zhTonic Posted March 9, 2008 Share Posted March 9, 2008 Hey guys, I'm having some trouble with my login script.. I've been trying to integrate it with my VB forum but it will always come up as incorrect login. Any help would be appreciated. <?php session_start(); if($_SESSION['AUTH_DONATOR'] == true) { header("Location: index.php"); die(); } include "../config2.php"; $error = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html dir=\"ltr\" lang=\"en\"><head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\" /> <title>LocalMS - Admin Control Panel!</title> <link rel=\"stylesheet\" href=\"../cpstyles/vBulletin_3_Default/controlpanel.css\" /> <style type=\"text/css\"> #all { margin: 10px; } #all p, #all td, #all li, #all div { font-size: 11px; font-family: verdana, arial, helvetica, sans-serif; } </style></head><body style=\"margin:0px\"><table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"border:outset 2px\"><tr> <td width=\"160\"><img src=\"../cpstyles/vBulletin_3_Default/cp_logo.gif\" alt=\"\" title=\"vBulletin 3 ©2000 - 2008 Jelsoft Enterprises Ltd.\" /></td> <td style=\"padding-left:100px\"> <b>LocalMS Admin Control Panel!</b><br /> Control Panel ©LocalMS <br /> <b style=\"font-size:10pt;\"></b> </td></tr></table><div id=\"all\"><blockquote><p><form method=post>Forum ID:<br> <input type=text name=name><br>Password:<br> <input type=password name=pass><br>Incorrect Login/Password!<br><input type=submit value='Submit'></form></div> <table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"padding:4px; border:outset 2px;\"> <tr align=\"center\"> <form action=\"index.php\" method=\"get\"> <input type=\"hidden\" name=\"step\" value=\"1\" /> <td><b></b><br />vBulletin ©2000 - 2008 Jelsoft Enterprises Ltd.</td> <td></td> </tr> </table> </div><!-- START CONTROL PANEL FOOTER --><p align=\"center\"><a href=\"http://www.vbulletin.com/\" target=\"_blank\" class=\"copyright\">vBulletin v3.6.8, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.</a></p></div></body></html>"; $usr = $_POST['name']; $pwpost = $_POST['pass']; $sql = mysql_query("SELECT * FROM mst_user WHERE username='$usr'"); $sqlly = mysql_fetch_array($sql); $salt = $sqlly["salt"]; $pwd = md5(md5($pwpost . $salt)); if (isset($usr)){ include "../config2.php"; $result = mysql_query( "SELECT * FROM mst_user WHERE username = '$usr' AND password = '$pwd' AND usergroupid = 13 "); if(mysql_num_rows($result) == 0) { $query = mysql_query( "SELECT * FROM mst_user WHERE username = '$usr' AND password = '$pwd' AND usergroupid = 17 "); if(mysql_num_rows($query) == 0) { $_SESSION['AUTH_DONATOR'] = false; echo $error; die(); } else { $_SESSION['AUTH_DONATOR'] = true; $_SESSION['type'] = "Donator"; header("Location: login.php"); die(); } $_SESSION['AUTH_DONATOR'] = false; echo $error; die(); } else { $_SESSION['AUTH_DONATOR'] = true; $_SESSION['type'] = "Admin"; header("Location: login.php"); die(); } } ?> Quote Link to comment Share on other sites More sharing options...
marklarah Posted March 9, 2008 Share Posted March 9, 2008 Your code if($_SESSION['AUTH_DONATOR'] == true) { header("Location: index.php"); die(); } Surely that should either be "=== true) {" or "if (isset($_SESSION['whatever'])){" Maybe that might help Quote Link to comment Share on other sites More sharing options...
zhTonic Posted March 9, 2008 Author Share Posted March 9, 2008 Your code if($_SESSION['AUTH_DONATOR'] == true) { header("Location: index.php"); die(); } Surely that should either be "=== true) {" or "if (isset($_SESSION['whatever'])){" Maybe that might help Hmm i don't really think that's the issue as this script just derives from my admin panel script which will login just fine.. <?php session_start(); if($_SESSION['AUTH_ADMIN'] == true) { header("Location: index.php"); die(); } $error = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html dir=\"ltr\" lang=\"en\"><head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\" /> <title>LocalMS - Admin Control Panel!</title> <link rel=\"stylesheet\" href=\"../cpstyles/vBulletin_3_Default/controlpanel.css\" /> <style type=\"text/css\"> #all { margin: 10px; } #all p, #all td, #all li, #all div { font-size: 11px; font-family: verdana, arial, helvetica, sans-serif; } </style></head><body style=\"margin:0px\"><table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"border:outset 2px\"><tr> <td width=\"160\"><img src=\"../cpstyles/vBulletin_3_Default/cp_logo.gif\" alt=\"\" title=\"vBulletin 3 ©2000 - 2008 Jelsoft Enterprises Ltd.\" /></td> <td style=\"padding-left:100px\"> <b>LocalMS Admin Control Panel!</b><br /> Control Panel ©LocalMS <br /> <b style=\"font-size:10pt;\"></b> </td></tr></table><div id=\"all\"><blockquote><p><form method=post>Forum ID:<br> <input type=text name=name><br>Password:<br> <input type=password name=pass><br>Incorrect Login/Password!<br><input type=submit value='Submit'></form></div> <table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"padding:4px; border:outset 2px;\"> <tr align=\"center\"> <form action=\"index.php\" method=\"get\"> <input type=\"hidden\" name=\"step\" value=\"1\" /> <td><b></b><br />vBulletin ©2000 - 2008 Jelsoft Enterprises Ltd.</td> <td></td> </tr> </table> </div><!-- START CONTROL PANEL FOOTER --><p align=\"center\"><a href=\"http://www.vbulletin.com/\" target=\"_blank\" class=\"copyright\">vBulletin v3.6.8, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.</a></p></div></body></html>"; $usr = $_POST['name']; $pwd = sha1($_POST['pass']); if (isset($usr)){ include "../config.php"; $result = mysql_query( "SELECT * FROM accounts WHERE name = '$usr' AND password = '$pwd' AND webadmin = '1' "); if(mysql_num_rows($result) == 0) { $query = mysql_query( "SELECT * FROM accounts WHERE name = '$usr' AND password = '$pwd' AND gm = '1' "); if(mysql_num_rows($query) == 0) { $_SESSION['AUTH_ADMIN'] = false; echo $error; die(); } else { $_SESSION['AUTH_ADMIN'] = true; $_SESSION['type'] = "GM"; header("Location: login.php"); die(); } $_SESSION['AUTH_ADMIN'] = false; echo $error; die(); } else { $_SESSION['AUTH_ADMIN'] = true; $_SESSION['type'] = "Admin"; header("Location: login.php"); die(); } } ?> Quote Link to comment Share on other sites More sharing options...
zhTonic Posted March 10, 2008 Author Share Posted March 10, 2008 Looks like i fixed it myself... HOW stupid am i that i didn't notice i was formatting the hash wrong. I just didn't encase the $pwpost variable. BEFORE: $pwd = md5(md5($pwpost . $salt)); AFTER: $pwd = md5(md5($pwpost) . $salt); Thank you mark for the reply anyways. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.