problemen met Mod: Pasword protection

Hulp nodig bij een modificaties of op zoek naar een MOD? Bekijk ons archief. Support wordt helaas niet meer verleend.
Forumregels

Sinds 1 januari 2009 wordt phpBB2 niet meer ondersteund.
Onderstaande informatie is verouderd en dient uitsluitend als archief.phpBB2.0.x
Gesloten
marijke2
Berichten: 10
Lid geworden op: 07 okt 2006, 08:57

problemen met Mod: Pasword protection

Bericht door marijke2 » 29 okt 2006, 10:42

kan niet meer inloggenb]
Na het installeren van de mod: Pasword Protection
Adres van je forum: http:// test.degezelligevisser.nl
Directe link naar de modification: http://www.phpbbhacks.com/download/4621
phpBB versie: laaste versie 2.0.32
Heb je onlangs een andere mod of stijl geïnstalleerd? overall permission
Heb je gezocht naar een antwoord? ja echter geen oplossing gevonden.

Mod goed uitgevoerd, krijg nu echter bij het inloggen de volgende melding:

Error in obtaining userdata

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM phpbb_users WHERE username = 'theo'' at line 2

SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email, FROM phpbb_users WHERE username = 'theo'

Line : 66
File : login.php

Wat is hier fout aan??

Marijke
Omhoog
Gebruikersavatar
Paul
Beheerder
Beheerder
Berichten: 20316
Lid geworden op: 23 okt 2003, 11:38
Locatie: Utrecht
Contacteer:
Contacteer Paul

Bericht door Paul » 29 okt 2006, 10:44

Er staat een , teveel voor FROM :)
Omhoog
marijke2
Berichten: 10
Lid geworden op: 07 okt 2006, 08:57

Bericht door marijke2 » 29 okt 2006, 11:10

Ben zelf niet zo thuis in php, met jouw antwoord "Er staat een , teveel voor FROM" begrijp ik niet helemaal. Voor de duidelijkheid zal ik hierbij de gehele php van login.php opgeven. Kan jij mij duidelijk maken waar de fout zit ..

<?php
/***************************************************************************
* login.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: login.php,v 1.47.2.24 2006/04/22 20:28:42 grahamje Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

// password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email,
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}

if( $row = $db->sql_fetchrow($result) )
{

// begin password protection mod
if ( $row['user_password'] == md5($password) )
{
$sql_a=" UPDATE " . USERS_TABLE . "
SET user_bad_password=0
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
//message_die(GENERAL_ERROR, 'incorrect password');
}
// end password protection mod
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("index.$phpEx", true));
}
else
{
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}

// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}

if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);

if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
}

// begin password protection mod
if ( $row['user_password'] != md5($password) )
{
// let's store the IP of the bad entry
$sql_a=" INSERT INTO " . BAD_PASS_LOG_TABLE . "
(user_id, ip_address, log_time)
VALUES
(" . $row['user_id'] . ",'" . $user_ip . "'," . time() . ")";
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
// how many bad attempts to date?
if ( $row['user_bad_password'] > 1 )
{
//
// Set default email variables
//
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/profile.'.$phpEx : 'profile.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';

$server_url = $server_protocol . $server_name . $server_port . $script_name;
//
// page specific function
//
function gen_rand_string($hash)
{
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');

$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);

$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}

return ( $hash ) ? md5($rand_str) : $rand_str;
}
$locked_password=rand(123456, 12345678);
$temp_password=md5($locked_password);

$sql_a=" UPDATE " . USERS_TABLE . "
SET user_password='$temp_password', user_bad_password=-1
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
$sent_details=1;
$sent_username=$row['username'];
$sent_email=$row['user_email'];
include($phpbb_root_path . 'includes/usercp_sendpasswd.'.$phpEx);
exit;
//message_die(GENERAL_ERROR, 'Account Blocked.' . $blocked_redirect);
}
// update the bad attempt count, only if the account isn't locked
if ( $row['user_bad_password'] > -1 )
{
$sql_a=" UPDATE " . USERS_TABLE . "
SET user_bad_password=user_bad_password+1
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
}
else
{
// inform that account is blocked
$index_redirect = '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx?") . '">';
$message = $lang['account_blocked'] . $index_redirect;
message_die(GENERAL_MESSAGE, $message);
}
}
// end password protection mod

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}

if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}

if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
$url = str_replace('&', '&', $url);
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
'body' => 'login_body.tpl')
);

$forward_page = '';

if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);

if(count($forward_match) > 1)
{
for($i = 1; $i < count($forward_match); $i++)
{
if( !ereg("sid=", $forward_match[$i]) )
{
if( $forward_page != '' )
{
$forward_page .= '&';
}
$forward_page .= $forward_match[$i];
}
}
$forward_page = $forward_match[0] . '?' . $forward_page;
}
else
{
$forward_page = $forward_match[0];
}
}
}

$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

make_jumpbox('viewforum.'.$phpEx);
$template->assign_vars(array(
'USERNAME' => $username,

'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],

'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

'S_HIDDEN_FIELDS' => $s_hidden_fields)
);

$template->pparse('body');

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
redirect(append_sid("index.$phpEx", true));
}

}

?>
Omhoog
Gebruikersavatar
brandsrus
Berichten: 1966
Lid geworden op: 01 jul 2005, 19:38
Locatie: r. Лeувapдeн
Contacteer:
Contacteer brandsrus

Bericht door brandsrus » 29 okt 2006, 11:11

Zoek

Code: Selecteer alles

 // password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email,
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
Vervang met

Code: Selecteer alles

 // password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
Suc6 :wink:
Omhoog
marijke2
Berichten: 10
Lid geworden op: 07 okt 2006, 08:57

Bericht door marijke2 » 29 okt 2006, 11:54

Bedankt voor het antwoord echter dit is het ook niet krijg nu de melding

Error in obtaining userdata

DEBUG MODE

SQL Error : 1054 Unknown column 'user_bad_password' in 'field list'

SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email FROM phpbb_users WHERE username = 'theo'

Line : 66
File : login.php
Omhoog
Gebruikersavatar
Paul
Beheerder
Beheerder
Berichten: 20316
Lid geworden op: 23 okt 2003, 11:38
Locatie: Utrecht
Contacteer:
Contacteer Paul

Bericht door Paul » 29 okt 2006, 11:58

Je hebt de SQL opdrachten niet uitgevoerd bij de installatie van de mod.
Omhoog
marijke2
Berichten: 10
Lid geworden op: 07 okt 2006, 08:57

Bericht door marijke2 » 29 okt 2006, 17:42

Bedankt voor de tips, pasword protection werkt :lol:
Echter het enige probleem en waarschijnlijk ook een hele grote is, dat als men drie keer een fout pasword heeft ingevuld er geen email uit gaat naar de persoon in kwestie, wel blijft zijn account geblokkeerd

Hebben jullie enig idee waar ik deze fout moet zoeken
Omhoog
marijke2
Berichten: 10
Lid geworden op: 07 okt 2006, 08:57

Bericht door marijke2 » 29 okt 2006, 18:08

Ik ben er zelf al achter, was vergeten de user_account_blocked.tpl ook in de email map van lang-dutch te zetten

gr
marijke
Omhoog
Gesloten

Terug naar “2.0 Modificaties”