Jump to content

Log in PHPBB integration


scottish_jason

Recommended Posts

Hi, I cant for the life of me work out why this code is failing to work, i

 

I have an if (isset($_SESSION['username'])  at the bottom section to check if somebody is logged in, if they are not display the log in box

 

then I have if ($_POST['login']) below which is supposed to execute once I press the log in button but it doesnt seem to as my test "hello" doesnt seem to appear, when I click on the log in button the page just refreshes and the log in box still stays visible, any suggestions why this is not working?

 

<h2>Log in</h2><br>
<?php
if ($_POST['login'])
{
echo "hello";
//connect
$error = 'Could not connect to the database';
mysql_connect('localhost','forum','forum') or die($error);
mysql_select_db('phpbb') or die($error);

//include functions.php phpbb script
require 'forum/includes/functions.php';

//get form data
$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));

if (!$username||!$password)
    echo "Please enter a username and password<p />";
else
{
  //find username
  $find = mysql_query("SELECT * FROM phpbb_users WHERE username_clean='$username'");
  if (mysql_num_rows($find)==0)
     echo "Username not found<p />";
  else
  {
   while ($find_row = mysql_fetch_assoc($find))
   {
    // grab password hash for user
    $password_hash = $find_row['user_password'];
   }
   
   $check = phpbb_check_hash($password, $password_hash);
   if ($check==FALSE)
      echo "Incorrect password<p />";
   else if ($check==TRUE)
   {
    $_SESSION['username']=$username;
    header("Location: index.php");
    exit();
   }

  }
}



}
if (isset($_SESSION['username']))
{
echo Welcome;
}
else
{
echo '<form action="index.php" method="POST">

<input type="text" name="username" size=18>



<br><input type="password" name="password" size=18>
<br><input type="submit" name="login" value"Log in" size=10>';


}
?>

Link to comment
Share on other sites

session_start() is not on top of that example. Place it before any HTML or content is outputted.

 

that section is only a snippet of my index.php page, I have this at the top of my index.php

<?php
ob_start("ob_gzhandler");
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

Link to comment
Share on other sites

Yes.. Where you are posting the IF statement regarding if they are logged in or not. Tell us the results of this code (place it above or below it, but not in the IF statement)

 

echo '<pre>';
echo print_r($_SESSION);
echo '<br/>';
echo print_r($_POST);
echo '</pre>';

 

That should tell us your session and POST variables, if the form was actually sent, and the session if it wasn't sent.

Link to comment
Share on other sites

it isnt copying and pasting, he goes through it with you

 

His code is correct up to this final thing. Why do something he does not want to do? It's like mentioning to buy a jacket when you're almost done threading one you made, but have to finish a few more stitches you did incorrectly..

Link to comment
Share on other sites

Yes.. Where you are posting the IF statement regarding if they are logged in or not. Tell us the results of this code (place it above or below it, but not in the IF statement)

 

echo '<pre>';
echo print_r($_SESSION);
echo '<br/>';
echo print_r($_POST);
echo '</pre>';

 

That should tell us your session and POST variables, if the form was actually sent, and the session if it wasn't sent.

 

this is what I get with that code being used

 

Array

(

)

1

Array

(

)

1

[username] => user

[password] => password

[login] =>

Link to comment
Share on other sites

There. According to the $_SESSION array it is not being set. Why not run some debugging code?

 

   else if ($check==TRUE)
   {
    $_SESSION['username']=$username;
    die('session set, Lets check:' . $_SESSION['username']);
   }

 

Does it ever reach the DIE statement, and show the session?

Link to comment
Share on other sites

There. According to the $_SESSION array it is not being set. Why not run some debugging code?

 

   else if ($check==TRUE)
   {
    $_SESSION['username']=$username;
    die('session set, Lets check:' . $_SESSION['username']);
   }

 

Does it ever reach the DIE statement, and show the session?

 

actually it is now saying Could not connect to database, strange though because its connecting to the database for my news section with the same username and password

Link to comment
Share on other sites

I wonder if he gave this result from my answer or yours, shame when people miss the information they need, anyway if your listening :P..

 

Array

(

)

1

Array

(

)

1

[username] => user

[password] => password

[login] =>

 

This just doesnt make sense, It means both arrays (SESSION and POST) are empty and that some other array is populated with what you want, but you dint echo or print any other array, so youve either typed the result in your self incorrectly or you echoed something else.

 

Assuming the variables shown are found in the POST array:

 

as i said before, use: if(isset($_POST['login'])) (check wether its set), i beleive the default behaviour for if($variable) checks wether $variable is true or false (or 0 or 1 etc).

 

Also, the SESSION variable is empty, what is it supposed to have? phpBB's sessions? use print_r($_SESSION) on a phpBB file somewhere and check the sessions (what they are meant to be), then you can work out what you can do to keep them from page to page.

 

-CB-

Link to comment
Share on other sites

I wonder if he gave this result from my answer or yours, shame when people miss the information they need, anyway if your listening :P..

 

Array

(

)

1

Array

 

 

)

1

[username] => user

[password] => password

[login] =>

 

This just doesnt make sense, It means both arrays (SESSION and POST) are empty and that some other array is populated with what you want, but you dint echo or print any other array, so youve either typed the result in your self incorrectly or you echoed something else.

 

Assuming the variables shown are found in the POST array:

 

as i said before, use: if(isset($_POST['login'])) (check wether its set), i beleive the default behaviour for if($variable) checks wether $variable is true or false (or 0 or 1 etc).

 

Also, the SESSION variable is empty, what is it supposed to have? phpBB's sessions? use print_r($_SESSION) on a phpBB file somewhere and check the sessions (what they are meant to be), then you can work out what you can do to keep them from page to page.

 

-CB-

 

yes I am sorry I never copied and pasted that section, I just typed it in as im working on a virtual machine and couldnt paste between and I typed it wrong... sorry

 

the username & password are inside the 2nd array (post)

Link to comment
Share on other sites

Chemical Bliss, My snipped was the same as yours, what are you on about?

 

Did you get the database thing sorted out OP?

 

as i said before' date=' use: if(isset($_POST['login''])) (check wether its set), i beleive the default behaviour for if($variable) checks wether $variable is true or false (or 0 or 1 etc).

 

Yes, "isset" and the ternary boolean are essentially the same thing.

Link to comment
Share on other sites

AhhhHHH.

 

I think I got your original problem.

 

At the beginning you check if the login is set (aka they used the form)

if ($_POST['login'])
{

...

if (isset($_SESSION['username']))
{
echo Welcome;
}

 

How does that code run? If they're logged in, the POST data from the form will not be there! And therefor that code will NEVER run.

 

Move the session check out of the parent IF statement.

Link to comment
Share on other sites

AhhhHHH.

 

I think I got your original problem.

 

At the beginning you check if the login is set (aka they used the form)

if ($_POST['login'])
{

...

if (isset($_SESSION['username']))
{
echo Welcome;
}

 

How does that code run? If they're logged in, the POST data from the form will not be there! And therefor that code will NEVER run.

 

Move the session check out of the parent IF statement.

 

But I dont want the log in box to display if they are logged in, only want it to say welcome *user*

the code does now run...  but im getting a wrong password error even though the password is correct

Link to comment
Share on other sites

But it will never say 'welcome', Because you are redirecting (via header()) thus destroying all the POST data. So the 'welcome' message telling them their name won't even run.

 

oh I see, should I just take out that line?

It's not even getting to that line anyway.... because the the check is not true for the password hash compare and its outputting wrong password, i dont know why because its a phpbb function already written

Link to comment
Share on other sites

But it will never say 'welcome', Because you are redirecting (via header()) thus destroying all the POST data. So the 'welcome' message telling them their name won't even run.

 

oh I see, should I just take out that line?

 

Just remember all your code will run, only if $_POST is set. That means when you next view the page, no code will run, even if the session did set..

 

You need to take the session check out of the if (isset($_POST['login'])) { .. block.

 

That means, when they next load the page, if there is NO post data, but there is a session (as set if it was authenticated by your code) , then it will say "Welcome."

Link to comment
Share on other sites

Oni-Kun. I have no idea what you mean when you ask,

Chemical Bliss, My snipped was the same as yours, what are you on about?

 

and then quoting my code? You never mentioned isset()?

 

And you are wrong,

Yes, "isset" and the ternary boolean are essentially the same thing.

 

no, Booleans are True/False, wether a variable is set or not is entirely different, a variable with no data can return false. Thus, in fact, the only way to check if a variable exists (post data with no data), use isset(), as i said before.

 

Would like to know .. what are you on about?

 

--------------

 

Jason;

 

Maybe you need to rethink the general structure of your script. It should be something like:

 

If(Session Exists){

  // Continue to load page normally

}else{

  // Show log in page

}

 

To make it easier to understand you can use a function checkbbsession() that you make yourself that will check wether the person is logged in or not. and should return true or false respectively.

 

You should also indent your code to make it easier to read and debug mistakes.

 

Also, Oni-Kun, the Session if statement is already outside of the POST check statement?

 

-CB-

 

-CB-

Link to comment
Share on other sites

Oni-Kun. I have no idea what you mean when you ask,

Chemical Bliss, My snipped was the same as yours, what are you on about?

 

and then quoting my code? You never mentioned isset()?

 

And you are wrong,

Yes, "isset" and the ternary boolean are essentially the same thing.

 

no, Booleans are True/False, wether a variable is set or not is entirely different, a variable with no data can return false. Thus, in fact, the only way to check if a variable exists (post data with no data), use isset(), as i said before.

 

Would like to know .. what are you on about?

 

--------------

 

Jason;

 

Maybe you need to rethink the general structure of your script. It should be something like:

 

If(Session Exists){

  // Continue to load page normally

}else{

  // Show log in page

}

 

To make it easier to understand you can use a function checkbbsession() that you make yourself that will check wether the person is logged in or not. and should return true or false respectively.

 

You should also indent your code to make it easier to read and debug mistakes.

 

Also, Oni-Kun, the Session if statement is already outside of the POST check statement?

 

-CB-

 

-CB-

 

Thanks for the help

 

at the moment the page seems to be displaying properly, but I just cant get logged in due to this wrong password thing, once that works I will be able to see if the welcome is displayed properly and if not I will change the structure as you recommended

 

It seems like the hash check function supplied with phpbb is not comparing the hashes properly?

 

When i type in a wrong username it says user does not exist, and when I type in the correct password it says wrong password

Link to comment
Share on other sites

Maybe this will help, take notice of the formatting and the comments (will tell you what ive changed).

 

<h2>Log in</h2><br>
<?php

if ($_POST['login'])
{
// echo "hello"; // a test echo?

//connect
mysql_connect('localhost','forum','forum') or die(mysql_error()); // mysql_error() tells u what mysql actually says.
mysql_select_db('phpbb') or die(mysql_error());

//include functions.php phpbb script
require 'forum/includes/functions.php';

//get form data
$username = strtolower($_POST['username']); // You dont need all this sanitization, you are not displaying what they type, you are checking it.
$password = $_POST['password'];

if (!$username || !$password){
	echo "Please enter a username and password<p />";
}else{
	//find username

		//username_clean ? just use the actual username they used to signup with, making variable usernames just adds headaches.
	$find = mysql_query("SELECT * FROM phpbb_users WHERE username='".mysql_real_escape_string($username)."'") or die(mysql_error());

	if (mysql_num_rows($find) == 0){
		echo "Username not found<p />";
	}else{
		// Easier way to get one column of data:
		$password_hash = mysql_result($find_row,0,'user_password');

		/*
		while($find_row = mysql_fetch_assoc($find))	{
			// grab password hash for user
			$password_hash = $find_row['user_password'];
		} */

		$check = phpbb_check_hash($password, $password_hash);
		if ($check == FALSE){
			echo "Incorrect password<p />";
		}else if ($check==TRUE){
			$_SESSION['username'] = $username;
			header("Location: index.php");
			exit();
		}
	}
}
}else{
// Added Else, Only show this part if they are not trying to login.
if (isset($_SESSION['username'])){
	echo Welcome;
}else{
	echo '<form action="index.php" method="POST">

	<input type="text" name="username" size=18>



	<br><input type="password" name="password" size=18>
	<br><input type="submit" name="login" value"Log in" size=10>';
}
}
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.