0

Hi guys

I'm trying to create a login system on my site that uses the login information from my phpBB forum. I'm having trouble retrieving the password hash from the forum database. I'm a bit of a newbie to php so am a bit lost. Thanks in advanced.

<?php

//include functions.php/function.php
include ("functions.php");

//ob
ob_start();

//session
session_start();

$username = addslashes(strip_tags(strtolower($_POST['username'])));
$password = addslashes(strip_tags($_POST['password']));

if (empty($username) == FALSE && empty($password) == FALSE) {

//connect
  $con=mysqli_connect("localhost","client106959","******","EMUAS");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$find = mysqli_query($con, "SELECT * FROM user WHERE username_clean='$username'"); 
$find_row = mysqli_fetch_array($find);
//grab password
$password_hash = $find_row['user_password'];


echo ($username);
echo ($password);
echo ($password_hash);
}
else{
    echo ('<script type="text/javascript">
 alert("Please Enter a Username and Password");
  </script>');
  header("Location: {$_SERVER['HTTP_REFERER']}");
  }

mysqli_close($con);

?>
4
Contributors
7
Replies
27
Views
4 Years
Discussion Span
Last Post by F-3000
0
$find = mysqli_query($con, "SELECT * FROM users WHERE username_clean='$username' LIMIT 1"); 
if($find_row = mysqli_fetch_array($find)){
    //grab password
    $password_hash = $find_row['user_password'];
    echo $password_hash;
}

try that - notice the 'users' instead of 'user' for table name. Also use a LIMIT 1 to halt searching after a hit. The conditional on assignment should avoid having to test the value of $find_row separately.

Edited by diafol

0

Ahh thank you so much, works perfectly now. Just one more thing how do I get the alert to show up before the redirect? (line 35-38)

Edited by bfitzgerald

0

You want to give the user an alert and then redirect him? Why not redirect him and then give him the alert? :)

0

Is the alert "totally necessarily essential"? If not, leave it out. There's nothing more annoying than an alert popup. :(

Well that's not quite true, but you get my drift.

0

I changed the redirect so it jsut went to the home page. Main reason for the alerts was mainly to say if they made a mistake.

0

Less is sometimes better. A client-side validator on your forms can save a lot of hassle of incorrectly formatted input. Ajax can appear to save the user time (reload and paint page) with incorrect login particulars. You can always format the message to your styling too - not like those horrible browser/system alerts.

0

Why not use phpBB's own code?

https://www.phpbb.com/kb/article/phpbb3-cross-site-sessions-integration/

Plus...

$username = utf8_normalize_nfc(request_var('user', '', true));
$password = utf8_normalize_nfc(request_var('password', '', true));
$autologin = (!empty($_POST['autologin'])) ? true : false;

$result = $auth->login($username, $password, $autologin);

if ($result['status'] == LOGIN_SUCCESS)
{
    $reason = "Login successful";
}
else
{
    $reasons=array(
        'LOGIN_ERROR_PASSWORD'=>'Wrong password',
        'LOGIN_ERROR_USERNAME'=>'Unknown user',
        'NO_PASSWORD_SUPPLIED'=>'Provide password'
        );
    if(isset($reasons[$result['error_msg']]))$reason=$reasons[$result['error_msg']];
    else $reason=$result['error_msg'];
}
echo $reason;

And remember to set cookie-settings (in forum ACP) to include path where site resides. For example, if site is in example.com, and forum is in example.com/forum, set cookie's domain to /.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.