Follow us on Twitter!
It is never to LATE to become what you never WERE.
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 22
Members Online: 1

Registered Members: 82856
Newest Member: djtonyg
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

removing e-mail feature from available code.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 16-03-10 19:01
I had to re-do my project, since for some reason they didn't like my work, even after extensive consultation with my supervisor about it.

So one of the things I had to re-do was the admin and login code, and since they felt it was too simple, I had to find a better solution for it, and at first, I thought this seems fine: http://www.ineedtutorials.com/code/php/complete-advanced-login-member-system-php-tutorial

Now keep in mind that I can't host my project on a server, in fact I can only host it on my own laptop, which is quite a downer as it could've made my work easier.

I then removed these following features:

a) e-mail activation
B) lost password feature (since it requires the site to send an e-mail to the user)

After removing them, I tried to register, but it simply didn't want to add me into the database. Even if a user is added via SQL, I also can't log into the site.

Here's the code that I've made changes to:


Code

//functions.inc.php
<?php

require_once("validation.functions.inc.php");
require_once("user.functions.inc.php");
require_once("display.functions.inc.php");
require_once("login.functions.inc.php");

function generate_code($length = 10)
{
 
    if ($length <= 0)
    {
        return false;
    }
 
    $code = "";
    $chars = "abcdefghijklmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
    srand((double)microtime() * 1000000);
    for ($i = 0; $i < $length; $i++)
    {
        $code = $code . substr($chars, rand() % strlen($chars), 1);
    }
    return $code;
 
}
 
?>





Code

//display.functions.inc.php
<?php
 
#### Display Functions ####

function show_userbox()
{
    // retrieve the session information
    $u = $_SESSION['username'];
    $uid = $_SESSION['loginid'];
    // display the user box
    echo "<div id='userbox'>
         Welcome $u
            <a href='./logout.php'>Logout</a>
         </ul>
       </div>";
}

function show_loginform($disabled = false)
{
 
    echo '<form name="login-form" id="login-form" method="post" action="./index.php">
  <fieldset>
  <legend>Please login</legend>
  <dl>
    <dt><label title="Username">Username: </label></dt>
    <dd><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></dd>
  </dl>
  <dl>
    <dt><label title="Password">Password: </label></dt>
    <dd><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></dd>
  </dl>
  <ul>
    <li><a href="./register.php" title="Register">Register</a></li>
    <li><a href="./lostpassword.php" title="Lost Password">Lost password?</a></li>
  </ul>
  <p><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></fieldset></form>';
 
 
}
 
function show_registration_form(){
 
   echo '<form action="./register.php" method="post">
   <fieldset><legend>Register</legend>
  <dl>
    <dt><label for="username">Username:</label></dt>
    <dd><input name="username" type="text" id="username" maxlength="30">
    </dd>
  </dl>
  <dl>
    <dt><label for="password">Password:</label></dt>
    <dd><input name="password" type="password" id="password" maxlength="15">
    </dd>
  </dl>
  <dl>
    <dt><label for="password2">Re-type password:</label></dt>
    <dd><input name="password2" type="password" id="password2" maxlength="15">
    </dd>
  </dl>
  <dl>
    <dt><label for="email">email:</label></dt>
    <dd><input name="email" type="text" id="email" maxlength="255">
    </dd>
  </dl>
  <p>
    <input name="reset" type="reset" value="Reset">
    <input name="register" type="submit" value="Register">
  </p>
  </fieldset>
</form>';
 
}
?>





Code

login.functions.inc.php
<?php
 
#### Login Functions #####

 
function isLoggedIn()
{
 
    if (session_is_registered('loginid') && session_is_registered('username'))
    {
        return true; // the user is loged in
    } else
    {
        return false; // not logged in
    }
 
    return false;
 
}
 
function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file
 
    if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return false; // the name was not valid, or the password, or the username did not exist
    }
 
    //Now let us look for the user in the database.
    $query = sprintf("
      SELECT loginid
      FROM login
      WHERE
      username = '%s' AND password = '%s'
      LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
    $result = mysql_query($query);
    // If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    if (mysql_num_rows($result) != 1)
    {
        return false;
    } else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['loginid'] = $row['loginid'];
        // Save the username for use later
        $_SESSION['username'] = $u;
        // Now we show the userbox
        return true;
    }
    return false;
}
 
?>





Code

user.functions.inc.php
<?php
 
##### User Functions #####

function user_exists($username)
{
    if (!valid_username($username))
    {
        return false;
    }
 
    $query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
        mysql_real_escape_string($username));
 
    $result = mysql_query($query);
 
    if (mysql_num_rows($result) > 0)
    {
        return true;
    } else
    {
        return false;
    }
 
    return false;
 
}

function registerNewUser($username, $password, $password2, $email)
{
 
    global $seed;
 
    if (!valid_username($username) || !valid_password($password) ||
           !valid_email($email) || $password != $password2 || user_exists($username))
    {
        return false;
    }
 
 
    $code = generate_code(20);
    $sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s','%s')",
        mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
      , mysql_real_escape_string($email));
 
 
    if (mysql_query($sql))
    {
        $id = mysql_insert_id();
 
        if (sendActivationEmail($username, $password, $id, $email, $code))
        {
 
            return true;
        } else
        {
            return false;
        }
 
    } else
    {
        return false;
    }
    return false;
 
}
 
?>






Code


validation.functions.inc.php
<?php
 
#### Validation functions ####

function valid_email($email)
{
 
    // First, we check that there's one @ symbol, and that the lengths are right
    if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
    {
        // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
        return false;
    }
    // Split it into sections to make life easier
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    for ($i = 0; $i < sizeof($local_array); $i++)
    {
        if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$",
            $local_array[$i]))
        {
            return false;
        }
    }
    if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
    { // Check if domain is IP. If not, it should be valid domain name
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2)
        {
            return false; // Not enough parts to domain
        }
        for ($i = 0; $i < sizeof($domain_array); $i++)
        {
            if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
            {
                return false;
            }
        }
    }
    return true;
}
 
function valid_username($username, $minlength = 3, $maxlength = 30)
{
 
    $username = trim($username);
 
    if (empty($username))
    {
        return false; // it was empty
    }
    if (strlen($username) > $maxlength)
    {
        return false; // to long
    }
    if (strlen($username) < $minlength)
    {
 
        return false; //toshort
    }
 
    $result = ereg("^[A-Za-z0-9_\-]+$", $username); //only A-Z, a-z and 0-9 are allowed
 
    if ($result)
    {
        return true; // ok no invalid chars
    } else
    {
        return false; //invalid chars found
    }
 
    return false;
 
}
 
function valid_password($pass, $minlength = 6, $maxlength = 15)
{
    $pass = trim($pass);
 
    if (empty($pass))
    {
        return false;
    }
 
    if (strlen($pass) < $minlength)
    {
        return false;
    }
 
    if (strlen($pass) > $maxlength)
    {
        return false;
    }
 
    $result = ereg("^[A-Za-z0-9_\-]+$", $pass);
 
    if ($result)
    {
        return true;
    } else
    {
        return false;
    }
 
    return false;
 
}
 
?>





and the registration code:
Code

<?php
 
require_once "header.php";
 
if (isset($_POST['register'])){
 
   if (registerNewUser($_POST['username'], $_POST['password'], $_POST['password2'], $_POST['email'])){
 
      echo "Thank you for registering.
      <a href='./index.php'>Click here to login.</a>
      ";
 
   }else {
 
      echo "Registration failed! Please try again.";
      show_registration_form();
 
   }
 
} else {
// has not pressed the register button
   show_registration_form();   
}
 
 require_once "footer.php";
?>





note that I didn't include the activation code, disabled and enabled features in the sql table in my database, and I also didn't include mail.functions.inc.php file, lostpassword.php file, changepassword.php file and also the activate.php files (since I deemed them unnecessary), and I'm pretty sure it's something I missed somewhere, but I'm not too sure myself, or is it impossible to remove the e-mailing feature?


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: removing e-mail feature from available code.

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 16-03-10 19:12
require_once will stop your script when it can't find the thing you're including.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: removing e-mail feature from available code.

flame_1221
Member



Posts: 179
Location: malaysia
Joined: 13.05.07
Rank:
God
Posted on 17-03-10 06:31
fuser wrote:
After removing them, I tried to register, but it simply didn't want to add me into the database. Even if a user is added via SQL, I also can't log into the site.


It didn't add to database because you got a small error in user.functions.inc.php:
Code
$sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email));




You only need three type specifier %s
Also, in registerNewUser() function, you didn't need the sendActivationEmail() function since you did not want to use it. This should work for your user.functions.inc.php
Code
<?php

##### User Functions #####

function user_exists($username)
{
if (!valid_username($username))
{
return false;
}

$query = sprintf("SELECT loginid FROM login WHERE username = '%s' LIMIT 1",
mysql_real_escape_string($username));

$result = mysql_query($query);

if (mysql_num_rows($result) > 0)
{
return true;
} else
{
return false;
}

}

function registerNewUser($username, $password, $password2, $email)
{

global $seed;

if (!valid_username($username) || !valid_password($password) ||
!valid_email($email) || $password != $password2 || user_exists($username))
{
return false;
}

$sql = sprintf("insert into login (username,password,email) value ('%s','%s','%s')",
mysql_real_escape_string($username), mysql_real_escape_string(sha1($password . $seed))
, mysql_real_escape_string($email));


if (mysql_query($sql))
{
return true;
}
}
?>




--Edit--
You also did not need the generate_code() function in functions.inc.php


i19.photobucket.com/albums/b153/Golden_Lemur/flame1221sig.png
Thanks for the sig Lemur


Edited by flame_1221 on 17-03-10 06:34
127.0.0.1
Author

RE: removing e-mail feature from available code.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 17-03-10 09:13
thanks for the solution, but after implementing it, the registration is successful, but now my problem is that I can't login.

after a user has successfully registered, he still cannot log into the website, and will be redirected to the homepage. the same goes for the users that were added via sql.

edit: I'm thinking that it will either be the login or validation code, not really too sure.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht

Edited by fuser on 17-03-10 10:55
catinthecpu@hotmail.com
Author

RE: removing e-mail feature from available code.

fuser
Member



Posts: 960
Location: in front of a computer (duh)
Joined: 05.04.07
Rank:
Mad User
Posted on 17-03-10 19:08
actually, it turns out that in display.functions:

echo '<form name="login-form" id="login-form" method="post" action="./index.php">

it should've been login.php..stupid. I've spent hours poring over the damned things and I only now I noticed it, and that was after system pointed it out.


img.userbarz.com/51/10006.png
img.userbarz.com/146/29144.gif
img.userbarz.com/99/19602.jpg
img.userbarz.com/4/600.png
img.userbarz.com/45/8814.gif
img360.imageshack.us/img360/9231/bfbarlr0.jpg
[url=http://userbarz.com/][img]ht
catinthecpu@hotmail.com
Author

RE: removing e-mail feature from available code.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-10 00:16
fuser wrote:
I had to re-do my project, since for some reason they didn't like my work, even after extensive consultation with my supervisor about it.

So one of the things I had to re-do was the admin and login code, and since they felt it was too simple, I had to find a better solution for it, and at first, I thought this seems fine: http://www.ineedtutorials.com/code/php/complete-advanced-login-member-system-php-tutorial

Maybe because it wasn't your work. It was someone's else work that you borrowed online and modified with a great deal of assistance, albeit unsuccessfully in the end.

Are you seriously going down the same route again?

MoshBat wrote:
Learn PHP. This is the second thread, and I'm damn sure it will contain huge "snippets" of code featuring rather simple mistakes.

Agreed. You need to quit posting shit about your project until you actually make some effort to learn PHP.

Write your own damn login system and email system, and whatever else you need. Ask questions along the way if you're having trouble understanding something... after you've tried to find the answer on your own.

Then, ask how we'd improve it. Ask if there's a better way to do something. Ask what features we'd add. Anything that relates to code YOU wrote.

DON'T keep asking about large snippets of code that you don't understand, unless you need specific help understanding how something specific in it works.

Requesting a lock.


Author

RE: removing e-mail feature from available code.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-03-10 02:06
Mosh.

No, I did not wonder. I saw your post. Unless you previously posted all of what I posted, shut up. Thanks.