Ok....I found that there is alot of demand saying that they want a non-vb login hack (including me). So meaning it will integrate vb's usernames and passwords with non-vb website. So that people access parts(other than the vbb) of a website using there login and pass.
So I will launch this hack soon but I stumbled upon a problem which I can't solve...
ok here is my code(attached below)..What I'm making is that If the action is a login then it would verify for pass and username. Put when I test this and type a fake pass and username it would not show the website where is says wrong pass or wrong username. If I type the right pass and username it would forward me to the topsecret website. There is no error showing except a 404 error saying that THIS(the file that this code is in) code is not found.(i'm darn sure its there because when u type the right pass word is will forward u to the right spot) I know that there is somthing wrong with the eval statements below...so can some one point it out...
help would be appreciated and thanks in advance.


// ############################### start login ###############################
if ($action=="login") {
include("./global.php");
if (isset($username)) {
// get userid for given username
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) {
if ($user[password]!=$password) { // check password
eval (header("Location: http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php"));
exit;
}
$userid=$user[userid];
} else { // invalid username entered
eval (header("Location: http://www.YourHostName.com/chat_forums/forums/InncorrectUsername.php"));
exit;
}

if ($user['cookieuser']==1) {
vbsetcookie("bbuserid",$user['userid']);
vbsetcookie("bbpassword",md5($user['password']));
}

$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");

$session['sessionhash']=md5(uniqid(microtime()));
$session['dbsessionhash']=$session['sessionhash'];
$DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,st yleid) VALUES ('".addslashes($session['sessionhash'])."','$userid','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')");
vbsetcookie("sessionhash",$session['sessionhash'],0);
$username = $user['username'];
}

$url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url);
$url=ereg_replace("\\?sessionhash=[a-z0-9]{32}","",$url);
$url=ereg_replace("s=[a-z0-9]{32}&","",$url);
$url=ereg_replace("\\?s=[a-z0-9]{32}","",$url);

if ($url!="" and $url!="index.php" and $url!=$HTTP_REFERER) {

if (strpos($url,"?")>0) {
$url.="&s=$session[dbsessionhash]";
} else {
$url.="?s=$session[dbsessionhash]";
}
//header("Location: $url");

$url = str_replace("\"", "", $url);
eval("standardredirect(\"".gettemplate("redirect_login")."\",\"$url\");");
} else {
$bbuserinfo=getuserinfo($userid);
header("Location: http://www.YourHostName.com/chat_forums/forums/topsecret.php");
}

}


btw: This is part of a code so don't worry about <?php...
Once I finish this hopfully I will launch the hack
Thank you

I never seen such a big bunch of losers ever. You guys have no spirit of helping each other.....all you want is hacks that you wait for....The problem has a simpile solution that I can't solve because simply its my first time coding php....so why not take a minute a post something for gods sakes...

btw thanks to all the ppl who accutly do something...I know you might not have time to see all the post regarding help....

Dude, for lack of a better term, f--- off! It's been 7 hours since your first post. Do you know how many people only visit once every 24 hours or longer? The polite thing to do is bump after 24 hours. You're sure not going to get any help calling us losers.

Have you looked at these forums at all? Have you seen how many requests have been answered and people helped in the other areas (questions, installation, etc.)? Give it a rest.

I must agree with tubedogg when he told you to f*ck off!
You are the loser, cause not only you can't solve your problem, but you can't be patient like everyone else and wait for your damn reply.

Well congratulations, cause now the "losers" will sure help you out!

lol kids

after 7 hours there was 50 views and not a single post...plus I might add that after that time my post was down 20 spots because of no post...but now since u guys posted..its back up..my point was this is the worst board that I ever seen for helping (my opinion). Also before I posted this I did search and did find some info about a different problem..but suprizingly 75%(an estimate) of the posts regarding this matter were not answered. Also I wasn't just doing this for me..I did say that I was willing to do a hack once a solution to this is found. Also, when u say F*** off, you don't know what that really means because its just have nothing to do with this. So F*** your self some where else.

You decided to start a new thread to b***h about it? That's gonna win you friends. :rolleyes:

You sure have a way with people don't you?

I think the mods should close this thread, it's going no where!

MoJo85, instead of calling us losers, the polite thing to do would be to BUMP it.

And BTW - hint:

eval (header("Location: <a href="http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php" target="_blank">http://www.YourHostName.com/chat_fo...ccorectpass.php</a>"));

no no.

header("Location: <a href="http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php" target="_blank">http://www.YourHostName.com/chat_fo...ccorectpass.php</a>");
exit;

I'm sorry for that incorect post...I didn't mean to post a new thread. That was supposed to be a replly, anyways...thanks John M for the replly.

Can I make a suggestion that would require some modification? It would help all of your code in general if you....

Eliminate hard coded http:// inside of the code. Learn to use $PHP_SELF and getenv("variables"). Either that or make a $scriptLocation="http://..." variable at the top that you have the user set before they start the script. That way you don't have to mess with hard coded URLs all throughout the script.

Instead of using multiple files (incorrectpass.php,incorrectusername.php) which will complicate the install and maintenance-- make one error function and call it with variables. if(user fails passwordcheck) { error(2)} Then error 2 would print the appropriate message.

Instead of creating a whole file system try to make them generic functions that anyone can include in any script. As it is now anyone wishing to use this would have to incorporate their script into yours, the other way around, or put their look on your file. It would be easier if this were a library that you could call from your own forms.

I have a vb-login script like this for myOvergrow but it's hardcoded into my site and not appropriate for release because it's not written as functions.

good luck

Here is my function, extracted... no guarantees on this, I ripped out some parts. This function is called at the beginning of any script you want to make sure they are a proper VB user


function checkLogin() {

global $db,$db_connection,$bbuserid,$bbusername,$bbpasswo rd,$userid,$username,$password,$newpassword;

if(strlen($newpassword) > 0)
$bbpassword=$newpassword;

if ((!isset($bbuserid) or $bbuserid < 1 or $bbuserid=="") and (!isset($bbpassword) or $bbpassword=="")) {

loginForm();
exit;

} else {

if($bbuserid > 0 and strlen($bbusername) < 1)
$whereclause = "WHERE userid='$bbuserid'";
else
$whereclause = "WHERE username='$bbusername'";

$query = "SELECT userid,username,password FROM user $whereclause";

$query_results = mysql_query($query,$db_connection);

if (!$query_results){

print "failed: $query<br>\n";

} else {

while ($row = mysql_fetch_array($query_results)) {

$userid=$row[userid];
$username=$row[username];
$password=$row[password];

}
}

if ($userid < 1) {
//setcookie("bbuserid","",0);
//setcookie("bbpassword","",0);
loginForm("No such username in the database:");
exit;
}

if ($password!=$bbpassword and $bbpassword!=substr(md5($password),0,strlen($passw ord))) {
//setcookie("bbuserid","",0);
//setcookie("bbpassword","",0);
loginForm("Incorrect Password entered:");
exit;
}

if (isset($userid) and $userid!="" and $userid > 1 and $bbuserid!=$userid) {

setcookie("bbuserid",$userid,0,"/");
setcookie("bbuserid",$userid,mktime(0,0,0,0,0,2020),"/");

setcookie("bbpassword",substr(md5($password),0,strlen($password)),0,"/");
setcookie("bbpassword",substr(md5($password),0,strlen($password)),mktime (0,0,0,0,0,2020),"/");

$bbuserid=$userid;
}
}
}


You can send it from your forms either

$bbuserid or $bbusername

and

$newpassword

The possible outcomes=

1) no data sent, it calls another function loginForm() with no variable
2) no such user name, calls loginForm("no such user name")
3) wrong password, calls loginForm("wrong pass")

etc...

thank you Overgrow for the help. I got it to work and I will hopfully launch this hack probaly by end of this week once I get the little bugs out..