Jump to content

PHP Login script not working, need some help.

zhTonic

By zhTonic
in PHP Coding Help

 Share

Recommended Posts

zhTonic Newbie

zhTonic

Posted
Posted

Hey guys,

 

I'm having some trouble with my login script.. I've been trying to integrate it with my VB forum but it will always come up as incorrect login. Any help would be appreciated.

 

<?php
session_start();




if($_SESSION['AUTH_DONATOR'] == true) {
header("Location: index.php"); 
die();
}

include "../config2.php";

$error = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html dir=\"ltr\" lang=\"en\"><head>	<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\" />	<title>LocalMS - Admin Control Panel!</title>	<link rel=\"stylesheet\" href=\"../cpstyles/vBulletin_3_Default/controlpanel.css\" />	<style type=\"text/css\">	#all {		margin: 10px;	}	#all p, #all td, #all li, #all div {		font-size: 11px;		font-family: verdana, arial, helvetica, sans-serif;	}	</style></head><body style=\"margin:0px\"><table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"border:outset 2px\"><tr>	<td width=\"160\"><img src=\"../cpstyles/vBulletin_3_Default/cp_logo.gif\" alt=\"\" title=\"vBulletin 3 ©2000 - 2008 Jelsoft Enterprises Ltd.\" /></td>	<td style=\"padding-left:100px\">		<b>LocalMS Admin Control Panel!</b><br /> Control Panel ©LocalMS		<br />		<b style=\"font-size:10pt;\"></b> </td></tr></table><div id=\"all\"><blockquote><p><form method=post>Forum ID:<br> <input type=text name=name><br>Password:<br> <input type=password name=pass><br>Incorrect Login/Password!<br><input type=submit value='Submit'></form></div>			<table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"padding:4px; border:outset 2px;\">	<tr align=\"center\">	<form action=\"index.php\" method=\"get\"> <input type=\"hidden\" name=\"step\" value=\"1\" />		<td><b></b><br />vBulletin ©2000 - 2008 Jelsoft Enterprises Ltd.</td>		<td></td>	</tr>	</table>	</div><!-- START CONTROL PANEL FOOTER --><p align=\"center\"><a href=\"http://www.vbulletin.com/\" target=\"_blank\" class=\"copyright\">vBulletin v3.6.8, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.</a></p></div></body></html>";
$usr = $_POST['name'];
$pwpost = $_POST['pass'];
$sql = mysql_query("SELECT * FROM mst_user WHERE username='$usr'");
$sqlly = mysql_fetch_array($sql);
$salt = $sqlly["salt"];
$pwd = md5(md5($pwpost . $salt));


if (isset($usr)){

include "../config2.php";
$result = mysql_query( "SELECT * FROM mst_user WHERE username = '$usr' AND password = '$pwd' AND usergroupid = 13 ");
if(mysql_num_rows($result) == 0) {
	$query = mysql_query( "SELECT * FROM mst_user WHERE username = '$usr' AND password = '$pwd' AND usergroupid = 17 ");
		if(mysql_num_rows($query) == 0) {
			$_SESSION['AUTH_DONATOR'] = false;                              
			echo $error;
			die();
		}
		else {                                                   
			$_SESSION['AUTH_DONATOR'] = true;
			$_SESSION['type'] = "Donator";                               
			header("Location: login.php");
			die();
		}
		$_SESSION['AUTH_DONATOR'] = false;                              
		echo $error;
		die();
}                          
else {                                                   
	$_SESSION['AUTH_DONATOR'] = true;   
	$_SESSION['type'] = "Admin";                                
	header("Location: login.php");
	die();
}
}




?>

Link to comment
Share on other sites
zhTonic Newbie

zhTonic

Posted
  • Author
Posted

Your code

if($_SESSION['AUTH_DONATOR'] == true) {
header("Location: index.php"); 
die();
}

 

Surely that should either be "=== true) {"

or  "if (isset($_SESSION['whatever'])){"

 

Maybe that might help

 

Hmm i don't really think that's the issue as this script just derives from my admin panel script which will login just fine..

 

<?php
session_start();




if($_SESSION['AUTH_ADMIN'] == true) {
header("Location: index.php"); 
die();
}




$error = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"><html dir=\"ltr\" lang=\"en\"><head>	<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\" />	<title>LocalMS - Admin Control Panel!</title>	<link rel=\"stylesheet\" href=\"../cpstyles/vBulletin_3_Default/controlpanel.css\" />	<style type=\"text/css\">	#all {		margin: 10px;	}	#all p, #all td, #all li, #all div {		font-size: 11px;		font-family: verdana, arial, helvetica, sans-serif;	}	</style></head><body style=\"margin:0px\"><table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"border:outset 2px\"><tr>	<td width=\"160\"><img src=\"../cpstyles/vBulletin_3_Default/cp_logo.gif\" alt=\"\" title=\"vBulletin 3 ©2000 - 2008 Jelsoft Enterprises Ltd.\" /></td>	<td style=\"padding-left:100px\">		<b>LocalMS Admin Control Panel!</b><br /> Control Panel ©LocalMS		<br />		<b style=\"font-size:10pt;\"></b> </td></tr></table><div id=\"all\"><blockquote><p><form method=post>Forum ID:<br> <input type=text name=name><br>Password:<br> <input type=password name=pass><br>Incorrect Login/Password!<br><input type=submit value='Submit'></form></div>			<table cellpadding=\"4\" cellspacing=\"0\" border=\"0\" width=\"100%\" class=\"navbody\" style=\"padding:4px; border:outset 2px;\">	<tr align=\"center\">	<form action=\"index.php\" method=\"get\"> <input type=\"hidden\" name=\"step\" value=\"1\" />		<td><b></b><br />vBulletin ©2000 - 2008 Jelsoft Enterprises Ltd.</td>		<td></td>	</tr>	</table>	</div><!-- START CONTROL PANEL FOOTER --><p align=\"center\"><a href=\"http://www.vbulletin.com/\" target=\"_blank\" class=\"copyright\">vBulletin v3.6.8, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.</a></p></div></body></html>";
$usr = $_POST['name'];
$pwd = sha1($_POST['pass']);




if (isset($usr)){

include "../config.php";
$result = mysql_query( "SELECT * FROM accounts WHERE name = '$usr' AND password = '$pwd' AND webadmin = '1' ");
if(mysql_num_rows($result) == 0) {
	$query = mysql_query( "SELECT * FROM accounts WHERE name = '$usr' AND password = '$pwd' AND gm = '1' ");
		if(mysql_num_rows($query) == 0) {
			$_SESSION['AUTH_ADMIN'] = false;                              
			echo $error;
			die();
		}
		else {                                                   
			$_SESSION['AUTH_ADMIN'] = true;
			$_SESSION['type'] = "GM";                               
			header("Location: login.php");
			die();
		}
		$_SESSION['AUTH_ADMIN'] = false;                              
		echo $error;
		die();
}                          
else {                                                   
	$_SESSION['AUTH_ADMIN'] = true;   
	$_SESSION['type'] = "Admin";                                
	header("Location: login.php");
	die();
}
}




?>

Link to comment
Share on other sites
zhTonic Newbie

zhTonic

Posted
  • Author
Posted

Looks like i fixed it myself... HOW stupid am i that i didn't notice i was formatting the hash wrong. I just didn't encase the $pwpost variable.

 

 

BEFORE:

$pwd = md5(md5($pwpost . $salt));

 

AFTER:

$pwd = md5(md5($pwpost) . $salt);

 

Thank you mark for the reply anyways.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.