Jump to content

PHP Auth verification system (need some help)


NTSmarkv

Recommended Posts

Ok So the main purpose of this is:

 

1). User has to grab a OTP from the generator (work's)

2) the OTC updates in the database field (work's) via the person's user_email

3). it sends an email containing the OTP

 

what it is not doing is, when they go and login, it just keeps saying invalid login credentials.

 

I'm pasting my code below to see if anyone can help me out here. this is still a work in progress.

 

 

do_login.php (not working here) Keep's saying invalid password.

 

<?php
if(empty($_POST)) exit;

include 'config.php';

// declare post fields

$post_user_email = trim($_POST['user_email']);
$post_password = trim($_POST['authcode']);

$post_autologin = $_POST['autologin'];

if(($post_user_email == $config_email) && ($post_password == $config_password))
{
$_SESSION['Site-Key'] = $config_email;

// Autologin Requested?

if($post_autologin == 1)
{
$password_hash = md5($config_password); // will result in a 32 characters hash

setcookie ($cookie_name, 'usr='.$config_email.'&hash='.$password_hash, time() + $cookie_time);
}

exit('OK');
}
else
{
echo '<div id="error_notification">The submitted login info is incorrect.</div>';
}
?>

 

 

Index.php

 

<?php
require_once 'config.php';


if(isset($_SESSION['google-ads123123']))
{
header("Location: http://forum.site1.com");
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
  <TITLE>Access Required</TITLE>

  <script type="text/javascript" src="js/mootools-1.2.1-core-yc.js"></script>
  <script type="text/javascript" src="js/process.js"></script>

  <link rel="stylesheet" type="text/css" href="style.css" />
</HEAD>

<BODY>

<center>

<div id="status">

<fieldset><legend align="center">Authentication</legend>

<div id="login_response"><!-- spanner --></div>

<form id="login" name="login" method="post" action="do_login.php">
<table align="center" width="200" border="0">
<tr>
<td width="80">Email</td><td><input id="user_email" type="text" name="user_email"></td>
</tr>
<tr>
<td>AuthCode:</td>
<td><input type="password" name="authcode"></td>
</tr>
<tr>
<td> </td>
<td><input type="checkbox" name="autologin" value="1">Remember Me</td>
</tr>
<tr>
<td> </td>
<td><input id="submit" type="submit" name="submit" value="Login">
<br />
<a href="getcode.php"> Get Auth Code </a>
<div id="ajax_loading"><img align="absmiddle" src="images/spinner.gif"> Processing...</div></td>
</tr>
</table>
</form>
</fieldset>

</div>

</center>
</BODY>
</HTML>

 

 

getcode.php (generates a MD5 and adds into db)

 

<?php
$db_host = '123';
$db_username = '123';
$db_password = '123';
$db_name = '123';


@mysql_connect($db_host, $db_username, $db_password) or die(mysql_error());
@mysql_select_db($db_name) or die(mysql_error());

// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables
$email_address = $_POST['user_email'];
if (!isset($_POST['user_email'])) {
?>
<h2>Generate your Auth Code</h2>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
    <p class="style3"><label for="user_email">Email:</label>
    <input type="text" title="Please enter your email address" name="user_email" size="30"/></p>
    <p class="style3"><label title="Generate Auth Code">&nbsp</label>
    <input type="submit" value="Submit" class="submit-button"/></p>
</form>
<?php
}
elseif (empty($email_address)) {
    echo $empty_fields_message;
}
else {
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
if($status=="OK"){  $query="SELECT username FROM users WHERE user_email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->user_email;// email is stored to a variable
if ($recs == 0) {  echo "<center><font face='Verdana' size='2' color=red><b>No Auth Code</b><br> Sorry Your address is not in our database ."; exit;}
function makeRandomPassword() {
          $salt = "abchefghjkmnpqrstuvwxyz0123456789";
          srand((double)microtime()*1000000);
          $i = 0;
          while ($i <= 7) {
                $num = rand() % 33;
                $tmp = substr($salt, $num, 1);
                $pass = $pass . $tmp;
                $i++;
          }
          return $pass;
    }
    $random_password = makeRandomPassword();
    $db2_password = md5($random_password);

    $sql = mysql_query("UPDATE users SET authcode='$db2_password' WHERE user_email='$email_address'");

    $subject = "Auth Code Verification";
       $message = "
Here is your Auth Code,

       Auth Code: $random_password
       Auth Code: $db2_password

       This is an automated response, please do not reply!";

       mail($email_address, $subject, $message, "From: Auth Server<theslcguy@safe-mail.net.com>");
       echo "Your Auth Code has been sent! <br /> Please check your email! <br /> Also Allow up to 5 minutes to recieve your Code...<br />";
       echo "<br><br>Click <a href='http://auth.site1.com'>here</a> to login";
    }
    else { echo "<center><font face='Verdana' size='2' color=red >$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center></font>";}
   }
?>

 

 

Config.php

 

<?php


session_start(); // Start Session
header('Cache-control: private'); // IE 6 FIX

// always modified
header('Last-Modified: ' . gmdate("D, d M Y H:i:s") . ' GMT');
// HTTP/1.1
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
// HTTP/1.0
header('Pragma: no-cache');

// ---------- LOGIN INFO ---------- //

$config_email = $POST["user_email"];
$config_authcode = $POST["authcode"];

$cookie_name = 'google-ads123123';

$cookie_time = (3600 * 24 * 30); // 30 days

if(!$_SESSION['google-ads123123'])
{
include_once 'autologin.php';
}
?>

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.