cello Posted March 8, 2008 Share Posted March 8, 2008 Guys if anyone can give me a few pointers I would appreciate it. Background....php admin gone AWOL and now site no longer works. The php site has a basic login which use to work with my user/pass but now it does not. I have checked the global.php and this is correct as it connects to the database. When I change the password within this get a sql error, so i know the Db connection is good. It maybe that the authentication does not use the db as the .htpasswd points to a directory that is not there. I have created the path and a new file .htpasswd and put my user name password but still this does not work. I appologise for my lack of basic php knowledge but this is the first time i have looked at php...I do have unix knowledge but puzzled how even the login is supposed to work. Maybe someone can help with basic debug tips. THANKS Quote Link to comment Share on other sites More sharing options...
cello Posted March 8, 2008 Author Share Posted March 8, 2008 Bit more info ....looking at the SQL there are usernames with password hashes but having created the .htpasswd/.htgroup files the hashes are different. How would one reset the password in the SQL?? I have thought of cut pasting the hash from the .htpasswd into the password but dont think it would work. Thanks for your help Quote Link to comment Share on other sites More sharing options...
deadonarrival Posted March 8, 2008 Share Posted March 8, 2008 We can't help debug anything without your source code... Quote Link to comment Share on other sites More sharing options...
cello Posted March 8, 2008 Author Share Posted March 8, 2008 OK but not sure which files you need? Heres the login.php and the admin_user.php which I think adds new users to the secure area. Sorry I,m a php numpty <?php include('lib/global.php'); $ref=$_SERVER['HTTP_REFERER']; $_REQUEST=getReq(array( 'action|opt|none,login,logout|none', 'email|other', 'password|other', 'referer|other||'.$ref)); switch($_REQUEST['action']) { case 'login': $count = $sqlProc->queryCount("SELECT count(*) AS count FROM use r WHERE email = '". addslashes($_REQUEST['email'])."' AND password = PASSWOR D('". addslashes($_REQUEST['password'])."')",'count'); if ($count>0) { # Authenticates OK $_SESSION['user'] = $sqlProc->queryRow("SELECT * FROM us er WHERE email = '". addslashes($_REQUEST['email'])."' AND password = PASSWORD('". addslashes($_REQUEST['password'])."')"); $_SESSION['user']=array_merge($_SESSION['user'], $sqlProc->queryRow("SELECT isadmin,viewprivate F ROM `group` WHERE groupid = ".$_SESSION['user']['groupid'])); $_SESSION['user']['loggedin']='true'; redirect('/index.php'); } break; case 'logout': $_SESSION['user']=array('userid'=>0,'groupid'=>1,'email'=>'','na me'=>'Unregistered User','loggedin'=>'false'); $_SESSION['user']=array_merge($_SESSION['user'], $sqlProc->queryRow("SELECT isadmin,viewprivate FROM `gro up` WHERE groupid = ".$_SESSION['user']['groupid'])); redirect('/index.php'); break; } ?> and admin_user.php .....if I could change my password or reate another user to access the pages behind this would get me out of the krapp <?php include('lib/global.php'); #debug($_REQUEST); $_REQUEST=getReq(array( 'userid|int|-1|-1', 'action|opt|none,update,add|none ', 'referer|other||'.$_SERVER['HTTP _REFERER'], 'name|other', 'email|other', 'password|other', 'groupid|int|1|1')); # debug($_REQUEST); # die(); if($user['isadmin']!='true'){ redirect($_REQUEST['referer']); } # First we check the selected category exists - if not we're at the category hom e (catid -1). $baseDir = './upload/todo'; switch($_REQUEST['action']){ case 'update': $sqlProc->query("UPDATE user SET name = '".addslashes($_REQUEST[ 'name'])."', email = '".addslashes($_REQUEST['email'])."',". ($_REQUEST['password']=='' ? '' : '`password` = password (\''.addslashes($_REQUEST['password']).'\'),') ."groupid = $_REQUEST[groupid] WHERE userid = $_REQUEST[ userid]"); break; case 'add': $sqlProc->query("INSERT INTO user (name,email,password,groupid) VALUES ('".addslashes($_REQUEST['name'])."', '".addslashes($_REQUEST['email'])."', password('".addslashes($_REQUEST['password'])."'), $_REQUEST[groupid])"); break; } # We're this far it means that the category definitely exists. $users = $sqlProc->queryArray("SELECT * FROM user"); $groups = $sqlProc->queryArray("SELECT groupid,name FROM `group`",MYSQL_ASSOC,'g roupid','name'); # debug($groups); function selectHTML($name,$options,$value='',$nullValue='') { $html='<select name="'.h($name).'">'."\n"; if($nullValue!='') $html.='<option value="">'.$nullValue.'</option>'."\n"; while (list($optVal,$optName)=each($options)) { $html.='<option'; if ($optVal!=$optName) $html.= ' value="'.h($optVal).'"'; if ($optVal==$value) $html.=' selected'; $html.='>'.h($optName).'</option>'."\n"; } $html.='</select>'."\n"; return $html; } ?> Thks for helping Quote Link to comment Share on other sites More sharing options...
cello Posted March 8, 2008 Author Share Posted March 8, 2008 Can anyone help me to determine why my login attempts are failing, I have not changed my user/pass and unable to figure out how to add a new username without getting www access to the site to run the script which is supposed to add new user accounts. I have checked the /var/html/error_log and nothing so dont even know if its a user acct prob or another issue. This is driving me FFFFFFF crazy !!! Thks for helping Quote Link to comment Share on other sites More sharing options...
deadonarrival Posted March 8, 2008 Share Posted March 8, 2008 Your usernames appear to be stored in a mysql table named "user" <?php $sqlProc->query("INSERT INTO user (name,email,password,groupid) VALUES ('".addslashes($_REQUEST['name'])."', '".addslashes($_REQUEST['email'])."', password('".addslashes($_REQUEST['password'])."'), $_REQUEST[groupid])"); ?> Go to phpmyadmin (if you have it) and just run the query INSERT INTO user (name,email,password,groupid) VALUES ('YOUR_USER_NAME','YOUR_EMAIL_ADDRESS',password(YOUR_PASSWORD)','GROUP_ID"); Replace YOUR_USER_NAME YOUR_EMAIL_ADDRESS YOUR_PASSWORD with your username, email and password (amazingly) You'll also need to look at a table (probably called group) and see which group_id corresponds to the group you want to be part of (probably "admins" or similar.) Quote Link to comment Share on other sites More sharing options...
MikeL Posted March 8, 2008 Share Posted March 8, 2008 I could use a job as a php admin right now Quote Link to comment Share on other sites More sharing options...
cello Posted March 8, 2008 Author Share Posted March 8, 2008 Hi Ran code as suggested and yes I see the new account being added but A) the password is in cleartext B) Group showing as 0 not a member of admin group. Also on trying to logon with those details it does not allow me in. Could be a group issue ie not a meber of the right group or could be a problem which affects all logins. Can you suggest anything else to help debug the problem please. Thks Quote Link to comment Share on other sites More sharing options...
cello Posted March 8, 2008 Author Share Posted March 8, 2008 More info changed groupid for new account, so in admin group but still no luck at login . Can i ask a question what relevence is this file .htaccess to the login procedure... AuthUserFile /home/virtual/site58/fst/var/www/.htpasswd AuthGroupFile /home/virtual/site58/fst/var/www/.htgroup AuthName "Admin Area" AuthType Basic <Limit GET> require group SiteAdmins The two .ht files were accidently deleted by myself as I was clearing up the site......stupid I know. So I have recreated the paths and the two files and added via htpasswd my original account name and password. Also added my account to the SiteAdmins group. The new account I added using your query did not get appended to these files though???? Yours very Confused ...thks for helping I do appreciate it Quote Link to comment Share on other sites More sharing options...
deadonarrival Posted March 8, 2008 Share Posted March 8, 2008 That's because those files aren't to do with mySQL - I was just updating the sql with your new info And did you leave password(YOUR_PASSWORD) or did you change it to just YOUR_PASSWORD ... the password() function is required there. Quote Link to comment Share on other sites More sharing options...
cello Posted March 9, 2008 Author Share Posted March 9, 2008 Hi Again thks for your help but still wrestling with password setting. it appears that only this line works... INSERT INTO user (name,email,password,groupid) VALUES ('YOUR_USER_NAME','YOUR_EMAIL_ADDRESS','(YOUR_PASSWORD)','GROUP_ID)'; note syntax difference from your suggestion INSERT INTO user (name,email,password,groupid) VALUES ('YOUR_USER_NAME','YOUR_EMAIL_ADDRESS',password(YOUR_PASSWORD)','GROUP_ID"); The password is still in cleartext and I cant figure the correct syntax out Mysql v4.1. Tried cmd line mysql and that too gives me grief ARGHHHHHH Quote Link to comment Share on other sites More sharing options...
cello Posted March 9, 2008 Author Share Posted March 9, 2008 :) :) :) :) :) :) :) YOU BEAUTY !!!! GET the syntax right and yippeee. The hash was a lot longer then usual but the login works fine THANKS YOu ROCK... Maybe you can advise on the next problem. When uploading images to the secure area (not porn) I see the image initially then when I select to add it to the db i just get the unlinked img symbol. The error log says [sun Mar 09 00:58:28 2008] [error] [client x.x.x.x] chmod: changing permiss ions of `./upload/todo/cat_211_pub': Operation not permitted, referer: http://ww w.domain.co.uk/galleries.php?catid=383.. Heres the code ?php include('lib/global.php'); include('lib/graphics.php'); $_REQUEST=getReq(array( 'catid|int|-1|-1', 'action|opt|none,upload,confirm| none', 'referer|other||'.$_SERVER['HTTP _REFERER'], 'name|other', 'public|opt|false,true|true')); if($user['isadmin']!='true'){ redirect($_REQUEST['referer']); } # First we check the selected pic exists $catid=$_REQUEST['catid']; $count=$sqlProc->queryCount("SELECT count(*) AS count FROM pix_cat WHERE catid = $catid",'count'); if($catid==-1) $count = 1; if ($count<1 or $_REQUEST['action']=='none') redirect($_REQUEST['referer']);case 'upload': if(isset($_FILES['photofile'])){ $_REQUEST['name'] = $_FILES['photofile']['name']; $det = getimagesize($_FILES['photofile']['tmp_name']); if($det[2]==2){ $src = imagecreatefromjpeg($_FILES['photofile'][ 'tmp_name']); $mask = imagecreatefrompng('./images/masks/photo _but.png'); if($_REQUEST['public']!='true'){ copy($_FILES['photofile']['tmp_name'],'. /images/temp/pic.jpg'); } else { $im = resizeTo($src,700); $width = imagesx($im); $height = imagesy($im); addBorders($im,$mask); # addWatermark($im,$mask); imagejpeg($im,'./images/temp/pic.jpg',85 ); imagedestroy($im); } $thb = resizeTo($src,200); $th_width = imagesx($thb); $th_height = imagesy($thb); imagedestroy($src); addBorders($thb,$mask); # addWatermark($thb,$mask); imagejpeg($thb,'./images/temp/thumb.jpg',75); imagedestroy($thb); unlink($_FILES['photofile']['tmp_name']); } else $_REQUEST['action'] = 'problem'; } else $_REQUEST['action'] = 'problem'; break; case 'confirm': $det = getimagesize('images/temp/pic.jpg'); $width = $det[0]; $height = $det[1]; $det = getimagesize('images/temp/thumb.jpg'); $th_width = $det[0]; $th_height = $det[1]; $sqlProc->query("INSERT INTO pix_index (catid, timestamp, public , name, width, height, th_width, th_height) VALUES ($catid, UNIX_TIMESTAMP(), '$_REQUEST[public]', '$_REQUE ST[name]', $width, $height, $th_width, $th_height)"); $picId = mysql_insert_id($sqlProc->connection); copy('images/temp/thumb.jpg',"images/gallery/thumb_$picId.jpg"); copy('images/temp/pic.jpg',"images/gallery/pic_$picId.jpg"); redirect($_REQUEST['referer']); break; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.