Bravo List
Register
Go Back   > Bravo List > Source Code > Trackers > Torrent Trader
Reply
  #1  
Old 14-06-18, 03:28
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 279
Default account-login
hey guys I am just fiddling with code with a helping hand from https://www.w3schools.com/php/php_form_validation.asp


here is what I got so far ( not tested yet )
Code:
 <?php
//
//  TorrentTrader v2.x
//      $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $
//      $LastChangedBy: torrenttrader $
//
//      http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();



 function spesh_input($data) {
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}

if($_SERVER["REQUEST_METHOD"] == "POST") {
 $username = spesh_input($_POST["username"]);
 $password = spesh_input($_POST["password"]);
}

$password = passhash($password);

if(!empty($username) && !epmty($password)) {
    
$res = mysqli_query("SELECT id,password,secret,status,enabled
                     FROM users
                     WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
$row = mysqli_fetch_assoc($res);

if(!$row || $row["password"] != $password){
  $message = T_("LOGIN_INCORRECT");    
} elseif($row["status"] == "pending"){
  $message = T_("ACCOUNT_PENDING");  
} elseif($row["enabled"]) == "no"){
    $message = T_("ACCOUNT_DISABLED");
} else {
 $message = T_("NO_EMPTY_FIELDS");     
}

if(!$message) {
logincookie($row["id"},$row["password"],$row["secret"]);    
 if(!empty($_POST["returnto"])){
   header("Refresh:0;url=".$_POST["returnto"]);
   die();   
 } else {
  header("Refresh:0;url=index.php");
  die();  
 }     
} else {
  show_error_msg(T_("ACCESS_DENIED"), $message, 1);
 }
}
logoutcookie();
Reply With Quote
  #2  
Old 14-06-18, 03:37
joeroberts's Avatar
joeroberts joeroberts is offline
BT.Manager Owner
 
Join Date: Jan 2008
United States
Posts: 2,058
Default
ok kinda confused on this one.
So first off you did not include any of the needed files (config, data base)
second off you log them in then log them right back out?
also you want to make sure that the server is using
Code:
get_magic_quotes_gpc()
before running
Code:
stripslashes(
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Managerô forum
My Current Demo is here http://demo.btmanager.org/
Reply With Quote
  #3  
Old 14-06-18, 03:55
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 279
Default
I updated the original post after I relized I left out the db and functions.php
if you check it again you will see I secured the:
Code:
<form method='' action=''>
Code:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
used mysqli also if you need the mysqli_connect();
Code:
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', 'MagicCues90');
define('DB_DATABASE', 'shop');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
change password and database


Extra Note:
Code:
function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}


https://www.w3schools.com/php/showph...ion_escapechar

Last edited by BamBam0077; 14-06-18 at 04:14.
Reply With Quote
  #4  
Old 14-06-18, 04:15
joeroberts's Avatar
joeroberts joeroberts is offline
BT.Manager Owner
 
Join Date: Jan 2008
United States
Posts: 2,058
Default
MySqli needs the connection ID on all
Code:
mysqli_query
like so
Code:
$res = mysqli_query($db, "SELECT id,password,secret,status,enabled
                     FROM users
                     WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Managerô forum
My Current Demo is here http://demo.btmanager.org/
Reply With Quote
The Following User Says Thank You to joeroberts For This Useful Post:
BamBam0077 (14-06-18)
  #5  
Old 14-06-18, 04:40
BamBam0077's Avatar
BamBam0077 BamBam0077 is offline
Support
 
Join Date: Jul 2013
P2P
Posts: 279
Default
now that makes more sense now how the new db style approach explains alot of other issues
Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 08:11. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2018, vBulletin Solutions Inc.