Jump to content
MakeWebGames

Need Help!

Dragon Blade

By Dragon Blade
in Modification Support

 Share

Recommended Posts

Dragon Blade Newbie

Dragon Blade

Posted
Posted

Hello all, I need your help! I want my authenticate.php , to update the users lastip_login and last_login, but the problem is that it does not update it? Any reasons why to?

 

<?php



session_start();
if(get_magic_quotes_gpc() == 0)
{
foreach($_POST as $k => $v)
{
 $_POST[$k]=addslashes($v);
}
foreach($_GET as $k => $v)
{
 $_GET[$k]=addslashes($v);
}
}






if ($_POST['username'] == "" || $_POST['password'] == "")
{
   die(
           "<h3>LostNation Error</h3>
You did not fill in the login form!<br />
<a href=login.php>> Back</a>");
}
include "mysql.php";
require "global_func.php";
$username =
       (array_key_exists('username', $_POST) && is_string($_POST['username']))
               ? $_POST['username'] : '';
$password =
       (array_key_exists('password', $_POST) && is_string($_POST['password']))
               ? $_POST['password'] : '';
if (empty($username) || empty($password))
{
   die(
           "<h3>LostNation Error</h3>
You did not fill in the login form!<br />
<a href='login.php'>> Back</a>");
}
$form_username = mysql_real_escape_string(stripslashes($username), $c);
$raw_password = stripslashes($password);
$uq =
       mysql_query(
               "SELECT `userid`, `userpass`, `pass_salt`,`lastip_login`,`last_login`
                FROM `users`
                WHERE `login_name` = '$form_username'", $c);
if (mysql_num_rows($uq) == 0)
{
   die(
           "<h3>LostNation Error</h3>
Invalid username or password!<br />
<a href='login.php'>> Back</a>");
}
else
{
   $mem = mysql_fetch_assoc($uq);
   $login_failed = false;
   // Pass Salt generation: autofix
   if (empty($mem['pass_salt']))
   {
       if (md5($raw_password) != $mem['userpass'])
       {
           $login_failed = true;
       }
       $salt = generate_pass_salt();
       $enc_psw = encode_password($mem['userpass'], $salt, true);
       $e_salt = mysql_real_escape_string($salt, $c); // in case of changed salt function
       $e_encpsw = mysql_real_escape_string($enc_psw, $c); // ditto for password encoder

    $IP = $_SERVER['REMOTE_ADDR'];
// Privacy for owners IP / Also located in header.php
$IP = $_SERVER['REMOTE_ADDR'];
if($_SESSION['userid'] == 1 OR $_SESSION['userid'] == 2)
{
$IP ='127.0.0.1';
}



 mysql_query("UPDATE users SET pass_salt = '$e_salt', userpass = '$e_encpsw', lastip_login = '$IP', last_login = unix_timestamp() WHERE userid={$mem['userid']}");







   }
   else
   {
       $login_failed =
               !(verify_user_password($raw_password, $mem['pass_salt'],
                       $mem['userpass']));
   }
   if ($login_failed)
   {
       die(
               "<h3>LostNation Error</h3>
	Invalid username or password!<br />
	<a href='login.php'>> Back</a>");
   }
   if ($mem['userid'] == 1 && file_exists('./installer.php'))
   {
       die(
               "<h3>LostNation Error</h3>
               The installer still exists! You need to delete installer.php immediately.<br />
               <a href='login.php'>> Back</a>");
   }
   session_regenerate_id();
   $_SESSION['loggedin'] = 1;
   $_SESSION['userid'] = $mem['userid'];
   $loggedin_url = 'http://' . determine_game_urlbase() . '/loggedin.php';
   header("Location: {$loggedin_url}");
   exit;
}
bluegman991 Newbie

bluegman991

Posted
Posted

Beautified by jsbeautifier.org This is a js beatifier so there may be syntax errors. (Only one i've really noticed is when referencing php class methods & properties)

session_start();if (get_magic_quotes_gpc() == 0)
{
foreach($_POST as $k = > $v)
{
	$_POST[$k] = addslashes($v);
}
foreach($_GET as $k = > $v)
{
	$_GET[$k] = addslashes($v);
}
}
if ($_POST['username'] == "" || $_POST['password'] == "")
{
die("<h3>LostNation Error</h3>
You did not fill in the login form!
<a href=login.php>> Back</a>");
}
include "mysql.php";
require "global_func.php";
$username = (array_key_exists('username', $_POST) && is_string($_POST['username'])) ? $_POST['username'] : '';
$password = (array_key_exists('password', $_POST) && is_string($_POST['password'])) ? $_POST['password'] : '';
if (empty($username) || empty($password))
{
die("<h3>LostNation Error</h3>
   You did not fill in the login form!
   <a href='login.php'>> Back</a>");
}
$form_username = mysql_real_escape_string(stripslashes($username), $c);
$raw_password = stripslashes($password);
$uq = mysql_query("SELECT `userid`, `userpass`, `pass_salt`,`lastip_login`,`last_login`
                FROM `users`
                WHERE `login_name` = '$form_username'", $c);
if (mysql_num_rows($uq) == 0)
{
die("<h3>LostNation Error</h3>
   Invalid username or password!
   <a href='login.php'>> Back</a>");
}
else
{
$mem = mysql_fetch_assoc($uq);
$login_failed = false;
// Pass Salt generation: autofix
if (empty($mem['pass_salt']))
{
	if (md5($raw_password) != $mem['userpass'])
	{
		$login_failed = true;
	}
	$salt = generate_pass_salt();
	$enc_psw = encode_password($mem['userpass'], $salt, true);
	$e_salt = mysql_real_escape_string($salt, $c); // in case of changed salt function
	$e_encpsw = mysql_real_escape_string($enc_psw, $c); // ditto for password encoder
	$IP = $_SERVER['REMOTE_ADDR'];
	// Privacy for owners IP / Also located in header.php
	$IP = $_SERVER['REMOTE_ADDR'];
	if ($_SESSION['userid'] == 1 OR $_SESSION['userid'] == 2)
	{
		$IP = '127.0.0.1';
	}
	mysql_query("UPDATE users SET pass_salt = '$e_salt', userpass = '$e_encpsw', lastip_login = '$IP', last_login = unix_timestamp() WHERE userid={$mem['userid']}");
}
else
{
	$login_failed = !(verify_user_password($raw_password, $mem['pass_salt'], $mem['userpass']));
}
if ($login_failed)
{
	die("<h3>LostNation Error</h3>
       Invalid username or password!
       <a href='login.php'>> Back</a>");
}
if ($mem['userid'] == 1 && file_exists('./installer.php'))
{
	die("<h3>LostNation Error</h3>
               The installer still exists! You need to delete installer.php immediately.
               <a href='login.php'>> Back</a>");
}
session_regenerate_id();
$_SESSION['loggedin'] = 1;
$_SESSION['userid'] = $mem['userid'];
$loggedin_url = 'http://'.determine_game_urlbase().'/loggedin.php';
header("Location: {$loggedin_url}");
exit;
}

 

Now that this is readable...

bluegman991 Newbie

bluegman991

Posted
Posted (edited)

Have you tried debuggin it yet? If not try adding an echo under the line where the query is executed to see if that code block is actually being accessed. I have a feeling that either this is a problem in you logic, or the password and salt change process is different from the verification process.

Edited by bluegman991

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...