Deleting User from admin panel

Started by really, September 29, 2014, 11:29:26 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

really

OK now works very well.
Thank you very much.

Tundracanine

#10
you sure when pasting the new password after you changed it to not include .......................................................................................... lol
and its user password not your :P

QuoteSuccess
The account was deleted.
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

really

 Tundracanine, nothing different.Adding new user or reset user password all is working fine.Except Delete user.

really

Whocares, i tried both user password and my password , still nothing change.

Tundracanine

#7
after doing some testing myself
it also needs
require_once (INCL_DIR . 'password_functions.php');
after
require_once (CLASS_DIR . 'class_check.php');
and
$lang['text_success']
to
$lang['text_succes']
to match the existing vars.

looks like include/password_functions.php is in even v1..
and HAS to be the users password not your password aka the one you get when you change it via the admincp.
make sure when you copy paste it you dont add the . at the end too.
This is tested in a real version not some older then sin version but should work fine in that version password hashs has not changed.

Edit: I have done all the changes in this full file..
<?php
/**
 *   https://09source.kicks-ass.net:8443/svn/installer09/
 *   Licence Info: GPL
 *   Copyright (C) 2010 Installer09 v.2
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless,putyn,kidvision.
 **/
if (!defined('IN_INSTALLER09_ADMIN')) {
    
$HTMLOUT '';
    
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
                    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
                    <html xmlns='http://www.w3.org/1999/xhtml'>
                    <head>
                    <title>Error!</title>
                    </head>
                    <body>
            <div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>
            </body></html>"
;
    echo 
$HTMLOUT;
    exit();
}

require_once(
INCL_DIR 'user_functions.php');
require_once(
CLASS_DIR 'class_check.php');
require_once(
INCL_DIR 'password_functions.php');
class_check(UC_MODERATOR);


$lang array_merge($langload_language('ad_delacct'));

if (
$_SERVER["REQUEST_METHOD"] == "POST") {
    
$username trim($_POST["username"]);
    
$password trim($_POST["password"]);
    if (!
$username || !$password)
        
stderr("{$lang['text_error']}""{$lang['text_please']}");
    
    
//    $res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . " AND passhash=md5(concat(secret,concat(" . sqlesc($password) . ",secret)))") or sqlerr(__FILE__, __LINE__);
    //    if (mysqli_num_rows($res) != 1) stderr("{$lang['text_error']}", "{$lang['text_bad']}");
    
    
$res sql_query("SELECT * FROM users WHERE username=" sqlesc($username) . "") or sqlerr(__FILE____LINE__);
    if (
mysql_num_rows() != 1stderr("{$lang['text_error']}""{$lang['text_bad']}");
    
$arr mysql_fetch_assoc($res);
    
$wantpasshash make_passhash($arr['secret'], md5($password));
    if (
$arr['passhash'] != $wantpasshashstderr("{$lang['text_error']}""{$lang['text_bad']}");
    
    
$id $arr['id'];
    
$res sql_query("DELETE FROM users WHERE id=$id") or sqlerr();
    if (
mysql_affected_rows() != 1)
        
stderr("{$lang['text_error']}""{$lang['text_unable']}");
    
    
stderr("{$lang['stderr_success']}""{$lang['text_succes']}");
}

$HTMLOUT "
       <h1>
{$lang['text_delete']}</h1>
       <form method='post' action='staffpanel.php?tool=delacct&amp;action=delacct'>
       <table border='1' cellspacing='0' cellpadding='5'>
         <tr>
           <td class='rowhead'>
{$lang['table_username']}</td>
           <td><input size='40' name='username' /></td>
         </tr>
         <tr>
           <td class='rowhead'>
{$lang['table_password']}</td>
           <td><input type='password' size='40' name='password' /></td>
         </tr>
         <tr>
           <td colspan='2'><input type='submit' class='btn' value='
{$lang['btn_delete']}' /></td>
         </tr>
       </table>
       </form>"
;

echo 
stdhead("{$lang['stdhead_delete']}") . $HTMLOUT stdfoot();
?>
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

whocares

Are you using your password or the user's password?
Unless stated otherwise code is untested

really

using u-232v2 and u-232 nonmemcache version.

still nothing different

Tundracanine

you tried logging into the account trying to delete? this should have worked lol its the same thing thats in like takesignup..
oh this is v2 err i mean v1 lol crazy forgot you have no clue what version you using...:(
changing mysqli_ to mysql_ might work....
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

really


Tundracanine

I think its something to do with the concat line.. looks confusing lol
this should work after all uses the same make_passhash as other things.
replace
$res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username)
                          . "AND passhash=md5(concat(secret,concat(" . sqlesc($password) . ",secret)))")
                          or sqlerr();
    if (mysqli_num_rows($res) != 1) stderr("{$lang['text_error']}", "{$lang['text_bad']}");
    $arr = mysqli_fetch_assoc($res);

with
    $res = sql_query("SELECT * FROM users WHERE username=" . sqlesc($username) . "") or sqlerr(__FILE__, __LINE__);
    if (mysqli_num_rows($res) != 1) stderr("{$lang['text_error']}", "{$lang['text_bad']}");
    $arr = mysqli_fetch_assoc($res);
    $wantpasshash = make_passhash($arr['secret'], md5($password));
    if($arr['passhash']!=$wantpasshash)
    stderr("{$lang['text_error']}", "{$lang['text_bad']}");
If wanting support help please put bare min info like
Os:
U-232 Version:
Php Version:
Tracker type: like xbt or php
Saves on asking more questions just so people can help someone.

really

i cannot delete username from admin panel.while i try to delete user i get a message (Bad user name or password. Please verify that all entered information is correct.)

Please i need help.Thank you very much

delacct.php

Code (php) Select

<?php
/**
 *   https://09source.kicks-ass.net:8443/svn/installer09/
 *   Licence Info: GPL
 *   Copyright (C) 2010 Installer09 v.2
 *   A bittorrent tracker source based on TBDev.net/tbsource/bytemonsoon.
 *   Project Leaders: Mindless,putyn,kidvision.
 **/
if ( ! defined'IN_INSTALLER09_ADMIN' ) )
{
$HTMLOUT='';
$HTMLOUT .= "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>Error!</title>
</head>
<body>
<div style='font-size:33px;color:white;background-color:red;text-align:center;'>Incorrect access<br />You cannot access this file directly.</div>
</body></html>"
;
echo $HTMLOUT;
exit();
}

require_once(
INCL_DIR.'user_functions.php');
require_once(
CLASS_DIR.'class_check.php');
class_check(UC_MODERATOR);


    
$lang array_merge$langload_language('ad_delacct') );
    
    if (
$_SERVER["REQUEST_METHOD"] == "POST")
    {
      
$username trim($_POST["username"]);
      
$password trim($_POST["password"]);
      if (!
$username || !$password)
        
stderr("{$lang['text_error']}""{$lang['text_please']}");
        
      
$res sql_query("SELECT * FROM users WHERE username=" sqlesc($username
                          . 
"AND passhash=md5(concat(secret,concat(" sqlesc($password) . ",secret)))"
                          or 
sqlerr();
      if (
mysql_num_rows($res) != 1)
        
stderr("{$lang['text_error']}""{$lang['text_bad']}");
      
$arr mysql_fetch_assoc($res);

      
$id $arr['id'];
      
$res sql_query("DELETE FROM users WHERE id=$id") or sqlerr();
      if (
mysql_affected_rows() != 1)
        
stderr("{$lang['text_error']}""{$lang['text_unable']}");
        
      
stderr("{$lang['stderr_success']}""{$lang['text_success']}");
    }
    
    
$HTMLOUT "
    <h1>
{$lang['text_delete']}</h1>
    <form method='post' action='staffpanel.php?tool=delacct&amp;action=delacct'>
    <table border='1' cellspacing='0' cellpadding='5'>
      <tr>
        <td class='rowhead'>
{$lang['table_username']}</td>
        <td><input size='40' name='username' /></td>
      </tr>
      <tr>
        <td class='rowhead'>
{$lang['table_password']}</td>
        <td><input type='password' size='40' name='password' /></td>
      </tr>
      <tr>
        <td colspan='2'><input type='submit' class='btn' value='
{$lang['btn_delete']}' /></td>
      </tr>
    </table>
    </form>"
;

    echo 
stdhead("{$lang['stdhead_delete']}") . $HTMLOUT stdfoot();
?>