Need help BADLY with custom user login script

  Post new topicReply to topicPrintable Version
<< View previous topic View next topic >>
Share: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
#1   Need help BADLY with custom user login script
tactixs
CZ Newbie
tactixs has been a member for over 19 year's 19 Year Member
Gender: Male
Status: Offline
Joined: Apr 27, 2005
0.00 posts per day
Posts: 2
Points: 194
   
Hello everyone,
I've decide to post here and ask for help as i really am stuck with a problem regarding a script i have tried to customize but i have not been able to succeed

yet.
I'm in no way really skilled with php coding as i started looking at it about 2 months ago so help is really appreciated.

Here's my issue:

With the help of a visual basic developper i have created an client side application that users can use to register to my nuke 7.6.2.0.9 site. The application

also works for the login procedure.

Based on this i will make the registering and login blocks invisible and forward them to download the app in order to reg-login.

The original nuke script has been modified to work with the app and works well with the registering procedure but it does not work properly with the login

procedure and i cand find why it wont work or how to make it work properly.
Following is the original "login" function in nuke 7.6.2.0.9


/* function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {
    global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;
    @include("config.php");
    $sql = "SELECT user_password, user_id, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax FROM ".$user_prefix."_users WHERE

username='$username'";
    $result = $db->sql_query($sql);
    $setinfo = $db->sql_fetchrow($result);
    $forward = ereg_replace("redirect=", "", "$redirect");
    if (ereg("privmsg", $forward)) {
        $pm_login = "active";
    }
    if (($db->sql_numrows($result)==1) AND ($setinfo[user_id] != 1) AND ($setinfo[user_password] != "")) {
   $dbpass=$setinfo[user_password];
   $non_crypt_pass = $user_password;
     $old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
   $new_pass = md5($user_password);
   if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
       $db->sql_query("UPDATE ".$user_prefix."_users SET user_password='$new_pass' WHERE username='$username'");
       $sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$username'";
       $result = $db->sql_query($sql);
       $row = $db->sql_fetchrow($result);
       $dbpass = $row[user_password];
   }
   if ($dbpass != $new_pass) {
            Header("Location: modules.php?name=$module_name&stop=1");
           return;
   }
   $datekey = date("F j");
   $rcode = hexdec(md5($_SERVER[HTTP_USER_AGENT] . $sitekey . $random_num . $datekey));
   $code = substr($rcode, 2, 6);
   if (extension_loaded("gd") AND $code != $gfx_check AND ($gfx_chk == 2 OR $gfx_chk == 4 OR $gfx_chk == 5 OR $gfx_chk == 7)) {
       Header("Location: modules.php?name=$module_name&stop=1");
       die();
   } else {
       docookie($setinfo[user_id], $username, $new_pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore],

$setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
       $uname = $_SERVER["REMOTE_ADDR"];
       $db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
          $db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");
   }
   if ($pm_login != "") {
            Header("Location: modules.php?name=Private_Messages&file=index&folder=inbox");
       exit;
   }
        if ($redirect == "" ) {
            Header("Location: modules.php?name=Your_Account&op=userinfo&bypass=1&username=$username");
        } else if ($mode == "") {
            Header("Location: forums.html&file=$forward");
        } else if ($t !="")  {
            Header("Location: forums.html&file=$forward&mode=$mode&t=$t");
        } else {
            Header("Location: forums.html&file=$forward&mode=$mode&f=$f");
   }
    } else {
   Header("Location: modules.php?name=$module_name&stop=1");
    }
} */


next is my the custom "login" script which i have edited but does not work properly.

/* function login($username, $user_password, $guid) {
    global $setinfo, $user_prefix, $db, $module_name, $pm_login, $prefix;
    @include("config.php");
    $rc4 = new rc4crypt();
    $rc4key = "xxxxx";
    $username = $rc4->decrypt($rc4key, $username);
    $user_password = $rc4->decrypt($rc4key, $user_password);
    $guid = $rc4->decrypt($rc4key, $guid);
    $sql = "SELECT user_password, user_id, storynum, umode, uorder, thold, noscore, ublockon, theme, commentmax FROM ".$user_prefix."_users WHERE

username='$username'";
    $result = $db->sql_query($sql);
    $setinfo = $db->sql_fetchrow($result);

   if ($guid != $setinfo[guid]) {
            Header("Location: index.html");
           return;
   }

   if ($db->sql_numrows($db->sql_query("SELECT guid FROM ".$user_prefix."_banned_guid WHERE guid='$guid'")) > 0) {
            Header("Location: index.html");
           return;
   }


    if (($db->sql_numrows($result)==1) AND ($setinfo[user_id] != 1) AND ($setinfo[user_password] != "")) {
   $dbpass=$setinfo[user_password];
   $non_crypt_pass = $user_password;
     $old_crypt_pass = crypt($user_password,substr($dbpass,0,2));
   $new_pass = md5($user_password);

   //update password if outdated
   if (($dbpass == $non_crypt_pass) OR ($dbpass == $old_crypt_pass)) {
       $db->sql_query("UPDATE ".$user_prefix."_users SET user_password='$new_pass' WHERE username='$username'");
       $sql = "SELECT user_password FROM ".$user_prefix."_users WHERE username='$username'";
       $result = $db->sql_query($sql);
       $row = $db->sql_fetchrow($result);
       $dbpass = $row[user_password];
   }

   //invalid password
   if ($dbpass != $new_pass) {
            Header("Location: index.html");
           return;
   }

       docookie($setinfo[user_id], $username, $new_pass, $setinfo[storynum], $setinfo[umode], $setinfo[uorder], $setinfo[thold], $setinfo[noscore],

$setinfo[ublockon], $setinfo[theme], $setinfo[commentmax]);
       $uname = $_SERVER["REMOTE_ADDR"];
       $db->sql_query("DELETE FROM ".$prefix."_session WHERE uname='$uname' AND guest='1'");
          $db->sql_query("UPDATE ".$prefix."_users SET last_ip='$uname' WHERE username='$username'");
       Header("Location: index.html");



    } else {
   Header("Location: index.html");
    }
} */


When the app displays the login form, user enter his user name and password into textbox and click login button. The app will collect information and

encrypt all variables with RC4. After that, it will generate HTML file with these variables and use IE to browse it.
This is HTML file that app generated:

/* <HTML>

<HEAD>

<script language ="javascr~ipt">

            function submitForm(f)

            {

                        f.submit();

            }

</scr~ipt>

</HEAD>

<BODY OnLoad="submitForm(document.formname)">

<form name="formname" action="http://www.domain.com/modules.php?name=Your_Account&op=login" method=POST target="_blank">

<input type="hidden" name="username" value="4X%09%9C%CB%B7%21%A9%FBg"/>

<input type="hidden" name="user_password" value="4X%09%9C%CB%B7%21%A9%FBg"/>

<input type="hidden" name="guid" value="%09%0FM%AF%E4%EBu%99%AA%2F3i"/>

</DIV>

</BODY>

</HTML>*/


So what is wrong with my login script? If u can, plz help me out as i start to get grey hairs trying to fix it but i cant since i dont have enough knowledge of

php.


Back to top Reply with quote
Display posts from previous:      
Add To: Del.icio.us  Digg  Google  Spurl  Blink  Furl  Y! MyWeb  
<< View previous topic View next topic >>
Post new topicReply to topic

Jump to 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum