Registration Script (Developement)
#11
zaher1988 Wrote:instead of

 $salt = random_str();
    $loginkey = generate_loginkey();
    $saltedpw = md5(md5($salt).md5('$epass'));

try

		$salt = generate_salt();
  	 	$loginkey = generate_loginkey();
	    $saltedpw = salt_password(md5($epass),$salt);

still can't login ..


 $player = $_SESSION['player'];
  $epass = strip_tags($_POST['pass']);

  $salt = generate_salt();
           $loginkey = generate_loginkey();
        $saltedpw = salt_password(md5($epass),$salt);

                $update_array = array(
                'username' => $player,
                'password' => $saltedpw,
                'salt' => $salt,
                'loginkey' => $loginkey,
            );


         //   $db->update_query("mybb_users", $update_array, "uid='{$user['uid']}'");
	
$query = $db->query("update mybb_users set password='$saltedpw', salt='$salt', loginkey='$loginkey' where username='$player'");

         session_destroy();

     			print "<center><font face=\"verdana\" color=\"red\" size=\"2\"><b>Success!</b></font></center><p align=\"center\">Your password has been changed!<br>Please <a href=\"page.box?content=home\">relogin!</a></p>";
Reply
#12
try changing this

>query("update mybb_users set password='$saltedpw', salt='$salt', loginkey='$loginkey' where username='$player'");

to this

>query("update mybb_users set password=$saltedpw, salt=$salt, loginkey=$loginkey where username=$player");

Also try this

$update_array = array(
                'password' => $saltedpw,
                'salt' => $salt,
                'loginkey' => $loginkey,
            );


            $db->update_query(TABLE_PREFIX."users", $update_array, "uid='{$user['uid']}'");

And are you sure you are using globals in your function? You should have at least $mybb and $db I believe.
Reply
#13
DOesn't it work in the 1st script where you add an account (registration.php)?

For the update part, im afraid the WHERE clause doest have a value set by $player, why don't you use MyBB sessions instead of php's.?
$player = $mybb->user['username'];

Will do it for you, it will get the username of the user browsing the page.. i believe this can fix the update part.

I also prefer doing it using the ID not username, like

$player = $mybb->user['uid'];

Then your query will be
$query = $db->query("UPDATE mybb_users set password='$saltedpw', salt='$salt', loginkey='$loginkey' WHERE uid='$player'");

In case this page was not connected with MyBB, why don't you try to use the cookies to store and retrieve the username?.
Reply
#14
ok.Thz for u attention !
i try it tonigh ..im stand here for dev myBB untill 12 hours and need to go to bed..Wink

im glad to know u guys!
chiao...
Reply
#15
Hi ..

before i sleep i try to do some research and i found it.. Big Grin

this code is work:

$epass = $_POST['pass'];

$salt = random_str();
	$loginkey = generate_loginkey();
	$saltedpw = md5(md5($salt).md5('123'));

$query = $db->query("update mybb_users set password='$saltedpw', salt='$salt', loginkey='$loginkey' where username='$player'");

You can see what is diffrent think from my other code that was not work..
YES that is a value '123',see on line $saltedpw = md5(md5($salt).md5('123'));
, i change $epass variable to default passowrd number is 123.

But i dunno how to make it as value 123 into variabel such as form ..

$epass = $_POST['pass']
$epass = "123"; <- how can be ??

..
Reply
#16
So i understand when you manually type a password in the script it works, then this ,means the retrieval of the input value is not taking place. So 1st make sure that in your HTML code where you have the input for the password to have name="pass"

ex.
<input name="pass" type="password" size="25"/>

I see your script is using MyBB functions.

Why not use then
$epass = $mybb->input['pass'];
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)