Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[SOLVED] Using the login Details via App
#11
(01-24-2012, 10:08 PM)Tom K. Wrote:  If you use the code I posted. You need to obviously execute the queries I posted Smile

That code will work fine Smile
when I use your code only I get error

Code:
Parse error: syntax error, unexpected T_IF


but the thing is I need to fix my login page to work .what do I need to change on my page ?
Reply
#12
You'll need to modify my code a bit so the queries are actually executed. Let me see your code with my code merged Smile I it's an unexpected T_IF then its likely you've missed a ";" Smile
Reply
#13
(01-24-2012, 10:25 PM)Tom K. Wrote:  You'll need to modify my code a bit so the queries are actually executed. Let me see your code with my code merged Smile I it's an unexpected T_IF then its likely you've missed a ";" Smile

This is all my code , and doesnt work .

Code:
<?php

error_reporting(0);
// Database settings
$host      = 'localhost';        
$user      = '';    
$password  = '';        
$database  = '';      

$conn = mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn = mysql_select_db($database) or die ('Error selecting database.');

$hwid = mysql_real_escape_string($_GET['hwid']);
if ($hwid == '') {$hwid='?';}
$author = mysql_real_escape_string($_GET['author']);
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$query = "SELECT * FROM mybb_users WHERE username = '" . $user = validate_password_from_username($username,$password) . "'";
$result = mysql_query($query);

if (mysql_num_rows($result) == 1){
    // Check membername and HWID
    $query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
    $result = mysql_query($query);
    if ($result && mysql_num_rows($result)) {
        $row = mysql_fetch_array($result);
        if ($row[hwid]!=$hwid) {
            echo "INVALID LOGIN";
            exit;
        }
    }
    // Update loginlist
    $ip = $_SERVER['REMOTE_ADDR'];
    $lastday = $firstday = time();
    $cntr = 1;
   $author = $author;
    $query = "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
    $result = mysql_query($query);
    if ($result && mysql_num_rows($result)) {
        $row = mysql_fetch_array($result);
        $row[cntr] += 1;
        $lastday = time();
        $row[author] = $author;
        $query = "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
        $result=mysql_query($query);
    } else {
        $query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
        $result=mysql_query($query);            
    }    
    // Check if IP address is blocked
    $query = "SELECT * FROM loginlist WHERE ip = '$ip'";
    $result = mysql_query($query);
    if ($result && mysql_num_rows($result) == 1) {
        $row = mysql_fetch_array($result);
        if ($row[block] == 1) {
            echo "INVALID LOGIN";    
            exit;
        }
    }
    echo "VALID LOGIN";
} else {
    echo "INVALID LOGIN";
}

?>


I just changed this line but wrong I know:

Code:
$query = "SELECT * FROM mybb_users WHERE username = '" . $user = validate_password_from_username($username,$password) . "'";
Reply
#14
You kind of merged mine and Paul's code.

Try this (untested and written on my iPad Smile)


This bit:
PHP Code:
$host"localhost";       
$user      
'';     
$password  
'';         
$database  
'';       

$conn 
mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn mysql_select_db($database) or die ('Error selecting database.');

$hwid mysql_real_escape_string($_GET['hwid']);
if (
$hwid == '') {$hwid='?';}
$author mysql_real_escape_string($_GET['author']);
$username mysql_real_escape_string($_GET['username']);
$password mysql_real_escape_string($_GET['password']);
//get the user info
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = {$username};";
//make it into a mysql_assoc_array
$resultmysql_query($query);
$resultarr mysql_fetch_assoc($result);
$salt = $resultarr['salt'];
$hash = md5(md5($password.$salt).$salt);

//check your hash against the one in the table
if ($resultarr['hash'] == $hash)
{
    // Check membername and HWID 
    $query "SELECT member, hwid FROM loginlist WHERE member = '$username'";
    $result mysql_query($query);
    if ($result && mysql_num_rows($result)) {
        $row mysql_fetch_array($result);
        if ($row[hwid]!=$hwid) {
            echo "INVALID LOGIN";
            exit;
        }
    }
    // Update loginlist
    $ip $_SERVER['REMOTE_ADDR'];
    $lastday $firstday time();
    $cntr 1;
   $author $author;
    $query "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
    $result mysql_query($query);
    if ($result && mysql_num_rows($result)) {
        $row mysql_fetch_array($result);
        $row[cntr] += 1;
        $lastday time();
        $row[author] = $author;
        $query "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
        $result=mysql_query($query);
    } else {
        $query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
        $result=mysql_query($query);            
    
}    
    
// Check if IP address is blocked
    $query "SELECT * FROM loginlist WHERE ip = '$ip'";
    $result mysql_query($query);
    if ($result && mysql_num_rows($result) == 1) {
        $row mysql_fetch_array($result);
        if ($row[block] == 1) {
            echo "INVALID LOGIN";    
            exit
;
        }
    }
    echo "VALID LOGIN";
} else {
    echo "INVALID LOGIN";

Reply
#15
nope it says invalid login , by the way I use link like this : http://mysite.com/login.php?username=myname&password=mypass hope that is correct
Reply
#16
Change the last "INVALID LOGIN" to "INVLAID LOGIN TEST" Smile then we'll know why it is failing Wink
Reply
#17
now it says "INVLAID LOGIN TEST"
Reply
#18
Ok, so we know it's failing the mybb login. Replace this:
PHP Code:
$resultarr = mysql_fetch_assoc($result); 

With this:
PHP Code:
$resultarr = mysql_fetch_assoc($result);
print_r($resultarr);
die(); 

Smile also, your table IS called mybb_users isn't it?
Reply
#19
(01-24-2012, 11:12 PM)Tom K. Wrote:  Ok, so we know it's failing the mybb login. Replace this:
PHP Code:
$resultarr = mysql_fetch_assoc($result); 

With this:
PHP Code:
$resultarr = mysql_fetch_assoc($result);
print_r($resultarr);
die(); 

Smile also, your table IS called mybb_users isn't it?

yes mybb_users called. Now I have a blank page it doesnt say valid or invalid
Reply
#20
Ok, that's good. We now know that the query is empty. This is probably because the username is invalid Smile

Are you sure the username is correct?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)