Jump to content

  •  

- - - - -

IPboard Script Help


  • Please log in to reply
2 replies to this topic

#1 MarkusxX

MarkusxX

    Member

  • Member
  • PipPip
  • 18 posts

Posted 05 September 2017 - 09:59 PM

Hello, i need help.

I have a Script was using in IPB 2.3.x now i using 3.x

The old IPboard has username , displayname for login the new 3.x only username now my script is not working :

<?PHP
require("connect.php");
//Get username information
$username=$_POST['username'];
$password=$_POST['password'];
$username=mysql_real_escape_string($username);
$password=mysql_real_escape_string($password);
//check that user is not banned
$banned=mysql_query("SELECT * FROM GUIDTech WHERE user='" .$username. "'");
while($rows=mysql_fetch_array($banned)){
	$banned1=$rows['BANNED'];
}
//Get id from username for retrieval of the password hash and salt
$result=mysql_query("SELECT * FROM ".$pf."members WHERE name='" . $username. "'")or die('fout'. mysql_error());
while($rows=mysql_fetch_array($result)){
	$id=$rows['id'];
	//We need this information to make sure the user is allowed to access this system
	$group=$rows['mgroup'];
	$user2 = $rows['name'];
	}
//*********************************************************************
//Modify this table to use your usergroup names
$allowedgroups = array (
"Root Admin",
"Global Moderator",
"Administrators",
"Coder",
"Super ViP Member",
"GFX Designer",
"VIP-Member",
"Head Moderator",
"Special Member",
"Local Moderator",
"Support",
);
//**********************************************************************
//Get password hash and salt using email
$nick=mysql_query("SELECT * FROM ".$pf."members WHERE name='".$username."'");
while($rows=mysql_fetch_array($nick)){
	$nickname=$rows['members_display_name'];
	$m_login_key = $rows['member_login_key'];
	}
//Get use the group ID to get the group title text
$verify=mysql_query("SELECT * FROM ".$pf."groups");
while($rows=mysql_fetch_array($verify)){
	$result=mysql_query("SELECT * FROM ".$pf."groups WHERE g_id='".$group."'");
	while($rows2=mysql_fetch_array($result)){
		$group=$rows2['g_title'];
		}
	}
$usergroup = false;
if(in_array($group, $allowedgroups)) {
	$usergroup = true;
	}
//Get password hash and salt using email
$result=mysql_query("SELECT * FROM ".$pf."members_converge WHERE converge_id='" . $id . "'");
while($rows=mysql_fetch_array($result)){
	$checkpass=$rows['converge_pass_hash'];
	$salt=$rows['converge_pass_salt'];
	}
//echo $checkpass . "<br />" . md5($_POST['pass']);   
//$ip = explode('.', $_SERVER['REMOTE_ADDR']);
//$salt2 = md5($DBpassword .  $DBusername);
//$pass2 = md5( md5( $id . "-" . $ip[0] . '-' . $ip[1] . '-' . $m_login_key) . $salt2);
$password = md5( md5( $salt ) . md5( $password ) );
if($password != $checkpass/*$_COOKIE['ipb_stronghold']*/){
	echo '<meta http-equiv="refresh" content="0;url=wrong.php">' ; //Error

	exit;
	}
if(!$usergroup){
	echo '<meta http-equiv="refresh" content="0;url=group.php">' ; //Error
	exit;
}
session_start();
$_SESSION['code'] = md5(rand(1,1000));
$_SESSION['user'] = $user2;
$_SESSION['nickname'] = $nickname;
$res = mysql_query("SELECT * FROM GUIDTech WHERE user='". $_SESSION['user'] ."'")or die(mysql_error());
//$data = mysql_fetch_assoc($res);
if(mysql_num_rows($res) >= 1) {
	mysql_query("UPDATE GUIDTech SET code='" . $_SESSION['code'] ."', user='". $_SESSION['user'] . "', nickname='". $_SESSION['nickname']."' WHERE user='" . $_SESSION['user'] ."'")or die(mysql_error());
	}
else {
	mysql_query("INSERT INTO GUIDTech (user, nickname, code) VALUES ('". $_SESSION['user'] ."', '". $_SESSION['nickname']."', '" .$_SESSION['code'] ."')")or die(mysql_error());
	}
header("Location: thanks.php");
ob_end_flush();
?>

and connect.php

<?php
session_start();
ob_start();
// Edit this section with your database details 
$host="localhost"; // Host name
$DBusername="Forum"; // Mysql user
$DBpassword="****"; // Mysql password
$db_name="forum"; // Database name
$pf="ibf_"; // Database Prefix if you have one	   

//Do Not touch below this line
###################################################################

// Connect to server and select databse.
mysql_connect($host, $DBusername, $DBpassword)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");
function NotLoggedIn() {
	echo "You are not logged in<br /><a href="index.php">Go back</a>";
	exit();
	}
function Check_Login() {
	if(isset($_SESSION['user'])) {
		$res = mysql_query("SELECT * FROM GUIDTech WHERE user='". $_SESSION['user'] ."'")or die(mysql_error());
		if(mysql_num_rows($res) == 1) {
			$data = mysql_fetch_assoc($res);
			if(!$data['code'] == $_SESSION['code']) {
				return false;
				}
			else {
				return true;
				$_SESSION['user'] = $data['user'];
				$_SESSION['code'] = $data['code'];
				$_SESSION['nickname'] = $data['nickname'];
				$username = $_SESSION['user'];
				$nickname = $_SESSION['nickname'];
				}
			}
		else {
			return false;
			}
		}
	else {
		return false;
		}
	}
?>

only remove nickmake or name ? please help me

#2 NinjaMan20173

NinjaMan20173

    Newbie

  • Member
  • Pip
  • 2 posts

Posted 28 November 2017 - 09:02 AM

Update to the current 4.1.x version. Things will be a lot better :)

#3 R3V3R53

R3V3R53

    Newbie

  • Donator
  • Pip
  • 8 posts

Donator

Posted 07 February 2018 - 05:32 AM

On my selfmade script i use another way to check a user and the validation of him with sha1 encrypted password.

<?php
session_start();
DEFINE("BASE_URL", "/");
DEFINE("ROOT_PATH", $_SERVER["DOCUMENT_ROOT"] . "/");
require_once (ROOT_PATH . "inc/class_token.php");
require_once (ROOT_PATH . "inc/class_database.php");
require_once (ROOT_PATH . "inc/GoogleAuthenticator.php");
require_once (ROOT_PATH . "assets/class_header.php");
$ga = new PHPGangsta_GoogleAuthenticator();
if(isset($_SESSION['id']) || isset($_SESSION['username'])) {

header('Location: dashboard.php');
exit;
}
if(isset($_POST['btn-login'])) {
function sha_password($user, $pass) {
	 $user = strtoupper($user);
	 $pass = strtoupper($pass);
	 return SHA1($user.':'.$pass);
}
$username = $_POST['username'];
$password = sha_password($username, $_POST['password']);
$sql = "SELECT * FROM account WHERE username='$username' AND sha_pass_hash='$password'";
$stmt = $pda->prepare($sql);
$stmt->bindValue(':username', $username);
$stmt->bindValue(':password', $password);

$stmt->execute();

$user = $stmt->fetch(PDO::FETCH_ASSOC);

if($user === false) {
	 die('Incorrect username / password combination!');
} else {
	 $_SESSION['user_id'] = $user['id'];
	 $_SESSION['username'] = $user['username'];
	 $_SESSION['token'] = $user['token_key'];
	 $_SESSION['hash'] = $user['token_hash'];
		
	 header('Location: ../dashboard.php');
	 exit;
}
}
if (isset($_POST['btn-reset-password'])) {
	 header('Location: ../password-reset.php');
	 exit;
}
?>
<div class="container">
<h2 class="display-4 mb-4">Log In</h2>
<hr />
<div id="alerts"></div>
<div class="row">
	 <div class="col-md-4 col-md-offset-4">
		 <form method="post">
			 <div class="form-group">
				 <label for="username">Username</label>
				 <input type="text" class="form-control" id="username" name="username" placeholder="Benutzername" pattern="^[a-zA-Z0-9]+( [a-zA-Z0-9]+)*$" />
				 <small class="form-text text-muted">Note: Only alphanumeric characters supported.</small>
			 </div>
			 <div class="form-group">
				 <label for="password">Password</label>
				 <input type="password" class="form-control" id="password" name="password" placeholder="Please enter your password"/>
				 <small class="form-text text-muted">Reminder: Passwords are 8 characters or longer, include both letters and numbers plus at least one non-alphanumeric character.</small>
			 </div>
			 <div class="clearfix"></div>
			 <hr />
			 <button type="submit" name="btn-login" class="btn btn-block btn-primary">
				 <i class="glyphicon glyphicon-log-in"></i> SIGN IN
			 </button>
			 <div id="password_reset">
				 <button name="btn-reset-password" class="btn btn-block btn-danger">
					 <i class="glyphicon glyphicon-lock"></i> Password Reset
				 </button>
			 </div>
		 </form>
	 </div>
</div>
</div>

<?php require_once (ROOT_PATH . "assets/class_footer.php"); ?>

my connect is this:

<?php
if(!defined('access_token')) {
	die('Direct access not permitted');
}
define('MYSQL_HOST', 'xxx.xxx.xxx.xxx');
define('MYSQL_USER', 'xxxxx');
define('MYSQL_PASSWORD', 'xxxxx');
define('MYSQL_AUTH_DATABASE', 'xxxx');
define('MYSQL_CHAR_DATABASE', 'xxxxx');
define('MYSQL_WORLD_DATABASE', 'xxxxx');
$pdoOptions = array(
	PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
	PDO::ATTR_EMULATE_PREPARES => false
);
$pda = new PDO("mysql:host=" . MYSQL_HOST . ";dbname=" . MYSQL_AUTH_DATABASE, MYSQL_USER, MYSQL_PASSWORD, $pdoOptions);
$pdc = new PDO("mysql:host=" . MYSQL_HOST . ";dbname=" . MYSQL_CHAR_DATABASE, MYSQL_USER, MYSQL_PASSWORD, $pdoOptions);
$pdw = new PDO("mysql:host=" . MYSQL_HOST . ";dbname=" . MYSQL_WORLD_DATABASE, MYSQL_USER, MYSQL_PASSWORD, $pdoOptions);





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users