Jump to content
InvisionCommunity.de - Der Deutsche Invision Community Support
Sign in to follow this  
Guest Nalte Noser

"GuidTech"

Recommended Posts

Guest Nalte Noser

Hallo liebe Mitglieder ,

Ein Freund hat ein PHP Programm geschrieben womit man seine Programme schützen kann , mit einem Globally Unique Identifier.

Sein Programm basiert jediglich auf IPB 2.3 und Ich versuche im moment die Files für IPB 3.1 umzuschreiben.

Ich bin schonn ziemlichweit Ich hänge im moment beim Login ein bisschen fest.

<?PHP

require("connect.php");

//Get username information

$username=$_POST['username'];

$password=$_POST['password'];

$username=mysql_real_escape_string($username);

$password=mysql_real_escape_string($password);


//check that user is not banned

$banned=mysql_query("SELECT * FROM GUIDTech WHERE user='" .$username. "'");

while($rows=mysql_fetch_array($banned)){

	$banned1=$rows['BANNED'];

}


//Get id from username for retrieval of the password hash and salt

$result=mysql_query("SELECT * FROM ".$pf."members WHERE name='" . $username. "'")or die('fout'. mysql_error());

while($rows=mysql_fetch_array($result)){

	$id=$rows['id'];

	//We need this information to make sure the user is allowed to access this system

	$group=$rows['mgroup'];

	$user2 = $rows['name'];

	}


//*********************************************************************

//Modify this table to use your usergroup IDs

$allowedgroups = array (

"4"

);

//**********************************************************************

//Get password hash and salt using email

$nick=mysql_query("SELECT * FROM ".$pf."members WHERE name='".$username."'");

while($rows=mysql_fetch_array($nick)){

	$nickname=$rows['members_display_name'];

	$m_login_key = $rows['member_login_key'];

	}


//Get use the group ID to get the group title text

$verify=mysql_query("SELECT * FROM ".$pf."groups");

while($rows=mysql_fetch_array($verify)){

	$result=mysql_query("SELECT * FROM ".$pf."groups WHERE g_id='".$group."'");

	while($rows2=mysql_fetch_array($result)){

		$group=$rows2['g_title'];

		}

	}


$usergroup = false;

if(in_array($group, $allowedgroups)) {

	$usergroup = true;

	}


[b]//Get password hash and salt using email

$result=mysql_query("SELECT * FROM ".$pf."members_converge WHERE converge_id='" . $id . "'");

while($rows=mysql_fetch_array($result)){

	$checkpass=$rows['converge_pass_hash'];

	$salt=$rows['converge_pass_salt'];

	}

//echo $checkpass . "<br />" . md5($_POST['pass']);	

//$ip = explode('.', $_SERVER['REMOTE_ADDR']);

//$salt2 = md5($DBpassword .  $DBusername);

//$pass2 = md5( md5( $id . "-" . $ip[0] . '-' . $ip[1] . '-' . $m_login_key) . $salt2);

$password = md5( md5( $salt ) . md5( $password ) );


if($password != $checkpass/*$_COOKIE['ipb_stronghold']*/){

	echo "Wrong password" ; //Error

	exit;

	}

[/b]  

if(!$usergroup){

	echo "You do not have the permission required to access this area. " . $group;

	echo "<br><a href='GUIDTech.php'>Go Back</a>";

	exit;

}


session_start();

$_SESSION['code'] = md5(rand(1,1000));

$_SESSION['user'] = $user2;

$_SESSION['nickname'] = $nickname;

$res = mysql_query("SELECT * FROM GUIDTech WHERE user='". $_SESSION['user'] ."'")or die(mysql_error());

//$data = mysql_fetch_assoc($res);

if(mysql_num_rows($res) >= 1) {

	mysql_query("UPDATE GUIDTech SET code='" . $_SESSION['code'] ."', user='". $_SESSION['user'] . "', nickname='". $_SESSION['nickname']."' WHERE user='" . $_SESSION['user'] ."'")or die(mysql_error());

	}

else {

	mysql_query("INSERT INTO GUIDTech (user, nickname, code) VALUES ('". $_SESSION['user'] ."', '". $_SESSION['nickname']."', '" .$_SESSION['code'] ."')")or die(mysql_error());

	}

header("Location: settings.php");

ob_end_flush();

?>
Die Zeile wo Ich nicht weiter komme ist diese :
//Get password hash and salt using email

$result=mysql_query("SELECT * FROM ".$pf."members_converge WHERE converge_id='" . $id . "'");

while($rows=mysql_fetch_array($result)){

	$checkpass=$rows['converge_pass_hash'];

	$salt=$rows['converge_pass_salt'];

	}

//echo $checkpass . "<br />" . md5($_POST['pass']);	

//$ip = explode('.', $_SERVER['REMOTE_ADDR']);

//$salt2 = md5($DBpassword .  $DBusername);

//$pass2 = md5( md5( $id . "-" . $ip[0] . '-' . $ip[1] . '-' . $m_login_key) . $salt2);

$password = md5( md5( $salt ) . md5( $password ) );


if($password != $checkpass/*$_COOKIE['ipb_stronghold']*/){

	echo "Wrong password" ; //Error

	exit;

	}

In dieser Zeile wird das Passwort erfragt , nur weiß Ich nicht von welcher Tabelle in IPB 3.1

Edited by Nalte Noser

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×