Bravo List - where to find $CURUSER where it being created?...

Bravo List (http://www.bvlist.com/index.php)

- TBDev (http://www.bvlist.com/forumdisplay.php?f=20)

- - where to find $CURUSER where it being created?... (http://www.bvlist.com/showthread.php?t=8110)

where to find $CURUSER where it being created?...

ok
im using latest (TBdev 09 source).

and im aware ''as far as i have seemed'' that when i login, there should be created a variable... i think

but my questions is, where to change ect?... im trying to convert some of it into my own web-tracker project, and would like to know where to look for it, and a explain on where its going to be created

thanks

that, orr could it be a function inside user-functions?

thanks in advance dudes... :).

user_login function on bittorrent.php creates the $CURUSER array, your select query selects all fields from users table so at any point over the source code you can use $CURUSER[' whatever variable name from users here '] anywhere over your source code and pull your values. If they are not in the select query you cant use it in $CURUSER as it wont exist, if your selecting all then that explains itself.

okay, thanks... i got it now i think :)

just that im trying to build up the same way as TBdev was builded... a global design from the file bittorrent.php inside the include folder... but each time im trying to login, then i just can't login... and i know this because of that when im logging in, then its supposed to send me to the index.php part... and it does not do that

and i also on index.php have a loggedinorreturn function, same as tbdev 09 had

ideas?

tell me if you need the files to look into it if you wish
elseway shoot away on what part i should be looking at
thanks :)

If you use it like this if ($CURUSER ) {
test here
}

It will hide everything

or

if ($CURUSER['class'] >= UC_POWER_USER) {
$htmlout .=" shit here ";
}

This will make so you need to be a power user or above to see anything..

I hope it helps yeah But maybe Bigjoos can tell it better

okay, thanks... just one question,

what do i need to edit if i wish to put more users into the tracker?...

i mean, i know i have to define them inside config, but i also know that i need to define them other places... where would that be to be exact?... thanks :)...

EDIT:

this is the login.php page:

PHP Code:


		
			
<?php

require_once("include/bittorrent.php");

echo stdhead("Login");

?>











<form method="post" action="takelogin.php">

<table class="login_table" align="center" border="1">



<tr>

<td>Username</td>

<td><input type="text" name="username" id="username" size="35" /></td>

</tr>



<tr>

<td>Password</td>

<td><input type="password" name="password" id="password" size="35" /></td>

</tr>



<tr>

<td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td>

</tr>



</table>

</form>











<?php

echo stdfooter();

?>

and this is the takelogin.php page:

PHP Code:


		
			
<?php

require_once 'include/bittorrent.php';

require_once "include/password_functions.php";

echo stdhead("Login");



if (!mkglobal('username:password'))

die();

$lang = array_merge(load_language('takelogin'));





$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");

$row = mysql_fetch_assoc($res);



if (!$row)

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['passhash'] != make_passhash($row['secret'], md5($password)))

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['enabled'] == 'no')

stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);



logincookie($row['id'], $row['passhash']);



header("Location: {$SS['baseurl']}/index.php");



echo stdfooter();

?>

and inside bittorrent.php userlogin:

PHP Code:


		
			
function userlogin() {

global $SS;

unset($GLOBALS["CURUSER"]);



$ip = getip();

$nip = ip2long($ip);



require_once "cache/bans_cache.php";

if(count($bans) > 0)

{

    foreach($bans as $k) {

        if($nip >= $k['first'] && $nip <= $k['last']) {

        header("HTTP/1.0 403 Forbidden");

        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";

        exit();

        }

    }

    unset($bans);

}

if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))

    return;

$id = 0 + get_mycookie('uid');

if (!$id || strlen( get_mycookie('pass') ) != 32)

    return;

$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());

$row = mysql_fetch_assoc($res);

if (!$row)

    return;



if (get_mycookie('pass') !== $row["passhash"])

    return;

mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());

$row['ip'] = $ip;

$GLOBALS["CURUSER"] = $row;

}

ideas?...
PS: is userlogin the only thing i need to get the login page to work? 'O_o...

Quote:

Originally Posted by Joe (Post 35676)

If you use it like this if ($CURUSER ) {
test here
}

It will hide everything

or

if ($CUR USER['class'] >= UC_POWER_USER) {
$htmlout .=" shit here ";
}

This will make so you need to be a power user or above to see anything..

I hope it helps yeah But maybe Bigjoos can tell it better

You can also do this

PHP Code:


		
			
if ($CUR USER['class'] >= UC_POWER_USER) {
    $htmlout .="     shit here ";
    }
else{
?>
<h1>Everyone will see...</h1>
<?
}
?>

i know that part... just that i really need the login to work...

ideas?...

You said your working on a new sourcecode... if you don't understand the principles of TBDev then your going to have your work cut out.

I strongly advise not to copy TBDev if your going to be using CakePHP, well i strongly advise not to use CakePHP either.

Why?

TBDev is light compared to CakePHP so you should follow the same approach, how it works in most tracker software is a user logins in via the login page a cookie is set with something that can identify a sole user then a redirection...

The redirection forces the userlogin to be called again but this time you have a cookie so it will attempt to get the data associated with what was set.

EDIT:

here is my bittorrent.php login functions:

PHP Code:


		
			
/*LOGIN FUNCTIONS*/

function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff)

{

    set_mycookie( "uid", $id, $expires );

    set_mycookie( "pass", $passhash, $expires );



    if ($updatedb)

        @mysql_query("UPDATE users SET last_login = ".TIME_NOW." WHERE id = $id");

}



function set_mycookie( $name, $value="", $expires_in=0, $sticky=1 )

    {

        global $SS;



        if ( $sticky == 1 )

    {

        $expires = time() + 60*60*24*365;

    }

        else if ( $expires_in )

        {

            $expires = time() + ( $expires_in * 86400 );

        }

        else

        {

            $expires = FALSE;

        }



        $SS['cookie_domain'] = $SS['cookie_domain'] == "" ? ""  : $SS['cookie_domain'];

        $SS['cookie_path']   = $SS['cookie_path']   == "" ? "/" : $SS['cookie_path'];



        if ( PHP_VERSION < 5.2 )

        {

        if ( $SS['cookie_domain'] )

        {

        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'] . '; HttpOnly' );

        }

        else

        {

        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'] );

        }

    }

    else

    {

        @setcookie( $SS['cookie_prefix'].$name, $value, $expires, $SS['cookie_path'], $SS['cookie_domain'], NULL, TRUE );

    }

}



function logoutcookie() {

    set_mycookie('uid', '-1');

    set_mycookie('pass', '-1');

}



function loggedinorreturn() {

    global $CURUSER, $SS;

    if (!$CURUSER) 

    {

        header("Location: {$SS['baseurl']}/login.php?returnto=" . urlencode($_SERVER["REQUEST_URI"]));

        exit();

    }

}



function get_mycookie($name)

{

    global $SS;



        if (isset($_COOKIE[$SS['cookie_prefix'].$name]) AND !empty($_COOKIE[$SS['cookie_prefix'].$name]))

        {

            return urldecode($_COOKIE[$SS['cookie_prefix'].$name]);

        }

        else

        {

            return FALSE;

        }

}



function userlogin() {

global $SS;

unset($GLOBALS["CURUSER"]);



$ip = getip();

$nip = ip2long($ip);



require_once "cache/bans_cache.php";

if(count($bans) > 0)

{

    foreach($bans as $k) {

        if($nip >= $k['first'] && $nip <= $k['last']) {

        header("HTTP/1.0 403 Forbidden");

        print "<html><body><h1>403 Forbidden</h1>Unauthorized IP address. Please, piss off... you had your chance.</body></html>\n";

        exit();

        }

    }

    unset($bans);

}

if (!$SS['site_online'] || !get_mycookie('uid') || !get_mycookie('pass'))

    return;

$id = 0 + get_mycookie('uid');

if (!$id || strlen( get_mycookie('pass') ) != 32)

    return;

$res = mysql_query("SELECT * FROM users WHERE id = $id AND enabled='yes' AND status = 'confirmed'");// or die(mysql_error());

$row = mysql_fetch_assoc($res);

if (!$row)

    return;



if (get_mycookie('pass') !== $row["passhash"])

    return;

mysql_query("UPDATE users SET last_access='" . TIME_NOW . "', ip=".sqlesc($ip)." WHERE id=" . $row["id"]);// or die(mysql_error());

$row['ip'] = $ip;

$GLOBALS["CURUSER"] = $row;

}



function mkglobal($vars) {

if (!is_array($vars))

    $vars = explode(":", $vars);

foreach ($vars as $v) {

    if (isset($_GET[$v]))

        $GLOBALS[$v] = unesc($_GET[$v]);

    elseif (isset($_POST[$v]))

        $GLOBALS[$v] = unesc($_POST[$v]);

    else

        return 0;

}

return 1;

}



function sqlesc($x) {

    return "'".mysql_real_escape_string($x)."'";

}

/*LOGIN FUNCTIONS*/

and here is my login.php file:

PHP Code:


		
			
<?php

require_once("include/bittorrent.php");

echo stdhead("Login");

?>











<form method="post" action="takelogin.php">

<table class="login_table" align="center" border="1">



<tr>

<td>Username</td>

<td><input type="text" name="username" id="username" size="35" /></td>

</tr>



<tr>

<td>Password</td>

<td><input type="password" name="password" id="password" size="35" /></td>

</tr>



<tr>

<td align="center" colspan="2"><input type="submit" name="login_submit" value="Login Now!" /></td>

</tr>



</table>

</form>











<?php

echo stdfooter();

?>

and this is my takelogin.php file:

PHP Code:


		
			
<?php

require_once 'include/bittorrent.php';

require_once "include/password_functions.php";

echo stdhead("Login");



if (!mkglobal('username:password'))

die();



$lang = array_merge(load_language('takelogin'));



$res = mysql_query("SELECT id, passhash, secret, enabled FROM users WHERE username = " . sqlesc($username) . " AND status = 'confirmed'");

$row = mysql_fetch_assoc($res);



if (!$row)

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['passhash'] != make_passhash($row['secret'], md5($password)))

stderr($lang['tlogin_failed'], 'Username or password incorrect');



if ($row['enabled'] == 'no')

stderr($lang['tlogin_failed'], $lang['tlogin_disabled']);



logincookie($row['id'], $row['passhash']);



header("Location: {$SS['baseurl']}/index.php");



echo stdfooter();

?>

and at last, then this is my password_functions.php file:

PHP Code:


		
			
<?php

function mksecret($len=5)

    {

        $salt = '';

        

        for ( $i = 0; $i < $len; $i++ )

        {

            $num   = rand(33, 126);

            

            if ( $num == '92' )

            {

                $num = 93;

            }

            

            $salt .= chr( $num );

        }

        

        return $salt;

    }

    





function make_passhash_login_key($len=60)

    {

        $pass = mksecret( $len );

        

        return md5($pass);

    }

    





function make_passhash($salt, $md5_once_password)

    {

        return md5( md5( $salt ) . $md5_once_password );

    }

    





function make_password()

    {

        $pass = "";

        

        $unique_id     = uniqid( mt_rand(), TRUE );

        $prefix        = mksecret();

        $unique_id .= md5( $prefix );

        

        usleep( mt_rand(15000,1000000) );

        

        mt_srand( (double)microtime()*1000000 );

        $new_uniqueid = uniqid( mt_rand(), TRUE );

        

        $final_rand = md5( $unique_id.$new_uniqueid );

        

        mt_srand();

        

        for ($i = 0; $i < 15; $i++)

        {

            $pass .= $final_rand{ mt_rand(0, 31) };

        }

    

        return $pass;

  }

    







?>

can you help me understand this a little bit... i mean, i do understand what you are doing and meaning with what you said to me... but i still can't think this one out on how to fix :/...

thanks in advance...

Bump: seriously... no one?...
i have can you at least tell me if i need somfthing...

just that i think i have it all, and still wont work -.-'...

Bump: hello again, a test can be viewed here: http://www.speed-scene.com/personal_sites/ssv1/speedscene/login.php

:)...