Bravo List
Register
Go Back   > Bravo List > Source Code > Active Trackers > Torrent Trader
Reply
  #1  
Old 14th June 2018, 03:28
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default account-login
hey guys I am just fiddling with code with a helping hand from https://www.w3schools.com/php/php_form_validation.asp


here is what I got so far ( not tested yet )
Code:
 <?php
//
//  TorrentTrader v2.x
//      $LastChangedDate: 2012-09-19 19:13:35 +0100 (Wed, 19 Sep 2012) $
//      $LastChangedBy: torrenttrader $
//
//      http://www.torrenttrader.org
//
//
require_once("backend/functions.php");
dbconn();



 function spesh_input($data) {
 $data = trim($data);
 $data = stripslashes($data);
 $data = htmlspecialchars($data);
 return $data;
}

if($_SERVER["REQUEST_METHOD"] == "POST") {
 $username = spesh_input($_POST["username"]);
 $password = spesh_input($_POST["password"]);
}

$password = passhash($password);

if(!empty($username) && !epmty($password)) {
    
$res = mysqli_query("SELECT id,password,secret,status,enabled
                     FROM users
                     WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
$row = mysqli_fetch_assoc($res);

if(!$row || $row["password"] != $password){
  $message = T_("LOGIN_INCORRECT");    
} elseif($row["status"] == "pending"){
  $message = T_("ACCOUNT_PENDING");  
} elseif($row["enabled"]) == "no"){
    $message = T_("ACCOUNT_DISABLED");
} else {
 $message = T_("NO_EMPTY_FIELDS");     
}

if(!$message) {
logincookie($row["id"},$row["password"],$row["secret"]);    
 if(!empty($_POST["returnto"])){
   header("Refresh:0;url=".$_POST["returnto"]);
   die();   
 } else {
  header("Refresh:0;url=index.php");
  die();  
 }     
} else {
  show_error_msg(T_("ACCESS_DENIED"), $message, 1);
 }
}
logoutcookie();
Reply With Quote
  #2  
Old 14th June 2018, 03:37
joeroberts's Avatar
joeroberts joeroberts is offline
BT.Manager Owner
 
Join Date: Jan 2008
United States
Posts: 2,113
Default
ok kinda confused on this one.
So first off you did not include any of the needed files (config, data base)
second off you log them in then log them right back out?
also you want to make sure that the server is using
Code:
get_magic_quotes_gpc()
before running
Code:
stripslashes(
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Manager™ forum
My Current Demo is here http://demo.btmanager.org/
Reply With Quote
  #3  
Old 14th June 2018, 03:55
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default
I updated the original post after I relized I left out the db and functions.php
if you check it again you will see I secured the:
Code:
<form method='' action=''>
Code:
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
used mysqli also if you need the mysqli_connect();
Code:
<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'root');
define('DB_PASSWORD', 'MagicCues90');
define('DB_DATABASE', 'shop');
$db = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>
change password and database


Extra Note:
Code:
function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}


https://www.w3schools.com/php/showph...ion_escapechar

Last edited by BamBam0077; 14th June 2018 at 04:14.
Reply With Quote
  #4  
Old 14th June 2018, 04:15
joeroberts's Avatar
joeroberts joeroberts is offline
BT.Manager Owner
 
Join Date: Jan 2008
United States
Posts: 2,113
Default
MySqli needs the connection ID on all
Code:
mysqli_query
like so
Code:
$res = mysqli_query($db, "SELECT id,password,secret,status,enabled
                     FROM users
                     WHERE username=".mysqli_real_escape_string($username)."") or mysqli_error(__FILE__,__LINE__);
__________________
Do not ask me to help you work on your site that is not phpMyBitTorrent
Do not ask me to make a mod for any other source
Do not Ask me to setup your site.
I will no longer help you setup your site, there is a setup script if you have trouble with it post in the forum here or in BT.Manager™ forum
My Current Demo is here http://demo.btmanager.org/
Reply With Quote
The Following User Says Thank You to joeroberts For This Useful Post:
BamBam0077 (14th June 2018)
  #5  
Old 14th June 2018, 04:40
BamBam0077 BamBam0077 is offline
Banned
 
Join Date: Jul 2013
P2P
Posts: 410
Default
now that makes more sense now how the new db style approach explains alot of other issues
Reply With Quote
Reply

Tags
accountlogin

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT +2. The time now is 12:05. vBulletin skin by ForumMonkeys. Powered by vBulletin® Version 3.8.11 Beta 3
Copyright ©2000 - 2024, vBulletin Solutions Inc.