Version: , by MoJo85 (Guest)
Developer Last Online: Jan 1970
Version: Unknown
Rating:
Released: 05-01-2001
Last Update: Never
Installs: 0
No support by the author.
Ok....I found that there is alot of demand saying that they want a non-vb login hack (including me). So meaning it will integrate vb's usernames and passwords with non-vb website. So that people access parts(other than the vbb) of a website using there login and pass.
So I will launch this hack soon but I stumbled upon a problem which I can't solve...
ok here is my code(attached below)..What I'm making is that If the action is a login then it would verify for pass and username. Put when I test this and type a fake pass and username it would not show the website where is says wrong pass or wrong username. If I type the right pass and username it would forward me to the topsecret website. There is no error showing except a 404 error saying that THIS(the file that this code is in) code is not found.(i'm darn sure its there because when u type the right pass word is will forward u to the right spot) I know that there is somthing wrong with the eval statements below...so can some one point it out...
help would be appreciated and thanks in advance.
PHP Code:
// ############################### start login ###############################
if ($action=="login") {
include("./global.php");
if (isset($username)) {
// get userid for given username
if ($user=$DB_site->query_first("SELECT userid,username,password,cookieuser FROM user WHERE username='".addslashes(htmlspecialchars($username))."'")) {
if ($user[password]!=$password) { // check password
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/Inccorectpass.php[/url]"));
exit;
}
$userid=$user[userid];
} else { // invalid username entered
eval (header("Location: [url]http://www.YourHostName.com/chat_forums/forums/InncorrectUsername.php[/url]"));
exit;
}
if ($user['cookieuser']==1) {
vbsetcookie("bbuserid",$user['userid']);
vbsetcookie("bbpassword",md5($user['password']));
}
$DB_site->query("DELETE FROM session WHERE sessionhash='".addslashes($session[dbsessionhash])."'");
Can I make a suggestion that would require some modification? It would help all of your code in general if you....
Eliminate hard coded http:// inside of the code. Learn to use $PHP_SELF and getenv("variables"). Either that or make a $scriptLocation="http://..." variable at the top that you have the user set before they start the script. That way you don't have to mess with hard coded URLs all throughout the script.
Instead of using multiple files (incorrectpass.php,incorrectusername.php) which will complicate the install and maintenance-- make one error function and call it with variables. if(user fails passwordcheck) { error(2)} Then error 2 would print the appropriate message.
Instead of creating a whole file system try to make them generic functions that anyone can include in any script. As it is now anyone wishing to use this would have to incorporate their script into yours, the other way around, or put their look on your file. It would be easier if this were a library that you could call from your own forms.
I have a vb-login script like this for myOvergrow but it's hardcoded into my site and not appropriate for release because it's not written as functions.
Here is my function, extracted... no guarantees on this, I ripped out some parts. This function is called at the beginning of any script you want to make sure they are a proper VB user
PHP Code:
function checkLogin() {
global $db,$db_connection,$bbuserid,$bbusername,$bbpassword,$userid,$username,$password,$newpassword;
1) no data sent, it calls another function loginForm() with no variable
2) no such user name, calls loginForm("no such user name")
3) wrong password, calls loginForm("wrong pass")