Updating script password & phpbb password

[adt2007]

Hi Folks

 

I have a script someone programmed for me, its like a social networking script, but i have a bit of a problem

 

i use phpbb forums intergrated with it (username, password ect)

 

for some reason, if my users have forgotten their password, they can go to the forget password page... which sends them an email with a NEW password.

 

for some reason, when the php on the forgot password page configures a new password, it only updates the accounts password on the script, not the phpbb password table.

 

when the user logs in, its scripted to log them in at the same time to phpbb, so when that user logs in they get taken to the phpbb incorrect password page (since they requested a new password and it failed to update the phpbb password table)

 

anyway, this is how the forgotten password page works:

 

## UPDATE IN FORUMS

 

mysql_query("UPDATE phpbb_users SET user_password='".md5($new_password)."'

WHERE user_email='".$_POST['email']."'");

 

## UPDATE IN SITE

 

mysql_query("UPDATE site_users SET password='".md5($new_password)."' ");

 

mail("".$_POST['email']."", "Site - Forgot Password","$email_forgot","FROM: contact@Site.com");

 

$error_message = "You have been emailed your new password.";

 

}

 

}

 

}

 

?>

 

any ideas?

[Hypnos]

Seems so reduntant to have two tables with passwords.

 

Your second UPDATE query doesn't have a WHERE clause. But, I don't see anything wrong with your first query...

[adt2007]

Seems so reduntant to have two tables with passwords.

 

Your second UPDATE query doesn't have a WHERE clause. But, I don't see anything wrong with your first query...

 

My programmer screwed me over a long time ago, so that's that i suppose.

 

Any idea how to combine them both?

[redarrow]

this will give u an idear ok.

 

<?php

<table cellpadding=5><tr valign=top class=mes><td align=center>
<fieldset>
<legend style="color: #ffffff; font-family: verdana; font-size: 10pt;"> <b>Forum Setup</b> </legend>
<table width="300" class=mes><tr><td align=center>

<?
if ($mode==''){

//// EDIT THIS LINE ////

$table_prefix = 'phpbb_'; // your phpBB table_prefix (check your phpBB config.php after installation)
////////////////////////

$phpBB_table = 'users';
$tmp=mysql_query("SELECT * FROM ".C_MYSQL_MEMBERS." WHERE status = '7'"); 
while($phpBB=mysql_fetch_array($tmp)) { 
$phpBB_id = ($phpBB['id']);
$phpBB_n = ($phpBB['fname']);
$phpBB_p = md5($phpBB['password']); // use md5 encryption
$phpBB_e = ($phpBB['email']);
$phpBB_reg = ($phpBB['regdate']);
$sql = "INSERT INTO ".$table_prefix.$phpBB_table." (user_id, username, user_level, user_regdate, user_password, user_email, user_icq, user_website, user_occ, user_from, user_interests, user_sig, user_viewemail, user_style, user_aim, user_yim, user_msnm, user_posts, user_attachsig, user_allowsmile, user_allowhtml, user_allowbbcode, user_allow_pm, user_notify_pm, user_allow_viewonline, user_rank, user_avatar, user_lang, user_timezone, user_dateformat, user_actkey, user_newpasswd, user_notify, user_active) VALUES ( '$phpBB_id', '$phpBB_n', 0, '$phpBB_reg', '$phpBB_p', '$phpBB_e', '', '', '', '', '', '', 0, NULL, '', '', '', 0, 0, 1, 0, 1, 0, 1, 1, NULL, '', '', 0, '', '', '', 0, 1)";mysql_query($sql) or die(mysql_error());
}}
echo "Your AzDG members have been added to your phpBB users table.<br><br>";
echo "If you are logged in to the AzDG script,<br><a href=phpBB_setup.php?mode=test_login class=menu>click here</a> to test the forum login.";
if ($mode!=''){
$tmp=mysql_query("SELECT * FROM ".C_MYSQL_MEMBERS." WHERE id= '".$_SESSION["m"]."' LIMIT 1"); 
while($phpBB=mysql_fetch_array($tmp)) {
$phpBB_n = ($phpBB['fname']);
$phpBB_p = ($phpBB['password']);

//// EDIT THIS LINE ////
echo "<form action=\" " method=\"post\" target=\"_blank\">";
////////////////////////

echo "<input type=\"hidden\" name=\"username\" size=\"25\" value=\"$phpBB_n\" maxlength=\"40\">";
echo "<input type=\"hidden\" name=\"password\" size=\"25\" value=\"$phpBB_p\" maxlength=\"32\">";
echo "<input type=\"submit\" name=\"login\" value=\"Test Login\">";
echo "</form>";}
}

?>

</td></tr></table>
</fieldset>
<br>

<br>AzDG & phpBB Intergration Script
</td></tr></table>

[Hypnos]

My programmer screwed me over a long time ago, so that's that i suppose.

 

Any idea how to combine them both?

 

You can do it two ways.

1. Add the extra columns you need to the php_users table.

2. JOIN the two tables for each query, based on userid. Then, the only column to identify the user needs to just be their phpbb_id (no username, password, or email fields needed in the second table).

 

I have phpbb site intergration, and I just added my own columns to the php_users table. Works fine.

 

 

If this is a large site, you might want to to the intergration in baby steps. Like first, convert all authetication to the phpbb table.

[adt2007]

Thanks, redarrow

Although I'm a tad stuck on how to start. Lol.

[Hypnos]

It looks like redarrow's code (which I'm not even sure he understands), goes through an existing table and fills the phpbb_users table with it. Not what you're looking for.

 

You will need to do a migration script of sorts if you use the first method I metioned. Just because you will have to go through the first table, and fill the phpbb_users one with it's values.

[redarrow]

i got this code from azdg oner a friend i posted this code on here many times and they all get it going so what u on about m8.

 

and i do understand the code thank u.

 

the code creates a cody of the users database off the forum and everyone who reg to your site can log to the forum as well.