phpbb .. so what should I do now ? Close that conn and make a new one before that phpbb if statement in check user .php ?

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

tried this

mysql_close($connection);$con = mysql_connect("localhost","speedyz_shujjah","xxxxxxx");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("speedyz_phpbb", $con);  if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo 'you cant fool me';	}	$username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);echo $username;echo $md5;$sql2 = mysql_query ("SELECT * FROM users");echo $sql2;    $sql = mysql_query ("SELECT * FROM users WHERE username='$username_fixed' AND PASSWORD='$md5' AND activated='1'");	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);		  }  }

and still get .....speedyzexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxWarning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 121Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 122wait.. I am working on it

Link to comment
Share on other sites
jeffman w3schools Guru

jeffman

Posted
Posted

Well, sorry. I'm not very good at scrolling up and down through so much code. I get that you're working with 2 different databases. What I still don't know is what each one contains, so it's hard for me to say what's right.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted 
mysql_close($connection);$con = mysql_connect("localhost","speedyz_shujjah","speedyz9229");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("speedyz_phpbb", $con);  if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo 'you cant fool me';	}	$username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);echo $username;echo $md5;$sql2 = mysql_query ("SELECT * FROM users");echo $sql2;    $sql = mysql_query ("SELECT * FROM users WHERE username='$username_fixed' AND PASSWORD='$md5'");	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);		  }  }

tried this and still get the same error

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

It doesn't matter what the databases are for. If you're working with more than one, no matter how many there are, or what applications they go to, it's going to be easier to manage if each database uses its own connection. The code you posted doesn't have the queries using a certain connection, just "the last connection". It's better to specify exactly which connection each database function should use. All of the mysql_* functions have a way to say which connection it should use.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted
It doesn't matter what the databases are for. If you're working with more than one, no matter how many there are, or what applications they go to, it's going to be easier to manage if each database uses its own connection. The code you posted doesn't have the queries using a certain connection, just "the last connection". It's better to specify exactly which connection each database function should use. All of the mysql_* functions have a way to say which connection it should use.
the connection in the file was $connection which is a part of config.php and is inlcuded in checkuser.php but before the script I close that connection ( which selects the cms databse ) and create a new connection which selects the db that I need... as I posted above all the new connections is fine it works well..... If I just fetch all the values in the phpbb databse with the new connection ( $sql ) it works but it doesnt when I try to select and test the username and password in the script that I last posted...
Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

It's not necessary to close the connection, you only need to use mysql_select_db if you want to use a different database with the same connection.If this query isn't returning any rows:$sql = mysql_query ("SELECT * FROM users WHERE username='$username_fixed' AND PASSWORD='$md5' AND activated='1'");Then the obvious answer is that it doesn't match any rows.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

actually I am not only getting that the username and password is incorrect along with it I am also getting the two mysql errorsthis is what I getspeedyz7646a9ccd32115d25c43699da2f6eb2cResource id #5Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 72Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/speedyz/public_html/CCMS/checkuser.php on line 73The username or password you entered is incorrect, please try again.and I have checked directly from phpmyadmin and the row does exist.......

Sort by key:Full Texts user_id user_type group_id user_permissions user_perm_from user_ip user_regdate username username_clean user_password user_passchg user_pass_convert user_email user_email_hash user_birthday user_lastvisit user_lastmark user_lastpost_time user_lastpage user_last_confirm_key user_last_search user_warnings user_last_warning user_login_attempts user_inactive_reason user_inactive_time user_posts user_lang user_timezone user_dst user_dateformat user_style user_rank user_colour user_new_privmsg user_unread_privmsg user_last_privmsg user_message_rules user_full_folder user_emailtime user_topic_show_days user_topic_sortby_type user_topic_sortby_dir user_post_show_days user_post_sortby_type user_post_sortby_dir user_notify user_notify_pm user_notify_type user_allow_pm user_allow_viewonline user_allow_viewemail user_allow_massemail user_options user_avatar user_avatar_type user_avatar_width user_avatar_height user_sig user_sig_bbcode_uid user_sig_bbcode_bitfield user_from user_icq user_aim user_yim user_msnm user_jabber user_website user_occ user_interests user_actkey user_newpasswd user_form_salt Edit Delete 1 2 1 [bLOB - 441 B] 0 1209136051 Anonymous anonymous 0 0 0 0 0 1214041931 4YCIN4U5AZ 1214735338 0 0 0 0 0 0 en 0.00 0 d M Y H:i 2 0 0 0 0 0 -3 0 0 t d 0 t a 0 1 0 1 1 1 0 895 0 0 0 [bLOB - 0 B] [bLOB - 0 B] [bLOB - 0 B] 96920af1df7db004 Edit Delete 2 3 5 [bLOB - 441 B] 0 202.83.172.202 1209136051 SpEeDyZ speedyz xxxxxxxxxxxxxxxxxxxx 1228719464 0 admin@gamerzgalore.net 41362561722 20-12-1992 1236076619 0 1236074711 index.php 1231841507 0 0 0 0 0 1599 en 0.00 0 D M d, Y g:i a 2 4 AA0000 0 5 1236013047 0 -3 0 0 t d 0 t a 0 1 0 1 1 1 1 895 http://i67.photobucket.com/albums/h313/Shujjah/f_A... 2 100 100 [bLOB - 346 B] uig4savl GA== Milkyway Galaxy http://www.gamerzgalore.net [bLOB - 13 B] [bLOB - 49 B] a71d8204c2dc5808
Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

ok shew thanks got it working now no more my sql errors..... this is the mysql that worked

$sql = mysql_query ("SELECT * FROM phpbb_users WHERE username='$username_fixed' AND user_password='$md5'") or die("A MySQL error has occurred.<br /><br /> Error: (" . mysql_errno() . ") " . mysql_error());	$logincheck = mysql_num_rows ($sql);

so now there's another problem...... it is giving me that the username and password is incorrect .... whereas when I use the same username and password in my phpbb forums .. it works fine it logs me in ... but it doesnt when I use it with the cms ( that I am trying to integrate ) ..could it be something related to md5 or anything ?

SpEeDyZe488df263b90510d3c4e997f3d4e49c1Resource id #5The username or password you entered is incorrect, please try again.
the code
  $username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);echo $username;echo $md5;$sql2 = mysql_query ("SELECT * FROM phpbb_users");echo $sql2;   $sql = mysql_query ("SELECT * FROM phpbb_users WHERE username='$username_fixed' AND user_password='$md5'") or die("A MySQL error has occurred.<br /><br /> Error: (" . mysql_errno() . ") " . mysql_error());	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);		  }  }

Thanks in advance for your great help and support..

Link to comment
Share on other sites
justsomeguy w3schools Guru

justsomeguy

Posted
Posted

Check the password value in the database to make sure your MD5 hash is the same. I would be surprised if phpbb only uses MD5 for passwords. In fact, I don't know why anyone would use MD5 for a password hash when there are better ways.

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted
Check the password value in the database to make sure your MD5 hash is the same. I would be surprised if phpbb only uses MD5 for passwords. In fact, I don't know why anyone would use MD5 for a password hash when there are better ways.
this is my password in my db
$H$9Q75cEg0a6MigHrjRZCnYKp/2MpeyH/
whereas this is the password when I echo $md5
e488df263b90510d3c4e997f3d4e49c1
?
Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

Alright I tried another thing ..... instead of using the $md5 variable in the mysql query I used $password one and copy pasted the password from my db into the login form... I got no username and password incorrect error but instead got this...

SpEeDyZ7646a9ccd32115d25c43699da2f6eb2cResource id #5Warning: Cannot modify header information - headers already sent by (output started at /home/speedyz/public_html/CCMS/checkuser.php:61) in /home/speedyz/public_html/CCMS/checkuser.php on line 69Warning: Cannot modify header information - headers already sent by (output started at /home/speedyz/public_html/CCMS/checkuser.php:61) in /home/speedyz/public_html/CCMS/checkuser.php on line 70
I recheked the script it is in the format UTF-8 without BOM and there are no empty lines..in the script the ones in the red are line 69 and 70
<?  define ('_VALID_INCLUDE', TRUE);  include 'config.php';  $v1 = $_POST[username];  $v2 = $_POST[password];  if ($user_system == 'ccms')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo '<meta http-equiv="refresh" content="2; url=login.html">';	  echo '' . $font . ' ' . $lang_login_messagea;	}	$username = $_POST[username];	$password = $_POST[password];	$username_fixed = mysql_real_escape_string ($username);	$pass = md5 ($password);	$sql = mysql_query ('' . 'SELECT * FROM ccms_user WHERE username=\'' . $username_fixed . '\' AND PASSWORD=\'' . $pass . '\' AND activated=\'1\'');	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{	  $uid = $row[userid];	  if ((($row[user_level] == '0' OR $row[activated] == '0') OR $username == 'Guest'))	  {		echo '' . '<b>' . $lang_error . '</b>: ' . $lang_login_restricted;		continue;	  }	  else	  {		setcookie ('T4mv8', '' . $row['userid'], time () + 1209600);		setcookie ('Gw7q', '' . $row['password'], time () + 1209600);		$timenow = date ('YmdHis');		$timenow2 = date ('Y-m-d H:i:s');		$thetime = $timenow;		$thetime2 = $timenow2;		mysql_query (('' . 'UPDATE ccms_user SET last_login="' . $thetime2 . '" WHERE userid="' . $uid . '"'));		echo '<meta http-equiv="refresh" content="0; url= index.php">';		continue;	  }	}  }mysql_close($connection);$con = mysql_connect("localhost","speedyz_shujjah","speedyz9229");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("speedyz_phpbb", $con);  if ($user_system == 'phpbb')  {	if ((!$_POST[username] OR !$_POST[password]))	{	  echo 'you cant fool me';	}	$username = $_POST[username];	$password = $_POST[password];if (empty($password)) {	echo '$var is either 0, empty, or not set at all';}	$username_fixed = mysql_real_escape_string ($username);	$md5 = md5 ($password);echo $username;echo $md5;$sql2 = mysql_query ("SELECT * FROM phpbb_users");echo $sql2;   $sql = mysql_query ("SELECT * FROM phpbb_users WHERE username='$username_fixed' AND user_password='$password'") or die("A MySQL error has occurred.<br /><br /> Error: (" . mysql_errno() . ") " . mysql_error());	$logincheck = mysql_num_rows ($sql);	while ($row = mysql_fetch_assoc ($sql))	{ [color="#FF0000"]	 setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);[/color]		  }  }  if (!$logincheck)  {	echo '' . '<span class="content">' . $lang_login_messageb;  }?>

thanks but thats not the first problem first I need to know how to get the password in the same form as in the phpbb db.....Edit: If I remove these two lines from the code

 setcookie ('T4mv8', '' . $row['user_id'], time () + 1209600);	  setcookie ('Gw7q', '' . $row['user_password'], time () + 1209600);

and instead insert something like echo "success"; then it works fine... and it echoes the given word...

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

Alright I made a topic in the phpbb support forums and they said that phpbb uses a salted md5 hash.. and they told me to look in functions.phpwhere I found this

* @version Version 0.1 / $Id: functions.php 8491 2008-04-04 11:41:58Z acydburn $** Portable PHP password hashing framework.** Written by Solar Designer <solar at openwall.com> in 2004-2006 and placed in* the public domain.** There's absolutely no warranty.** The homepage URL for this framework is:**	http://www.openwall.com/phpass/** Please be sure to update the Version line if you edit this file in any way.* It is suggested that you leave the main version number intact, but indicate* your project name (after the slash) and add your own revision information.** Please do not change the "private" password hashing method implemented in* here, thereby making your hashes incompatible.  However, if you must, please* change the hash type identifier (the "$P$") to something different.** Obviously, since this code is in the public domain, the above are not* requirements (there can be none), but merely suggestions.*** Hash the password*/function phpbb_hash($password){	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';	$random_state = unique_id();	$random = '';	$count = 6;	if (($fh = @fopen('/dev/urandom', 'rb')))	{		$random = fread($fh, $count);		fclose($fh);	}	if (strlen($random) < $count)	{		$random = '';		for ($i = 0; $i < $count; $i += 16)		{			$random_state = md5(unique_id() . $random_state);			$random .= pack('H*', md5($random_state));		}		$random = substr($random, 0, $count);	}	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);	if (strlen($hash) == 34)	{		return $hash;	}	return md5($password);}/*** Check for correct password*/function phpbb_check_hash($password, $hash){	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';	if (strlen($hash) == 34)	{		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;	}	return (md5($password) === $hash) ? true : false;}/*** Generate salt for hash generation*/function _hash_gensalt_private($input, &$itoa64, $iteration_count_log2 = 6){	if ($iteration_count_log2 < 4 || $iteration_count_log2 > 31)	{		$iteration_count_log2 = 8;	}	$output = '$H$';	$output .= $itoa64[min($iteration_count_log2 + ((PHP_VERSION >= 5) ? 5 : 3), 30)];	$output .= _hash_encode64($input, 6, $itoa64);	return $output;}/*** Encode hash*/function _hash_encode64($input, $count, &$itoa64){	$output = '';	$i = 0;	do	{		$value = ord($input[$i++]);		$output .= $itoa64[$value & 0x3f];		if ($i < $count)		{			$value |= ord($input[$i]) << 8;		}		$output .= $itoa64[($value >> 6) & 0x3f];		if ($i++ >= $count)		{			break;		}		if ($i < $count)		{			$value |= ord($input[$i]) << 16;		}		$output .= $itoa64[($value >> 12) & 0x3f];		if ($i++ >= $count)		{			break;		}		$output .= $itoa64[($value >> 18) & 0x3f];	}	while ($i < $count);	return $output;}/*** The crypt function/replacement*/function _hash_crypt_private($password, $setting, &$itoa64){	$output = '*';	// Check for correct hash	if (substr($setting, 0, 3) != '$H$')	{		return $output;	}	$count_log2 = strpos($itoa64, $setting[3]);	if ($count_log2 < 7 || $count_log2 > 30)	{		return $output;	}	$count = 1 << $count_log2;	$salt = substr($setting, 4, 8);	if (strlen($salt) != 8)	{		return $output;	}	/**	* We're kind of forced to use MD5 here since it's the only	* cryptographic primitive available in all versions of PHP	* currently in use.  To implement our own low-level crypto	* in PHP would result in much worse performance and	* consequently in lower iteration counts and hashes that are	* quicker to crack (by non-PHP code).	*/	if (PHP_VERSION >= 5)	{		$hash = md5($salt . $password, true);		do		{			$hash = md5($hash . $password, true);		}		while (--$count);	}	else	{		$hash = pack('H*', md5($salt . $password));		do		{			$hash = pack('H*', md5($hash . $password));		}		while (--$count);	}	$output = substr($setting, 0, 12);	$output .= _hash_encode64($hash, 16, $itoa64);	return $output;}

now its a long piece of code for just a salted md5 password and I dont really understand it .. so can you please help me out with it ? What piece of script should I use.... ?heres the whole functions.php because I dont really know if I have got the right code... ( the code has comments with every function so it is easier to search ) http://rapidshare.com/files/205152287/functions.php.html

Link to comment
Share on other sites
shujjah Member

shujjah

Posted
  • Author
Posted

Alright I tried that code .. I included that functions.php and called than php hash() function but then I got a blank white page.... thinking that probably there was something wrong the the function ... I removed it from the script and again got a blank page... then I removed that include function.php line from the code and then the rest of the script starting working again ? so what's wrong with that functions.php ? why does it result in a blank page ? ( I have included a link to download it in my previous post )

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...