vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   help with login screen (splitted) (https://vborg.vbsupport.ru/showthread.php?t=164109)

zero_ZX 12-02-2007 08:45 AM
help with login screen (splitted)
 
Hi there! i want to split my vb login, into two parts, where you first enter your username, then alot of detials comes up, such as: group, posts, join date, account name, avatar.
Then below you will enter your password.

I have already coded a very little piece of the code, but i dont know the sql very well, and i have some troubles intigrating it to vbulletin.. if some1 out there can help me, i would love it.

here the code ive already got:

PHP Code:
<?php
//SPLIT script imprented

// first, let's see what step they're on...
$step $_GET['step'];

// if a user is allready logged in, and he's not trying to log out, he has no bussiness on this file
if ( $step != 'logout' && $_SESSION['login'] === TRUE )
{
 $step 'loggedin';
}


switch($step)
{
//if step is not defined in the url, then they're going to this step
default:
case '1'
 
 // ask for username
 echo '<form action="login.php?step=2" method="POST">
 Username : <input type="text" name="username">
 <br> <input type="submit" value="Log me in">
 </form>';
 
break;

case '2':
 // get username from step 1
 $username $_POST['username'];
 
 // now ask for the password
 echo '<form action="login.php?step=3" method="POST">
 Password : <input type="password" name="password">
 <input type="hidden" name="username" value="'.$username.'"> 
 <input type="submit" value="submit">';
 
break;

case '3':
 // get username and password from step two
 $username $_POST['username'];
 $password $_POST['password'];
 
 // connect to database, however you do it.. i use
 require_once("DbConnect.class.php");  
 // define query
 $sql "SELECT username, password FROM users WHERE username =".$username." AND password =".$password."GROUP BY username";
 if ( !$results mysql_query($sql)) {
  die('Username or password are incorrect!');
 }
 else {
  $_SESSION['data'] = mysql_fetch_assoc($results);
  $_SESSION['login'] = TRUE;
 
 
 break;
 
case 'loggedin':
 echo "You are allready logged in.";
break;

case 'logout':
if ( $_SESSION['login'] === TRUE )
 {
  if ( isset($_COOKIE[session_name()]) )
  {
   setcookie(session_name(), ''time()-42000'/');
  }
 
  foreach ( $_SESSION as $k=>$v )
  {
   unset($_SESSION[$k]);
  }

  session_destroy();
  echo "You've successfully logged out!";
 }
break;

}
?>

Opserty 12-02-2007 09:18 AM
Can I just ask....why?

I don't see an advantage in doing any of this...also it gives people access to info (depending on how you set up your permissions) to which they may not normally want access to. For example I can find an Admin's username in the login box and get a lot of his info.

Furthermore the code you posted has fairly extensive sercurity holes in it, I suggest your read this article first before you think about creating code for your board. (Using the vBulletin Input Cleaner).

Then you need to look at Using the vBulletin Database Class.


All times are GMT. The time now is 11:30 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01011 seconds
  • Memory Usage 1,731KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete