I have a header system on my forums that has an upload area that ONLY staff (mods and admins) can get too and upload new headers for the forums home page.

http://www.scifi-meshes.com/forums

Now.. prior to my update to PHP 4.3.10 (on saturday) this header system was working fine. However after that update (which I assume is part of the problem) I've discovered that I can no longer log into my header management page (self created).

The code for checking the password is as follows:

/* password correct? */
$query = "SELECT salt, password FROM user WHERE username='$username'";
$result = mysql_query($query) or die("The information you entered does not match our records.");
$row=mysql_fetch_array($result);

$dbpassword = $row['password'];
$salt = $row['salt'];

if ($dbpassword == md5(md5($password). $salt)) {
print "Password correct<br><br>";
}
else {
die("password not correct!");
}


This compares what the user entered with that is stored in the Vbulletin forums MySQL database. However, I am ALWAYS getting "Password not correct!" and I have changed my password a few times to see if something wasn't set properly.

Can anyone help me? This code WAS working perfectly.

/* password correct? */
$query = "SELECT salt, password FROM user WHERE username='$username'";
$result = mysql_query($query) or die("The information you entered does not match our records.");
$row=mysql_fetch_array($result);

$dbpassword = $row['password'];
$salt = $row['salt'];

if ($dbpassword == md5($password. $salt)) {
print "Password correct<br><br>";
}
else {
die("password not correct!");
}

The change from:

if ($dbpassword == md5(md5($password). $salt)) {

to This:

if ($dbpassword == md5($password. $salt)) {

Apprently does not work.

I believe the license # has something to do with it too. There are a few topics around like this, you'll find the answer there :)

I've done this before, $user[password]==md5(md5($unencrypted).$user[salt])) should've worked.

I would start echoing variables and seeing what's not matching up.

or you could just use the same if vbulletin uses for checking login information:

taken from function_login.php, verify_authentication function:

if (
$bbuserinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $bbuserinfo['salt']), '') AND
$bbuserinfo['password'] != md5($md5password . $bbuserinfo['salt']) AND
$bbuserinfo['password'] != iif($md5password_utf, md5($md5password_utf . $bbuserinfo['salt']), '')
)

Hold on a second, if you're doing this from within vBulletin anyway, just check to see if a user is logged in using if(!$bbuserinfo['userid']) and then use is_moderator() function :)

i don't think he's using vbulletin. in the first snippet of code he's using mysql_query.

the title fo the thread also includes "on non-vb page"...