Login/After signup problem
Hello
i have some strange problems
1. part of people after registration trying to login and they get the error
"username or password incorrect" but thats correct i tryed too and i get this error and sometimes i check in db if they users are there and i didnt see them
2. again part of people have access to login and when they clicks on the navbar or some torrent page they thrown to the login page
i will be happy if someone take a look inside the files
login.php
PHP Code:
<?php
/*
+------------------------------------------------
| TBDev.net BitTorrent Tracker PHP
| =============================================
| by CoLdFuSiOn
| (c) 2003 - 2009 TBDev.Net
| http://www.tbdev.net
| =============================================
| svn: http://sourceforge.net/projects/tbdevnet/
| Licence Info: GPL
+------------------------------------------------
| $Date$
| $Revision$
| $Author$
| $URL$
+------------------------------------------------
*/
require_once "include/bittorrent.php" ;
ini_set('session.use_trans_sid', '0');
$lang = array_merge( load_language('global'), load_language('login') );
// Begin the session
session_start();
/*if (isset($_SESSION['captcha_time']))
(time() - $_SESSION['captcha_time'] < 10) ? exit("{$lang['login_spam']}") : NULL;*/
$HTMLOUT = '';
unset($returnto);
/*if (!empty($_GET["returnto"])) {
$returnto = $_GET["returnto"];
if (!isset($_GET["nowarn"]))
{
$HTMLOUT .= "<h1>{$lang['login_not_logged_in']}</h1>\n";
$HTMLOUT .= "{$lang['login_error']}";
}
}*/
/*$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
<form method='post' action='takelogin.php'>
<p>Note: You need cookies enabled to log in.</p>
<table border='0' cellpadding='5'>
<tr>
<td class='rowhead'>{$lang['login_username']}</td>
<td align='left'><input type='text' size='40' name='username' /></td>
</tr>
<tr>
<td class='rowhead'>{$lang['login_password']}</td>
<td align='left'><input type='password' size='40' name='password' /></td>
</tr>
<!--<tr><td class='rowhead'>{$lang['login_duration']}</td><td align='left'><input type='checkbox' name='logout' value='yes' checked='checked' />{$lang['login_15mins']}</td></tr>-->
<tr>
<td> </td>
<td>
<div id='captchaimage'>
<a href='login.php' onclick=\"refreshimg(); return false;\" title='{$lang['login_refresh']}'>
<img class='cimage' src='captcha/GD_Security_image.php?".TIME_NOW."' alt='{$lang['login_captcha']}' />
</a>
</div>
</td>
</tr>
<tr>
<td class='rowhead'>{$lang['login_pin']}</td>
<td>
<input type='text' maxlength='6' name='captcha' id='captcha' onblur='check(); return false;'/>
</td>
</tr>
<tr>
<td colspan='2' align='center'>
<input type='submit' value='{$lang['login_login']}' class='btn' />
</td>
</tr>
</table>";*/
if (isset($_GET["error"]) && !empty($_GET["error"]))
{
$error = strip_tags(htmlspecialchars($_GET["error"]));
if ($error == 1)
$error = "שם משתמש או סיסמא אינם תקינים";
elseif ($error == 2)
$error = "חשבונך באתר בוטל!";
}
$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>DownLand :: Log In</title>
<link rel='stylesheet' href='{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
<body style='background-image: url(images/topbg.jpg); overflow: hidden'>
<form method='post' action='takelogin.php'>
<div id='loginblock'>
<table>
<tr>
<td><input type='text' name='username' placeholder='שם משתמש' autocomplete='off' /></td>
</tr>
<tr>
<td><input type='password' name='password' placeholder='סיסמא' /></td>
</tr>
<tr>
<td style='padding-top: 5px'>
<div id='captchaimage'>
<a href='login.php' onclick=\"refreshimg(); return false;\" title='{$lang['login_refresh']}'>
<img src='captcha/GD_Security_image.php?".TIME_NOW."' alt='{$lang['login_captcha']}' />
</a>
</div>
</td>
</tr>
<tr>
<td><input style='text-transform: uppercase;' maxlength='6' type='text' name='captcha' id='captcha' onblur='check(); return false;' placeholder='קוד אבטחה' autocomplete='off' /></td>
</tr>
<tr>
<td><input type='submit' value='התחבר' /></td>
</tr>
</table>
</div>
</form>
</body>
</html>
";
/*if (isset($returnto))
$HTMLOUT .= "<input type='hidden' name='returnto' value='" . htmlentities($returnto) . "' />\n";*/
/*$HTMLOUT .= "</form>
{$lang['login_signup']}";*/
print $HTMLOUT . stdfoot("login");
//print stdhead("{$lang['login_login_btn']}") . $HTMLOUT . stdfoot();
?>
takelogin.php
PHP Code:
<?php
/*
+------------------------------------------------
| TBDev.net BitTorrent Tracker PHP
| =============================================
| by CoLdFuSiOn
| (c) 2003 - 2009 TBDev.Net
| http://www.tbdev.net
| =============================================
| svn: http://sourceforge.net/projects/tbdevnet/
| Licence Info: GPL
+------------------------------------------------
| $Date$
| $Revision$
| $Author$
| $URL$
+------------------------------------------------
*/
require_once 'include/bittorrent.php';
require_once "include/password_functions.php";
if (!mkglobal('username:password:captcha'))
die();
session_start();
if(empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha)){
header('Location: login.php');
exit();
}
dbconn();
$lang = array_merge( load_language('global'), load_language('takelogin') );
$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");
$row = mysql_fetch_assoc($res);
if (!$row)
stderr($lang['tlogin_failed'], 'שם משתמש או סיסמא אינם נכונים<br /><br /><a class=\'a\' href=\'login.php\'>חזור</a>', "login");
if ($row['passhash'] != make_passhash( $row['secret'], md5($password) ) )
//if ($row['passhash'] != md5($row['secret'] . $password))
stderr($lang['tlogin_failed'], 'שם משתמש או סיסמא אינם נכונים<br /><br /><a class=\'a\' href=\'login.php\'>חזור</a>', "login");
if ($row['enabled'] == 'no')
stderr($lang['tlogin_failed'], "חשבונך באתר מבוטל", "login");
//logincookie($row['id'], $row['passhash']);
$passh = md5($row["passhash"].$_SERVER["REMOTE_ADDR"]);
logincookie($row["id"], $passh);
//$returnto = str_replace('&', '&', htmlspecialchars($_POST['returnto']));
//$returnto = $_POST['returnto'];
//if (!empty($returnto))
//header("Location: ".$returnto);
//else
header("Location: {$TBDEV['baseurl']}/my.php");
?>
signup.php
PHP Code:
<?php
/*
+------------------------------------------------
| TBDev.net BitTorrent Tracker PHP
| =============================================
| by CoLdFuSiOn
| (c) 2003 - 2009 TBDev.Net
| http://www.tbdev.net
| =============================================
| svn: http://sourceforge.net/projects/tbdevnet/
| Licence Info: GPL
+------------------------------------------------
| $Date$
| $Revision$
| $Author$
| $URL$
+------------------------------------------------
*/
require_once "include/bittorrent.php";
require_once ROOT_PATH."/cache/timezones.php";
dbconn();
if( isset($CURUSER) )
exit();
ini_set('session.use_trans_sid', '0');
$lang = array_merge( load_language('global'), load_language('signup') );
if(!$TBDEV['openreg'])
stderr('Sorry', 'ההרשמה לאתר דורשת הזמנה!', "login");
// Begin the session
session_start();
/*if (isset($_SESSION['captcha_time']))
(time() - $_SESSION['captcha_time'] < 10) ? exit($lang['captcha_spam']) : NULL;*/
$HTMLOUT = '';
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr($lang['stderr_errorhead'], sprintf($lang['stderr_ulimit'], $TBDEV['maxusers']));
// TIMEZONE STUFF
$offset = (string)$TBDEV['time_offset'];
$time_select = "<select name='user_timezone'>";
foreach( $TZ as $off => $words )
{
if ( preg_match("/^time_(-?[\d\.]+)$/", $off, $match))
{
$time_select .= $match[1] == $offset ? "<option value='{$match[1]}' selected='selected'>$words</option>\n" : "<option value='{$match[1]}'>$words</option>\n";
}
}
$time_select .= "</select>";
// TIMEZONE END
$thistime = time();
$HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>DownLand :: Log In</title>
<link rel='stylesheet' href='{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
<body style='background-image: url(images/topbg.jpg); overflow: hidden'>
<form method='post' action='takesignup.php' style='padding: 10%'>
<div id='loginblock' style='margin-top: 0'>
<table>
<tr><td><input type='text' name='wantusername' placeholder='שם משתמש' autocomplete='off' /></td></tr>
<tr><td><input type='password' name='wantpassword' placeholder='סיסמא' autocomplete='off' /></td></tr>
<tr><td><input type='password' name='passagain' placeholder='סיסמא בשנית' autocomplete='off' /></td></tr>
<tr valign='top'><td><input type='text' name='email' placeholder='אימייל' autocomplete='off' /></td></tr>
<!--<tr><td align='left'>{$time_select}</td></tr>-->
<tr>
<td>
<div id='captchaimage'>
<a href='signup.php' onclick=\"refreshimg(); return false;\" title='{$lang['captcha_refresh']}'>
<img class='cimage' src='captcha/GD_Security_image.php?$thistime' alt='{$lang['captcha_image_alt']}' />
</a>
</div>
</td>
</tr>
<tr>
<td>
<input style='text-transform: uppercase;' type='text' maxlength='6' name='captcha' id='captcha' onblur='check(); return false;' autocomplete='off' />
</td>
</tr>
<tr><td style='padding:3px 0 5px 0'>
<input type='hidden' name='rulesverify' value='yes' />
<input type='checkbox' name='faqverify' value='yes' id='faqv' /> <label for='faqv' style='color: white; font-size: 13px'>אני מתחייב לקרוא את השו\"ת</label>
<input type='hidden' name='ageverify' value='yes' />
</td></tr>
<tr>
<td align='center'><input type='hidden' name='user_timezone' value='2' /><input type='submit' value='{$lang['signup_btn']}' /></td></tr>
</table>
</div>
</form>
</body>
</html>";
/* $HTMLOUT .= "<script type='text/javascript' src='captcha/captcha.js'></script>
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"
\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html dir='rtl' xmlns='http://www.w3.org/1999/xhtml'>
<head>
<meta name='generator' content='TBDev.net' />
<meta http-equiv='Content-Language' content='he-il' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>DownLand :: Log In</title>
<link rel='stylesheet' href='{$TBDEV['stylesheet']}' type='text/css' />
<script type='text/javascript' src='./scripts/jquery-1.10.2.js'></script>
<script type='text/javascript' src='./scripts/scripts.js'></script>
<script type='text/javascript' src='./scripts/java_klappe.js'></script>
<script type='text/javascript' src='/lightbox/js/jquery-1.10.2.min.js'></script>
<script type='text/javascript' src='/lightbox/js/lightbox-2.6.min.js'></script>
<link type='text/css' rel='stylesheet' href='/lightbox/css/lightbox.css' />
</head>
<body style='background-image: url(images/topbg.jpg); overflow: hidden'>
<form method='post' action='takelogin.php' style='padding: 10%'>
<div id='loginblock' style='margin-top: 0'>
<table>
<tr>
<td><input type='text' name='wantusername' placeholder='שם משתמש' autocomplete='off' /></td>
</tr>
<tr>
<td><input type='password' name='wantpassword' placeholder='סיסמא' /></td>
</tr>
<tr>
<td><input type='password' name='passagain' placeholder='הסיסמא בשנית' /></td>
</tr>
<tr>
<td><input type='text' name='email' placeholder='אימייל' /></td>
</tr>
<tr>
<td style='padding-top: 5px'>
<div id='captchaimage'>
<a href='login.php' onclick=\"refreshimg(); return false;\" title='{$lang['captcha_refresh']}'>
<img src='captcha/GD_Security_image.php?".TIME_NOW."' alt='{$lang['captcha_image_alt']}' />
</a>
</div>
</td>
</tr>
<tr>
<td><input style='text-transform: uppercase;' maxlength='6' type='text' name='captcha' id='captcha' onblur='check(); return false;' placeholder='קוד אבטחה' autocomplete='off' /></td>
</tr>
<tr>
<td><input type='hidden' name='user_timezone' value='2' />
<input type='submit' value='הרשם' /></td>
</tr>
</table>
</div>
</form>
</body>
</html>
";*/
print $HTMLOUT . stdfoot("login");
?>
takesignup.php
PHP Code:
<?php
/*
+------------------------------------------------
| TBDev.net BitTorrent Tracker PHP
| =============================================
| by CoLdFuSiOn
| (c) 2003 - 2009 TBDev.Net
| http://www.tbdev.net
| =============================================
| svn: http://sourceforge.net/projects/tbdevnet/
| Licence Info: GPL
+------------------------------------------------
| $Date$
| $Revision$
| $Author$
| $URL$
+------------------------------------------------
*/
require_once "include/bittorrent.php";
require_once "include/password_functions.php";
dbconn();
$lang = array_merge( load_language('global'), load_language('takesignup') );
$res = mysql_query("SELECT COUNT(*) FROM users") or sqlerr(__FILE__, __LINE__);
$arr = mysql_fetch_row($res);
if ($arr[0] >= $TBDEV['maxusers'])
stderr($lang['takesignup_error'], $lang['takesignup_limit']);
//if (!mkglobal("wantusername:wantpassword:passagain:email:captcha"))
// die();
foreach( array('wantusername','wantpassword','passagain','email','captcha') as $x )
{
if( !isset($_POST[ $x ]) )
{
stderr($lang['takesignup_user_error'], $lang['takesignup_form_data']);
}
${$x} = $_POST[ $x ];
}
session_start();
if(empty($captcha) || $_SESSION['captcha_id'] != strtoupper($captcha))
{
header('Location: signup.php');
exit();
}
function validusername($username)
{
global $lang;
if ($username == "")
return false;
$namelength = strlen($username);
if( ($namelength < 3) OR ($namelength > 32) )
{
stderr($lang['takesignup_user_error'], $lang['takesignup_username_length']);
}
// The following characters are allowed in user names
$allowedchars = $lang['takesignup_allowed_chars'];
for ($i = 0; $i < $namelength; ++$i)
{
if (strpos($allowedchars, $username[$i]) === false)
return false;
}
return true;
}
/*
function isportopen($port)
{
$sd = @fsockopen($_SERVER["REMOTE_ADDR"], $port, $errno, $errstr, 1);
if ($sd)
{
fclose($sd);
return true;
}
else
return false;
}
function isproxy()
{
$ports = array(80, 88, 1075, 1080, 1180, 1182, 2282, 3128, 3332, 5490, 6588, 7033, 7441, 8000, 8080, 8085, 8090, 8095, 8100, 8105, 8110, 8888, 22788);
for ($i = 0; $i < count($ports); ++$i)
if (isportopen($ports[$i])) return true;
return false;
}
*/
if (empty($wantusername) || empty($wantpassword) || empty($email))
stderr($lang['takesignup_user_error'], $lang['takesignup_blank']);
if ($wantpassword != $passagain)
stderr($lang['takesignup_user_error'], $lang['takesignup_nomatch']);
if (strlen($wantpassword) < 6)
stderr($lang['takesignup_user_error'], $lang['takesignup_pass_short']);
if (strlen($wantpassword) > 40)
stderr($lang['takesignup_user_error'], $lang['takesignup_pass_long']);
if ($wantpassword == $wantusername)
stderr($lang['takesignup_user_error'], $lang['takesignup_same']);
if (!validemail($email))
stderr($lang['takesignup_user_error'], $lang['takesignup_validemail']);
if (!validusername($wantusername))
stderr($lang['takesignup_user_error'], $lang['takesignup_invalidname']);
// make sure user agrees to everything...
if ($_POST["rulesverify"] != "yes" || $_POST["faqverify"] != "yes" || $_POST["ageverify"] != "yes")
stderr($lang['takesignup_failed'], $lang['takesignup_qualify']);
// check if email addy is already in use
$a = (@mysql_fetch_row(@mysql_query("select count(*) from users where email='$email'"))) or die(mysql_error());
if ($a[0] != 0)
stderr($lang['takesignup_user_error'], $lang['takesignup_email_used']);
// TIMEZONE STUFF
if(isset($_POST["user_timezone"]) && preg_match('#^\-?\d{1,2}(?:\.\d{1,2})?$#', $_POST['user_timezone']))
{
$time_offset = sqlesc($_POST['user_timezone']);
}
else
{ $time_offset = isset($TBDEV['time_offset']) ? sqlesc($TBDEV['time_offset']) : '0'; }
// have a stab at getting dst parameter?
$dst_in_use = localtime(time() + ($time_offset * 3600), true);
// TIMEZONE STUFF END
$secret = mksecret();
$wantpasshash = make_passhash( $secret, md5($wantpassword) );
$editsecret = ( !$arr[0] ? "" : make_passhash_login_key() );
$ret = mysql_query("INSERT INTO users (username, passhash, secret, editsecret, email, status, ". (!$arr[0]?"class, ":"") ."added, time_offset, dst_in_use) VALUES (" .
implode(",", array_map("sqlesc", array($wantusername, $wantpasshash, $secret, $editsecret, $email, (!$arr[0]?'confirmed':'pending')))).
", ". (!$arr[0]?UC_SYSOP.", ":""). "". time() ." , $time_offset, {$dst_in_use['tm_isdst']})");
if (!$ret)
{
if (mysql_errno() == 1062)
stderr($lang['takesignup_user_error'], $lang['takesignup_user_exists']);
stderr($lang['takesignup_user_error'], $lang['takesignup_fatal_error']);
}
$id = mysql_insert_id();
//write_log("User account $id ($wantusername) was created");
$psecret = $editsecret; //md5($editsecret);
$body = str_replace(array('<#SITENAME#>', '<#USEREMAIL#>', '<#IP_ADDRESS#>', '<#REG_LINK#>'),
array($TBDEV['site_name'], $email, $_SERVER['REMOTE_ADDR'], "{$TBDEV['baseurl']}/confirm.php?id=$id&secret=$psecret"),
$lang['takesignup_email_body']);
if($arr[0])
mail($email, "{$TBDEV['site_name']} {$lang['takesignup_confirm']}", $body, "{$lang['takesignup_from']} {$TBDEV['site_email']}");
else
logincookie($id, $wantpasshash);
header("Refresh: 0; url=ok.php?type=". (!$arr[0]?"sysop":("signup&email=" . urlencode($email))));
?>
|