17 replies to this topic

[Spyder]

As you can see at my site idarkness.co.uk/index.php i have a working php page but right now I have an example built in of where I would like to use my phpbb users Username if they are logged in or use guest, then type when they last visited and their new messages.

I could dp this from my own password thing easy but I don't know about phpbb and need help.

[halobreak]

Just look at the php index page code. It should check for either a session or a cookie. Copy that code, place it in your site. Add the text and the variables. It'll have the last visited and pms as well, so it wouldnt be hard to do

[rc69]

Actually halo, phpBB's code is far more complicated then that. He'd have to copy about 4 pages worth of stuff to get it fully working.

My first suggestion would be to download a phpBB portal, or take a look at my phpBB login tutorial (which is conveniently loccated in the tutorial database here) to get you started

[halobreak]

Sorry, I wasn't aware of that. I'm used to working with smaller scripts like XMB or the like

[Spyder]

rc69 I am using ur script but i have only edited the mysql info but it appears with an error saying: Parse error: parse error, unexpected $ in /home/pixels/public_html/idarkness/login.php on line 44

heres the code for login.php

<?php
if(!$_POST['submit']){
  
}else{
  die("Hacking attempt");
$db_host = 'localhost'; 
$db_user = '***********'; 
$db_password = '**********'; 
$db_name = '************'; 
@mysql_connect($db_host,$db_user,$db_password) or die("Unable to connect to database on line <b>".__LINE__."</b> in <b>".__FILE__."</b>");
@mysql_select_db($db_name) or die("Unable to select to database on line <b>".__LINE__."</b> in <b>".__FILE__."</b>");
$name = trim($_POST['username']);
$password = md5(trim($_POST['user_pass']));
if(!$name || !$password){
    die("You need to enter both a username and password before continuing.");
}
$result = mysql_query("SELECT * FROM phpbb_users WHERE user_id != -1 AND username = '$name' LIMIT 1");

while($r=mysql_fetch_assoc($result)){
    if(($r['username'] == $name) && ($r['user_password'] == $password) && ($r['user_active'])){
        session_name("sid");
            session_start();
                $s_name = session_name();
               $s_id = session_id();
        $_SESSION['username'] = $name;
          $user_id = $r['user_id'];
           $cur_time = time();
            $user_ip = md5(uniqid($_SERVER['REMOTE_ADDR']));
    }elseif(!$r['user_active']){
             die("Sorry, but you must be activated before you can login");
    }else{
          die("Invalid username or password.  Please try again.");
    }
}

if(empty($_SESSION['username'])){
    die("Username was not set, please try again or contact the site admin.");
}
mysql_query("INSERT INTO phpbb_sessions(session_id, session_user_id, session_start, session_time, session_ip, session_logged_in)
VALUES ('$s_id', '$user_id', '$cur_time', '$cur_time', '$user_ip', '1')");
mysql_close();
echo "You are now logged in as ".$_SESSION['username']."<br>
<a href=/index.php?".$s_name."=".$s_id.">Return Home</a>.";
?>

and also u may want to edit your tut as the login when you hit submit says hacking attempt because you forgot an else command when bringing up die so you told it if you hit submit then to die not if you hit submit echo"" }else{ die

Edited by Stu, 11 November 2005 - 02:55 PM.

[Stu]

actually mate, it is

if(!$_POST['submit']){
die("Hacking attempt");
}

which means if someone has not hit the Submit button (as the !$_POST['submit'] suggests) then it is a hacking attempt.

in doing this:

if(!$_POST['submit']){
 
}else{
 die("Hacking attempt");
$db_host = 'localhost';
$db_user = '******'; 
...................

you are basically killing the script before it starts with the die("Hacking Attempt")

did his script work ok WITHOUT your edits? or was it your edits that gave you the parse error?

also, with regards to fixing your error, it would be useful if you posted the line the error has occurred from so we dont have to count them all to see whats happening on line 44.

and i dont know if the password and user name for your DB (which i hashed out for you) were the actual ones you have, but if they were, please dont do that again, for your OWN security.

[Spyder]

phew i forgot, when you use ur script stu when u hit the button it comes up with hacking attempt

try 4 urself: http://idarkness.co.uk/index.php

Edited by spyder, 11 November 2005 - 03:03 PM.

[Stu]

its not my script.

<?php
if(!$_POST['submit']){
die("Hacking attempt");
}

$db_host = 'localhost';
$db_user = '***********';
$db_password = '**********';
$db_name = '************';
@mysql_connect($db_host,$db_user,$db_password) or die("Unable to connect to database on line <b>".__LINE__."</b> in <b>".__FILE__."</b>");
@mysql_select_db($db_name) or die("Unable to select to database on line <b>".__LINE__."</b> in <b>".__FILE__."</b>");
$name = trim($_POST['username']);
$password = md5(trim($_POST['user_pass']));
if(!$name || !$password){
   die("You need to enter both a username and password before continuing.");
}
$result = mysql_query("SELECT * FROM phpbb_users WHERE user_id != -1 AND username = '$name' LIMIT 1");

while($r=mysql_fetch_assoc($result)){
   if(($r['username'] == $name) && ($r['user_password'] == $password) && ($r['user_active'])){
       session_name("sid");
           session_start();
               $s_name = session_name();
              $s_id = session_id();
       $_SESSION['username'] = $name;
         $user_id = $r['user_id'];
          $cur_time = time();
           $user_ip = md5(uniqid($_SERVER['REMOTE_ADDR']));
   }elseif(!$r['user_active']){
            die("Sorry, but you must be activated before you can login");
   }else{
         die("Invalid username or password.  Please try again.");
   }
}

if(empty($_SESSION['username'])){
   die("Username was not set, please try again or contact the site admin.");
}
mysql_query("INSERT INTO phpbb_sessions(session_id, session_user_id, session_start, session_time, session_ip, session_logged_in)
VALUES ('$s_id', '$user_id', '$cur_time', '$cur_time', '$user_ip', '1')");
mysql_close();
echo "You are now logged in as ".$_SESSION['username']."<br>
<a href=/index.php?".$s_name."=".$s_id.">Return Home</a>.";
?>

try that...

[Spyder]

still says hacking attempt when u hit submit.

[Spyder]

heres the form: <form method=POST action="login.php">
<input type="text" name="username" value="username" onFocus="select"();"><br>
<input type="password" name="user_pass" value="password" onFocus="select();"><br>
<input type="submit" name="submit value="login">
</form>

but when you view the site the button says submit query which is weird becuase i never told it 2

Edited by spyder, 11 November 2005 - 03:44 PM.

[Stu]

[quote name='spyder' date='Nov 11 2005, 08:43 PM']heres the form: <form method=POST action="login.php">
<input type="text" name="username" value="username" onFocus="select"();"><br>
<input type="password" name="user_pass" value="password" onFocus="select();"><br>
<input type="submit" name="submit value="login">
</form>

but when you view the site the button says submit query which is weird becuase i never told it 2[/quote]
well i dont know about the whole submit query thing... but you have missed out a " somewhere...

[Spyder]

where?

[Stu]

just ocmpare the one you posted to the one you previously posted?

<input type="submit" name="submit" value="login">

it was on that line.

[Spyder]

WOOHOO thnx works now!

Edited by spyder, 11 November 2005 - 05:18 PM.

[rc69]

Stu, on Nov 11 2005, 02:47 PM, said:

well i dont know about the whole submit query thing... but you have missed out a " somewhere...

Basically going with stu on everything he's said so far, and i'm glad to see he got things working for you.

But basically, "Submit Query" is the default value to display on a submit button when none is specified. I believe the same concept goes for reset buttons also.

[Spyder]

kk, i am learning and can do some php but i come across alot of mistakes.

[Stu]

we all do, dont worry glad everything is sorted out now.

[Spyder]

thnx guys.