yes I do type it on chrome like this : login.php?username=deve48&password=mypass
and it is correct
Ok, do you have phpmyadmin or something. Just try the SQL:
SELECT * FROM mybb_users WHERE LOWER(username) = 'deve48';
To ensure it actually returns something.
Also, I have noticed an error in my original code:
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = {$username};";
Should be:
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = '{$username}';";
after fixing your corrected code "$query = "SELECT * FROM mybb_users WHERE LOWER(username) = '{$username}';"; " I get lots of information about the user I did try with my test account :
Array ( [uid] => 450 [username] => test [password] => 2836061a16d8b31775306f9cd7055165 [salt] => 6VJi8QAZ [loginkey] => X1kZp6xKtGWIqtLs5bH5Bd7nTtoPWZXpAP9CIPfcokLrpfZigS [email] => [email protected] [postnum] => 2 [avatar] => [avatardimensions] => | [avatartype] => [usergroup] => 2 [additionalgroups] => [displaygroup] => 2 [usertitle] => [regdate] => 1300555306 [lastactive] => 1301155324 [lastvisit] => 1301155324 [lastpost] => 0 [website] => [icq] => 0 [aim] => [yahoo] => [msn] => [birthday] => 1-1-0001 [birthdayprivacy] => all [signature] => [allownotices] => 1 [hideemail] => 1 [subscriptionmethod] => 2 [invisible] => 0 [receivepms] => 1 [receivefrombuddy] => 0 [pmnotice] => 1 [pmnotify] => 1 [threadmode] => linear [showsigs] => 1 [showavatars] => 1 [showquickreply] => 1 [showredirect] => 1 [ppp] => 0 [tpp] => 0 [daysprune] => 0 [dateformat] => 0 [timeformat] => 0 [timezone] => 0 [dst] => 1 [dstcorrection] => 1 [buddylist] => [ignorelist] => [style] => 4 [away] => 0 [awaydate] => 0 [returndate] => 0 [awayreason] => [pmfolders] => 1**Inbox$%%$2**Sent Items$%%$3**Drafts$%%$4**Trash Can [notepad] => [referrer] => 0 [referrals] => 0 [reputation] => 0 [regip] => 83.7.171.41 [lastip] => [longregip] => 0 [longlastip] => 0 [language] => [timeonline] => 0 [showcodebuttons] => 1 [totalpms] => 0 [unreadpms] => 0 [warningpoints] => 0 [moderateposts] => 0 [moderationtime] => 0 [suspendposting] => 0 [suspensiontime] => 0 [suspendsignature] => 0 [suspendsigtime] => 0 [coppauser] => 0 [classicpostbit] => 0 [loginattempts] => 17 [failedlogin] => 0 [usernotes] => [passwordconvert] => d41ff23e0e6147a8fd2722f68e53f993a92784b0 [passwordconverttype] => smf2 )
Right, now remove the print_r and die
now it says again invalid login
my code on that part looks like this :
//make it into a mysql_assoc_array
$result= mysql_query($query);
$resultarr = mysql_fetch_assoc($result);
$salt = $resultarr['salt'];
$hash = md5(md5($password.$salt).$salt);
Ok, now it is most probably because of this:
if ($row[hwid]!=$hwid) {
echo "INVALID LOGIN";
exit;
And that is probably because $row[hwid] should be $row['hwid']
same invalid login this part looks like this now :
$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
$result = mysql_query($query);
if ($result && mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
if ($row['hwid']!=$hwid) {
echo "INVALID LOGIN";
exit;
Again, put print_r($row) and ensure something is being returned from that query
when I turn my code here back like this :
//make it into a mysql_assoc_array
$result= mysql_query($query);
$resultarr = mysql_fetch_assoc($result);
print_r($resultarr);
die();
$salt = $resultarr['salt'];
$hash = md5(md5($password.$salt).$salt);
I have lots of result coming back
No, we want to check the one that you had originally by $row
a bit further down