My login is not working...

Started by Hyperion (noobKID), July 21, 2012, 12:52:24 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Hyperion (noobKID)

#10
EDIT: Project Removed.... [DUMP]

Hyperion (noobKID)

#9
ok, funny...
i have activated my server,get,post, and sessions by a print_r between 2
 tags...

and im getting to showed up:

[HTTP_COOKIE] => ssalpha_uid=166; ssalpha_pass=3762c9182e6eb0b64085a7643a51bed7; PHPSESSID=ldhqt56pam87b5h5mhmenpv3u5


so i think i am logged in... but the funny part is that im not redirected to index.php, and better yet, why in the world does the menu and footer and at last the whole site not change/letting me in?... ideas?...

EDIT: FTP REMOVED, Project Removed :P..
.

Hyperion (noobKID)

okay, thanks... will try and see if i can find it...

will post feedback when/if im finding somfthing, in this way we are getting more knowledge of the problem in case somfthing familliar should happend again ;)...

-tahnks

Mindless

Unless im actually working specifically on that code its a major long shot that i identify whats missed; You need to start flowing through each part using die('Error marker1'); or exit(); through the functions and identify where the failures happening, if everything works up to that point you can isolate the problem area, thats the only way to fix this.

Hyperion (noobKID)

hello again, i did as you said, and still not working...

you can see here: http://speed-scene.com/personal_sites/ssv1/speedscene/login.php

Username: rootKID
password: daniel1

and its still not redirecting me anywhere -.-'...

ideas?...

PS: This is my dbconn function:

Code (php) Select
function dbconn($autoclean = false)
{
global $SS;

if (!@mysql_connect($SS['mysql_host'], $SS['mysql_user'], $SS['mysql_pass']))
{
switch (mysql_errno())
{
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == "GET")
die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
else
die("Too many users. Please press the Refresh button in your browser to retry.");
default:
die("[" . mysql_errno() . "] dbconn: mysql_connect: " . mysql_error());
}
}
mysql_select_db($SS['mysql_db'])
or die('dbconn: mysql_select_db: ' . mysql_error());
//mysql_query("SET NAMES utf8");
mysql_set_charset('utf8');

userlogin();

if ($autoclean)
register_shutdown_function("autoclean");
}



and this is my user_login function:

Code (php) Select
function userlogin() {
global $SS;
unset($GLOBALS["CURUSER"]);

$ip = getip();
$nip = ip2long($ip);

require_once "cache/bans_cache.php";
if(count($bans) > 0)
{
foreach($bans as $k) {
if($nip >= $k['first'] && $nip <= $k['last']) {
header("HTTP/1.0 403 Forbidden");
print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";
exit();
}
}
unset($bans);
}
if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))
return;
$id = 0 + get_mycookie('uid');
if (!$id || strlen( get_mycookie('pass') ) != 32)
return;
$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());
$row = mysql_fetch_assoc($res);
if (!$row)
return;

if (get_mycookie('pass') !== $row["passhash"])
return;
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());
$row['ip'] = $ip;
$GLOBALS["CURUSER"] = $row;
}


ideas?...

Hyperion (noobKID)

ahh...
i see the point now, thanks dude :)...

will test later maybe and see what the heck is wrong with that dbconn, and post feedback dude... thanks alot! :)..

Mindless

#4
Aye

takelogin.php

Code (php) Select
<?php
/**
 *   https://github.com/Bigjoos/
 *   Licence Info: GPL
 *   Copyright (C) 2010 U-232 v.3
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless, putyn.
 **/
require_once(dirname(__FILE__).DIRECTORY_SEPARATOR.'include'.DIRECTORY_SEPARATOR.'bittorrent.php');
require_once(
INCL_DIR.'user_functions.php');
require_once(
INCL_DIR.'password_functions.php');
require_once(
CLASS_DIR.'page_verify.php');
require_once(
CLASS_DIR.'class_browser.php');
dbconn();


So you post username and password and what ever else which is checked and dbconn(); is called.

Code (php) Select
function dbconn($autoclean = false)
{
    global $INSTALLER09;

    if (!@($GLOBALS["___mysqli_ston"] = mysqli_connect($INSTALLER09['mysql_host'],  $INSTALLER09['mysql_user'],  $INSTALLER09['mysql_pass'])))
    {
  switch (((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)))
  {
case 1040:
case 2002:
if ($_SERVER['REQUEST_METHOD'] == "GET")
die("<html><head><meta http-equiv='refresh' content=\"5 $_SERVER[REQUEST_URI]\"></head><body><table border='0' width='100%' height='100%'><tr><td><h3 align='center'>The server load is very high at the moment. Retrying, please wait...</h3></td></tr></table></body></html>");
else
die("Too many users. Please press the Refresh button in your browser to retry.");
        default:
        die("[" . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_errno($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_errno()) ? $___mysqli_res : false)) . "] dbconn: mysql_connect: " . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
      }
    }
    ((bool)mysqli_query($GLOBALS["___mysqli_ston"], "USE {$INSTALLER09['mysql_db']}"))
        or die('dbconn: mysql_select_db: ' . ((is_object($GLOBALS["___mysqli_ston"])) ? mysqli_error($GLOBALS["___mysqli_ston"]) : (($___mysqli_res = mysqli_connect_error()) ? $___mysqli_res : false)));
    userlogin();
    if ($autoclean)
        register_shutdown_function("autoclean");
}


Then dbconn(); is called and runs; Note at the bottom of the dbconn function on line 21 userlogin() is called which then does the job of setting last_access checks cookie ect.

Hyperion (noobKID)

#3
god damn how stupid i was, how could i not see this one comming...

i think i know whats wrong now... i do not have the dbconn function, since i was thinking that it was not needed since i have a global contact with the db... but will try this out later and check to see if its working....

feedback is posted later dude... thanks! :)...

EDIT: just to clarifie, this is my takelogin.php file:

Code (php) Select
<?php
require_once 'include/bittorrent.php';
require_once 
"include/password_functions.php";
echo 
stdhead("Login");

if (!
mkglobal('username:password'))
die();

$lang array_merge(load_language('takelogin'));

$res mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " sqlesc($username) . " AND status = 'confirmed'");
$row mysql_fetch_assoc($res);

if (!
$row)
stderr($lang['tlogin_failed'], 'Username or password incorrect');

if (
$row['passhash'] != make_passhash($row['secret'], md5($password)))
stderr($lang['tlogin_failed'], 'Username or password incorrect');

if (
$row['enabled'] == 'no')
stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);

logincookie($row['id'], $row['passhash']);

header("Location: {$SS['baseurl']}/index.php");

echo 
stdfooter();
?>


and you wish me to call the dbconn function in there?..
and just one question more, i dont see that im calling the functions inside bittorrent.php anywhere... do i need to do that somewhere since you say that the user_login dosent work because its called because of the dbconn?... because as i see inside the codes (as i understands it...) then it does not call the dbconn anywhere inside there, and not even on the other functions...

just to help me clarifie a little... thanks :)...

Mindless

Well whats invoking user_login, that has to be straight after you post from login, Its called by the dconn(); function, once thats run it sets $CURUSER will check cookie then update last_access.

Hyperion (noobKID)

hello (U) People...
i have also posted this on bvlist.com and biggy was answering my questions, but i never finded the solution, so hoping someone in here can help me out.

here is a test of my tracker: http://speed-scene.com/personal_sites/ssv1/speedscene/login.php

and my problem is that im trying to build up a new tracker source, but builded up in the same way as tbdev 09 was.

and my login page does not working, because it loading and all that when i type my username and such into the fields... but never logs me into the website...

just staying on the same site...

here is my Bittorrent.php file..:

Code (php) Select
/*LOGIN FUNCTIONS*/
function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)
{
    set_mycookie( "uid", $id, $expires );
    set_mycookie( "pass", $passhash, $expires );

    if ($updatedb)
        @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE id = $id");
}

function set_mycookie( $name, $value="", $expires_in=0, $sticky=1 )
    {
        global $SS;

        if ( $sticky == 1 )
    {
        $expires = time() + 60*60*24*365;
    }
        else if ( $expires_in )
        {
            $expires = time() + ( $expires_in * 86400 );
        }
        else
        {
            $expires = FALSE;
        }

        $SS['cookie_domain'] = $SS['cookie_domain'] == "" ? ""  : $SS['cookie_domain'];
        $SS['cookie_path']   = $SS['cookie_path']   == "" ? "/" : $SS['cookie_path'];

        if ( PHP_VERSION < 5.2 )
        {
        if ( $SS['cookie_domain'] )
        {
        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'] . '; HttpOnly' );
        }
        else
        {
        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'] );
        }
    }
    else
    {
        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'], NULL, TRUE );
    }
}

function logoutcookie() {
    set_mycookie('uid', '-1');
    set_mycookie('pass', '-1');
}

function loggedinorreturn() {
    global $CURUSER, $SS;
    if (!$CURUSER) 
    {
        header("Location: {$SS['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"]));
        exit();
    }
}

function get_mycookie($name)
{
    global $SS;

        if (isset($_COOKIE[$SS['cookie_prefix'].$name]) AND !empty($_COOKIE[$SS['cookie_prefix'].$name]))
        {
            return urldecode($_COOKIE[$SS['cookie_prefix'].$name]);
        }
        else
        {
            return FALSE;
        }
}

function userlogin() {
global $SS;
unset($GLOBALS["CURUSER"]);

$ip = getip();
$nip = ip2long($ip);

require_once "cache/bans_cache.php";
if(count($bans) > 0)
{
    foreach($bans as $k) {
        if($nip >= $k['first'] && $nip <= $k['last']) {
        header("HTTP/1.0 403 Forbidden");
        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";
        exit();
        }
    }
    unset($bans);
}
if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))
    return;
$id = 0 + get_mycookie('uid');
if (!$id || strlen( get_mycookie('pass') ) != 32)
    return;
$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());
$row = mysql_fetch_assoc($res);
if (!$row)
    return;

if (get_mycookie('pass') !== $row["passhash"])
    return;
mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());
$row['ip'] = $ip;
$GLOBALS["CURUSER"] = $row;
}

function mkglobal($vars) {
if (!is_array($vars))
    $vars = explode(":", $vars);
foreach ($vars as $v) {
    if (isset($_GET[$v]))
        $GLOBALS[$v] = unesc($_GET[$v]);
    elseif (isset($_POST[$v]))
        $GLOBALS[$v] = unesc($_POST[$v]);
    else
        return 0;
}
return 1;
}

function sqlesc($x) {
    return "'".mysql_real_escape_string($x)."'";
}
/*LOGIN FUNCTIONS*/



and here is my login.php file:

Code (php) Select
<?php 
require_once("include/bittorrent.php"); 
echo 
stdhead("Login"); 
?>






<form method="post" action="takelogin.php">
<table class="login_table" align="center" border="1">

<tr>
<td>Username</td>
<td><input type="text" name="username" id="username" size="35" /></td>
</tr>

<tr>
<td>Password</td>
<td><input type="password" name="password" id="password" size="35" /></td>
</tr>

<tr>
<td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td>
</tr>

</table>
</form>





<?php 
echo stdfooter(); 
?>




and here is my takelogin.php:

Code (php) Select
<?php 
require_once 'include/bittorrent.php'
require_once 
"include/password_functions.php"
echo 
stdhead("Login"); 

if (!
mkglobal('username:password')) 
die(); 

$lang array_merge(load_language('takelogin')); 

$res mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " sqlesc($username) . " AND status = 'confirmed'"); 
$row mysql_fetch_assoc($res); 

if (!
$row
stderr($lang['tlogin_failed'], 'Username or password incorrect'); 

if (
$row['passhash'] != make_passhash($row['secret'], md5($password))) 
stderr($lang['tlogin_failed'], 'Username or password incorrect'); 

if (
$row['enabled'] == 'no'
stderr($lang['tlogin_failed'], $lang['tlogin_disabled']); 

logincookie($row['id'], $row['passhash']); 

header("Location: {$SS['baseurl']}/index.php"); 

echo 
stdfooter(); 
?>



and at last, here is my password_functions.php file:

Code (php) Select
<?php 
function mksecret($len=5
    { 
        
$salt ''
         
        for ( 
$i 0$i $len$i++ ) 
        { 
            
$num   rand(33126); 
             
            if ( 
$num == '92' 
            { 
                
$num 93
            } 
             
            
$salt .= chr$num ); 
        } 
         
        return 
$salt
    } 
     


function 
make_passhash_login_key($len=60
    { 
        
$pass mksecret$len ); 
         
        return 
md5($pass); 
    } 
     


function 
make_passhash($salt$md5_once_password
    { 
        return 
md5md5$salt ) . $md5_once_password ); 
    } 
     


function 
make_password() 
    { 
        
$pass ""
         
        
$unique_id     uniqidmt_rand(), TRUE ); 
        
$prefix        mksecret(); 
        
$unique_id .= md5$prefix ); 
         
        
usleepmt_rand(15000,1000000) ); 
         
        
mt_srand( (double)microtime()*1000000 ); 
        
$new_uniqueid uniqidmt_rand(), TRUE ); 
         
        
$final_rand md5$unique_id.$new_uniqueid ); 
         
        
mt_srand(); 
         
        for (
$i 0$i 15$i++) 
        { 
            
$pass .= $final_randmt_rand(031) }; 
        } 
     
        return 
$pass
  } 
     



?>



and i just can't seem to see that there is somfthing missing... but as useally, then it would be better if someone could look over the codes and tell me wrong, hopefully :)...

thanks in advance.
PS: Just ask if more information is needed... :).