[Help - Debug] PHP code - login problem

Started by gamerties, November 20, 2007, 07:32:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

gamerties

November 20, 2007, 07:32:43 PM
I am customizing a PHP program for our website than someone else designed. After a lot of tinkering, I managed to get the majority of it working (to the best of my knowledge at least lol), but not one single person can login to the server.

I am not 100% sure on how our friends set it up (who made the code), but from talking with someone who understood a little, there was no need to create an account, because it used the forum accounts. Below is some of the code (some renamed for posting purposes), as well as the database build. I bolded/underlined parts I suspect, and used quote tags so you could see those parts:

Quote$char_name = $_POST["memberName"];

$password  = $_POST["pass"];



if (strlen($char_name) == 0 || !isAlphaNumeric($char_name))[/u]

{

httpRedirect("login.php?error=" . urlencode("Username must be only characters"));[/u]

}



if (strlen($password) == 0 || !isAlphaNumeric($password))[/u]

{

httpRedirect("login.php?error=" . urlencode("Invalid password"));[/u]

}

$authQuery = "SELECT memberName, pass, passwordSalt[/u] FROM forum_user_table WHERE LOWER(username)[/u]='" . strtolower($char_name) . "'";

$connect = mysql_connect("server", "username", "password") or die("Cannot connect.");

mysql_select_db("forum_database") or die("Cannot access DB.");

$sth = mysql_query($authQuery, $connect) or die("Error in query, unable to retrieve password.");

mysql_close($connect);


if (mysql_num_rows($sth) == 0) httpRedirect("login.php?error=" . urlencode("Invalid username or password"));



$row = mysql_fetch_assoc($sth);

if (md5(md5($password). $row["passwordSalt"]) != $row["passwd"]) httpRedirect("login.php?error=" . urlencode("Invalid username or password"));

The error we get is: "Error: Username must be characters only". This is the database for our SMF forums...a different database than we use for the main part of the program, but just incase there is something in it that is causing the problem, here is the SQL lines for its construction:



Quote-- Table "forum_database" DDL

CREATE TABLE `forum_database` (
  `ID_MEMBER` mediumint(8) unsigned NOT NULL auto_increment,
  `memberName` varchar(80) NOT NULL default '',
  `dateRegistered` int(10) unsigned NOT NULL default '0',
  `posts` mediumint(8) unsigned NOT NULL default '0',
  `ID_GROUP` smallint(5) unsigned NOT NULL default '0',
  `lngfile` tinytext NOT NULL,
  `lastLogin` int(10) unsigned NOT NULL default '0',
  `passwordSalt` varchar(5) NOT NULL default '',
  - lots of other user info that isn't in the code...

  PRIMARY KEY  (`ID_MEMBER`),
  KEY `memberName` (`memberName`(30)),
  KEY `dateRegistered` (`dateRegistered`),
  KEY `ID_GROUP` (`ID_GROUP`),
  KEY `birthdate` (`birthdate`),
  KEY `posts` (`posts`),
  KEY `lastLogin` (`lastLogin`),
  KEY `lngfile` (`lngfile`(30)),
  KEY `ID_POST_GROUP` (`ID_POST_GROUP`)
) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=latin1;


If anyone can help me out, I would greatly appreciate it. Also, if more info is needed than would be able to be posted, please feel free to PM me.

Thank you all very much!

SleePy

#2
December 12, 2007, 10:08:37 PM
Have you looked at the SSI FAQ's? You could easily replace that with ssi_login() function if you include the SSI.php

http://www.simplemachines.org/community/index.php?topic=14906
Jeremy D ~ Site Team / SMF Developer ~ GitHub Profile ~ Join us on IRC @ Libera.chat/#smf ~ Support the SMF Support team!
Print
Go Up Pages1
User actions
Advertisement: