This means we are now dealing with more than one possible source of error. In your sample insert, you did NOT copy the email address to the username, so the fields are different. This problem, as originally described, was primarily one of "getting the insert correct to match the login program", but now, it is also, "figure out what the login program is expecting", since it isn't the regular login program.Q : Are you sure the user name is being saved the same way in your script as phpBB uses?
A : Yes it is. The name I insert via SQL request is exactly the same as the one I see when I look in the database afterward. But I do precise that I made modifications in the login.php in order to log with the email address instead of the username. When I try to register, I copy the email address directly in the database and then put it in the username field of the login page. It works for members register by phpbb registration page but not for the one I created myself.
Code: Select all
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("index.$phpEx", true));
}
else
{
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}
// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
}
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
else
Code: Select all
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
$sql = "SELECT user_id, user_email, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM " . USERS_TABLE . "
WHERE user_email = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if( $row = $db->sql_fetchrow($result) )
{
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("index.$phpEx", true));
}
else
{
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}
// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
}
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);
if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r") || strstr(urldecode($redirect), ';url'))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}
$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);
$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
message_die(GENERAL_MESSAGE, $message);
}
}
else
Code: Select all
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
Code: Select all
$debug = "'$username' / '$password' \n'$sql'";
error_log("$debug\n",3,"debugging.log");
Code: Select all
if( $row = $db->sql_fetchrow($result) )
{
Code: Select all
$debug = print_r($row,TRUE);
error_log("$debug\n",3,"debugging.log");
Code: Select all
'[email protected]' / 'xxxxxx'
'SELECT user_id, user_email, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM phpbb_users
WHERE user_email = '[email protected]''
Array
(
[user_id] => 4
[user_email] => [email protected]
[user_password] => aade86c627bef71f7c0ea9991e5aa268
[user_active] => 1
[user_level] => 0
[user_login_tries] => 0
[user_last_login_try] => 0
)
'loiretemploi@loiretemploi' / 'xxxxxx'
'SELECT user_id, user_email, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM phpbb_users
WHERE user_email = 'loiretemploi@loiretemploi''