(2012-01-24, 10:08 PM)Tom K. Wrote: [ -> ]If you use the code I posted. You need to obviously execute the queries I posted 
That code will work fine
when I use your code only I get error
Parse error: syntax error, unexpected T_IF
but the thing is I need to fix my login page to work .what do I need to change on my page ?
You'll need to modify my code a bit so the queries are actually executed. Let me see your code with my code merged
I it's an unexpected T_IF then its likely you've missed a ";"
(2012-01-24, 10:25 PM)Tom K. Wrote: [ -> ]You'll need to modify my code a bit so the queries are actually executed. Let me see your code with my code merged I it's an unexpected T_IF then its likely you've missed a ";"
This is all my code , and doesnt work .
<?php
error_reporting(0);
// Database settings
$host = 'localhost';
$user = '';
$password = '';
$database = '';
$conn = mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn = mysql_select_db($database) or die ('Error selecting database.');
$hwid = mysql_real_escape_string($_GET['hwid']);
if ($hwid == '') {$hwid='?';}
$author = mysql_real_escape_string($_GET['author']);
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$query = "SELECT * FROM mybb_users WHERE username = '" . $user = validate_password_from_username($username,$password) . "'";
$result = mysql_query($query);
if (mysql_num_rows($result) == 1){
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
if ($row[hwid]!=$hwid) {
echo "INVALID LOGIN";
exit;
}
}
// Update loginlist
$ip = $_SERVER['REMOTE_ADDR'];
$lastday = $firstday = time();
$cntr = 1;
$author = $author;
$query = "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
$row[cntr] += 1;
$lastday = time();
$row[author] = $author;
$query = "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
$result=mysql_query($query);
} else {
$query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
$result=mysql_query($query);
}
// Check if IP address is blocked
$query = "SELECT * FROM loginlist WHERE ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
if ($row[block] == 1) {
echo "INVALID LOGIN";
exit;
}
}
echo "VALID LOGIN";
} else {
echo "INVALID LOGIN";
}
?>
I just changed this line but wrong I know:
$query = "SELECT * FROM mybb_users WHERE username = '" . $user = validate_password_from_username($username,$password) . "'";
You kind of merged mine and Paul's code.
Try this (untested and written on my iPad
)
This bit:
$host= "localhost";
$user = '';
$password = '';
$database = '';
$conn = mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn = mysql_select_db($database) or die ('Error selecting database.');
$hwid = mysql_real_escape_string($_GET['hwid']);
if ($hwid == '') {$hwid='?';}
$author = mysql_real_escape_string($_GET['author']);
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
//get the user info
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = {$username};";
//make it into a mysql_assoc_array
$result= mysql_query($query);
$resultarr = mysql_fetch_assoc($result);
$salt = $resultarr['salt'];
$hash = md5(md5($password.$salt).$salt);
//check your hash against the one in the table
if ($resultarr['hash'] == $hash)
{
// Check membername and HWID
$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
if ($row[hwid]!=$hwid) {
echo "INVALID LOGIN";
exit;
}
}
// Update loginlist
$ip = $_SERVER['REMOTE_ADDR'];
$lastday = $firstday = time();
$cntr = 1;
$author = $author;
$query = "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
$row[cntr] += 1;
$lastday = time();
$row[author] = $author;
$query = "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
$result=mysql_query($query);
} else {
$query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
$result=mysql_query($query);
}
// Check if IP address is blocked
$query = "SELECT * FROM loginlist WHERE ip = '$ip'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result) == 1) {
$row = mysql_fetch_array($result);
if ($row[block] == 1) {
echo "INVALID LOGIN";
exit;
}
}
echo "VALID LOGIN";
} else {
echo "INVALID LOGIN";
}
Change the last "INVALID LOGIN" to "INVLAID LOGIN TEST"
then we'll know why it is failing
now it says "INVLAID LOGIN TEST"
Ok, so we know it's failing the mybb login. Replace this:
$resultarr = mysql_fetch_assoc($result);
With this:
$resultarr = mysql_fetch_assoc($result);
print_r($resultarr);
die();
also, your table IS called mybb_users isn't it?
(2012-01-24, 11:12 PM)Tom K. Wrote: [ -> ]Ok, so we know it's failing the mybb login. Replace this:
$resultarr = mysql_fetch_assoc($result);
With this:
$resultarr = mysql_fetch_assoc($result);
print_r($resultarr);
die();
also, your table IS called mybb_users isn't it?
yes mybb_users called. Now I have a blank page it doesnt say valid or invalid
Ok, that's good. We now know that the query is empty. This is probably because the username is invalid
Are you sure the username is correct?