Go Back   vb.org Archive > vBulletin Modifications > Archive > vB.org Archives > General > Member Archives
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Details »»

Version: , by MoJo85 (Guest)
Developer Last Online: Jan 1970 Show Printable Version Email this Page

Version: Unknown Rating:
Released: 05-01-2001 Last Update: Never Installs: 0
 
No support by the author.

Ok....I found that there is alot of demand saying that they want a non-vb login hack (including me). So meaning it will integrate vb's usernames and passwords with non-vb website. So that people access parts(other than the vbb) of a website using there login and pass.
So I will launch this hack soon but I stumbled upon a problem which I can't solve...
ok here is my code(attached below)..What I'm making is that If the action is a login then it would verify for pass and username. Put when I test this and type a fake pass and username it would not show the website where is says wrong pass or wrong username. If I type the right pass and username it would forward me to the topsecret website. There is no error showing except a 404 error saying that THIS(the file that this code is in) code is not found.(i'm darn sure its there because when u type the right pass word is will forward u to the right spot) I know that there is somthing wrong with the eval statements below...so can some one point it out...
help would be appreciated and thanks in advance.

PHP Code:
// ############################### start login ############################### 
if ($action=="login") { 
include(
"./global.php"); 
if (isset(
$username)) { 
// get userid for given username 
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) { 
if (
$user[password]!=$password) { // check password 
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php[/url]")); 
exit; 

$userid=$user[userid]; 
} else { 
// invalid username entered 
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/InncorrectUsername.php[/url]")); 
exit; 


if (
$user['cookieuser']==1) { 
vbsetcookie("bbuserid",$user['userid']); 
vbsetcookie("bbpassword",md5($user['password'])); 


$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'"); 

$session['sessionhash']=md5(uniqid(microtime())); 
$session['dbsessionhash']=$session['sessionhash']; 
$DB_site->query("INSERT INTO session (sessionhash,userid,host,useragent,lastactivity,styleid) VALUES ('".addslashes($session['sessionhash'])."','$userid','".addslashes($session['host'])."','".addslashes($session['useragent'])."','".time()."','$session[styleid]')"); 
vbsetcookie("sessionhash",$session['sessionhash'],0); 
$username $user['username']; 


$url=ereg_replace("sessionhash=[a-z0-9]{32}&","",$url); 
$url=ereg_replace("\\?sessionhash=[a-z0-9]{32}","",$url); 
$url=ereg_replace("s=[a-z0-9]{32}&","",$url); 
$url=ereg_replace("\\?s=[a-z0-9]{32}","",$url); 

if (
$url!="" and $url!="index.php" and $url!=$HTTP_REFERER) { 

if (
strpos($url,"?")>0) { 
$url.="&s=$session[dbsessionhash]"
} else { 
$url.="?s=$session[dbsessionhash]"

//header("Location: $url"); 

$url str_replace("\""""$url); 
eval(
"standardredirect(\"".gettemplate("redirect_login")."\",\"$url\");"); 
} else { 
$bbuserinfo=getuserinfo($userid); 
header("Location: [url]http://www.YourHostName.com/chat_forums/forums/topsecret.php[/url]"); 



btw: This is part of a code so don't worry about <?php...
Once I finish this hopfully I will launch the hack
Thank you

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.

Comments
  #12  
Old 05-03-2001, 07:24 PM
Overgrow's Avatar
Overgrow Overgrow is offline
 
Join Date: Nov 2001
Posts: 320
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Can I make a suggestion that would require some modification? It would help all of your code in general if you....

Eliminate hard coded http:// inside of the code. Learn to use $PHP_SELF and getenv("variables"). Either that or make a $scriptLocation="http://..." variable at the top that you have the user set before they start the script. That way you don't have to mess with hard coded URLs all throughout the script.

Instead of using multiple files (incorrectpass.php,incorrectusername.php) which will complicate the install and maintenance-- make one error function and call it with variables. if(user fails passwordcheck) { error(2)} Then error 2 would print the appropriate message.

Instead of creating a whole file system try to make them generic functions that anyone can include in any script. As it is now anyone wishing to use this would have to incorporate their script into yours, the other way around, or put their look on your file. It would be easier if this were a library that you could call from your own forms.

I have a vb-login script like this for myOvergrow but it's hardcoded into my site and not appropriate for release because it's not written as functions.

good luck
Reply With Quote
  #13  
Old 05-03-2001, 07:41 PM
Overgrow's Avatar
Overgrow Overgrow is offline
 
Join Date: Nov 2001
Posts: 320
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is my function, extracted... no guarantees on this, I ripped out some parts. This function is called at the beginning of any script you want to make sure they are a proper VB user

PHP Code:
function checkLogin() {

    global 
$db,$db_connection,$bbuserid,$bbusername,$bbpassword,$userid,$username,$password,$newpassword;

    if(
strlen($newpassword) > 0)
        
$bbpassword=$newpassword;

    if ((!isset(
$bbuserid) or $bbuserid or $bbuserid=="") and (!isset($bbpassword) or $bbpassword=="")) {

        
loginForm();
        exit;

    } else {

        if(
$bbuserid and strlen($bbusername) < 1)
            
$whereclause "WHERE userid='$bbuserid'";
        else
            
$whereclause "WHERE username='$bbusername'";

        
$query "SELECT userid,username,password FROM user $whereclause";

        
$query_results mysql_query($query,$db_connection);

        if (!
$query_results){
            
            print 
"failed: $query<br>\n";

        } else {

            while (
$row mysql_fetch_array($query_results)) {

                
$userid=$row[userid];
                
$username=$row[username];
                
$password=$row[password];

            }
        }

        if (
$userid 1) {
            
//setcookie("bbuserid","",0);
            //setcookie("bbpassword","",0);
            
loginForm("No such username in the database:");
            exit;
        }

        if (
$password!=$bbpassword and $bbpassword!=substr(md5($password),0,strlen($password))) {
            
//setcookie("bbuserid","",0);
            //setcookie("bbpassword","",0);
            
loginForm("Incorrect Password entered:");
            exit;
        }

        if (isset(
$userid) and $userid!="" and $userid and $bbuserid!=$userid) {

            
setcookie("bbuserid",$userid,0,"/");
            
setcookie("bbuserid",$userid,mktime(0,0,0,0,0,2020),"/");
            
            
setcookie("bbpassword",substr(md5($password),0,strlen($password)),0,"/");
            
setcookie("bbpassword",substr(md5($password),0,strlen($password)),mktime(0,0,0,0,0,2020),"/");

            
$bbuserid=$userid;
        }
    }

You can send it from your forms either

$bbuserid or $bbusername

and

$newpassword

The possible outcomes=

1) no data sent, it calls another function loginForm() with no variable
2) no such user name, calls loginForm("no such user name")
3) wrong password, calls loginForm("wrong pass")

etc...
Reply With Quote
  #14  
Old 05-03-2001, 09:18 PM
MoJo85
Guest
 
Posts: n/a
Default

thank you Overgrow for the help. I got it to work and I will hopfully launch this hack probaly by end of this week once I get the little bugs out..
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:33 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04117 seconds
  • Memory Usage 2,286KB
  • Queries Executed 20 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (6)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (4)post_thanks_box
  • (4)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit_info
  • (3)postbit
  • (2)postbit_onlinestatus
  • (4)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete