phpBB.nl

Nederlandstalige phpBB Support
https://www.phpbb.nl/forums/

problemen met Mod: Pasword protection

https://www.phpbb.nl/forums/viewtopic.php?f=45&t=32994

Pagina 1 van 1

problemen met Mod: Pasword protection

Geplaatst: 29 okt 2006, 10:42
door marijke2
kan niet meer inloggenb]
Na het installeren van de mod: Pasword Protection
Adres van je forum: http:// test.degezelligevisser.nl
Directe link naar de modification: http://www.phpbbhacks.com/download/4621
phpBB versie: laaste versie 2.0.32
Heb je onlangs een andere mod of stijl geïnstalleerd? overall permission
Heb je gezocht naar een antwoord? ja echter geen oplossing gevonden.

Mod goed uitgevoerd, krijg nu echter bij het inloggen de volgende melding:

Error in obtaining userdata

DEBUG MODE

SQL Error : 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM phpbb_users WHERE username = 'theo'' at line 2

SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email, FROM phpbb_users WHERE username = 'theo'

Line : 66
File : login.php

Wat is hier fout aan??

Marijke

Geplaatst: 29 okt 2006, 10:44
door Paul
Er staat een , teveel voor FROM :)

Geplaatst: 29 okt 2006, 11:10
door marijke2
Ben zelf niet zo thuis in php, met jouw antwoord "Er staat een , teveel voor FROM" begrijp ik niet helemaal. Voor de duidelijkheid zal ik hierbij de gehele php van login.php opgeven. Kan jij mij duidelijk maken waar de fout zit ..

<?php
/***************************************************************************
* login.php
* -------------------
* begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group
* email : support@phpbb.com
*
* $Id: login.php,v 1.47.2.24 2006/04/22 20:28:42 grahamje Exp $
*
*
***************************************************************************/

/***************************************************************************
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
***************************************************************************/

//
// Allow people to reach login page if
// board is shut down
//
define("IN_LOGIN", true);

define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Set page ID for session management
//
$userdata = session_pagestart($user_ip, PAGE_LOGIN);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
$sid = '';
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

// password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email,
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}

if( $row = $db->sql_fetchrow($result) )
{

// begin password protection mod
if ( $row['user_password'] == md5($password) )
{
$sql_a=" UPDATE " . USERS_TABLE . "
SET user_bad_password=0
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
//message_die(GENERAL_ERROR, 'incorrect password');
}
// end password protection mod
if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
{
redirect(append_sid("index.$phpEx", true));
}
else
{
// If the last login is more than x minutes ago, then reset the login tries/time
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] < (time() - ($board_config['login_reset_time'] * 60)))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);
$row['user_last_login_try'] = $row['user_login_tries'] = 0;
}

// Check to see if user is allowed to login again... if his tries are exceeded
if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&
$row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'] && $userdata['user_level'] != ADMIN)
{
message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));
}

if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);

// Reset login tries
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);

if( $session_id )
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
else
{
message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
}
}
// Only store a failed login attempt for an active user - inactive users can't login even with a correct password
elseif( $row['user_active'] )
{
// Save login tries and last login
if ($row['user_id'] != ANONYMOUS)
{
$sql = 'UPDATE ' . USERS_TABLE . '
SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '
WHERE user_id = ' . $row['user_id'];
$db->sql_query($sql);
}
}

// begin password protection mod
if ( $row['user_password'] != md5($password) )
{
// let's store the IP of the bad entry
$sql_a=" INSERT INTO " . BAD_PASS_LOG_TABLE . "
(user_id, ip_address, log_time)
VALUES
(" . $row['user_id'] . ",'" . $user_ip . "'," . time() . ")";
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
// how many bad attempts to date?
if ( $row['user_bad_password'] > 1 )
{
//
// Set default email variables
//
$script_name = preg_replace('/^\/?(.*?)\/?$/', '\1', trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name . '/profile.'.$phpEx : 'profile.'.$phpEx;
$server_name = trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' : 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' . trim($board_config['server_port']) . '/' : '/';

$server_url = $server_protocol . $server_name . $server_port . $script_name;
//
// page specific function
//
function gen_rand_string($hash)
{
$chars = array( 'a', 'A', 'b', 'B', 'c', 'C', 'd', 'D', 'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H', 'i', 'I', 'j', 'J', 'k', 'K', 'l', 'L', 'm', 'M', 'n', 'N', 'o', 'O', 'p', 'P', 'q', 'Q', 'r', 'R', 's', 'S', 't', 'T', 'u', 'U', 'v', 'V', 'w', 'W', 'x', 'X', 'y', 'Y', 'z', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0');

$max_chars = count($chars) - 1;
srand( (double) microtime()*1000000);

$rand_str = '';
for($i = 0; $i < 8; $i++)
{
$rand_str = ( $i == 0 ) ? $chars[rand(0, $max_chars)] : $rand_str . $chars[rand(0, $max_chars)];
}

return ( $hash ) ? md5($rand_str) : $rand_str;
}
$locked_password=rand(123456, 12345678);
$temp_password=md5($locked_password);

$sql_a=" UPDATE " . USERS_TABLE . "
SET user_password='$temp_password', user_bad_password=-1
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
$sent_details=1;
$sent_username=$row['username'];
$sent_email=$row['user_email'];
include($phpbb_root_path . 'includes/usercp_sendpasswd.'.$phpEx);
exit;
//message_die(GENERAL_ERROR, 'Account Blocked.' . $blocked_redirect);
}
// update the bad attempt count, only if the account isn't locked
if ( $row['user_bad_password'] > -1 )
{
$sql_a=" UPDATE " . USERS_TABLE . "
SET user_bad_password=user_bad_password+1
WHERE user_id=" . $row['user_id'];
if ( !$db->sql_query($sql_a) )
{
message_die(GENERAL_ERROR, 'Error logging in', '', __LINE__, __FILE__, $sql_a);
}
}
else
{
// inform that account is blocked
$index_redirect = '<meta http-equiv="refresh" content="10;url=' . append_sid("index.$phpEx?") . '">';
$message = $lang['account_blocked'] . $index_redirect;
message_die(GENERAL_MESSAGE, $message);
}
}
// end password protection mod

$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
$redirect = str_replace('?', '&', $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else
{
$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
$redirect = str_replace("?", "&", $redirect);

if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
{
message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
}

$template->assign_vars(array(
'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
);

$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

message_die(GENERAL_MESSAGE, $message);
}
}
else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
{
// session id check
if ($sid == '' || $sid != $userdata['session_id'])
{
message_die(GENERAL_ERROR, 'Invalid_session');
}

if( $userdata['session_logged_in'] )
{
session_end($userdata['session_id'], $userdata['user_id']);
}

if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
{
$url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);
$url = str_replace('&', '&', $url);
redirect(append_sid($url, true));
}
else
{
redirect(append_sid("index.$phpEx", true));
}
}
else
{
$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
redirect(append_sid($url, true));
}
}
else
{
//
// Do a full login page dohickey if
// user not already logged in
//
if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && $userdata['user_level'] == ADMIN))
{
$page_title = $lang['Login'];
include($phpbb_root_path . 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
'body' => 'login_body.tpl')
);

$forward_page = '';

if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
{
$forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];

if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
{
$forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
$forward_match = explode('&', $forward_to);

if(count($forward_match) > 1)
{
for($i = 1; $i < count($forward_match); $i++)
{
if( !ereg("sid=", $forward_match[$i]) )
{
if( $forward_page != '' )
{
$forward_page .= '&';
}
$forward_page .= $forward_match[$i];
}
}
$forward_page = $forward_match[0] . '?' . $forward_page;
}
else
{
$forward_page = $forward_match[0];
}
}
}

$username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';

$s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />';
$s_hidden_fields .= (isset($HTTP_GET_VARS['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';

make_jumpbox('viewforum.'.$phpEx);
$template->assign_vars(array(
'USERNAME' => $username,

'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
'L_SEND_PASSWORD' => $lang['Forgotten_password'],

'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),

'S_HIDDEN_FIELDS' => $s_hidden_fields)
);

$template->pparse('body');

include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
redirect(append_sid("index.$phpEx", true));
}

}

?>

Geplaatst: 29 okt 2006, 11:11
door brandsrus
Zoek

Code: Selecteer alles

 // password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email,
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
Vervang met

Code: Selecteer alles

 // password protect mod, added user_bad_password, user_email to query
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
Suc6 :wink:

Geplaatst: 29 okt 2006, 11:54
door marijke2
Bedankt voor het antwoord echter dit is het ook niet krijg nu de melding

Error in obtaining userdata

DEBUG MODE

SQL Error : 1054 Unknown column 'user_bad_password' in 'field list'

SELECT user_id, username, user_password, user_active, user_level, user_bad_password, user_email FROM phpbb_users WHERE username = 'theo'

Line : 66
File : login.php

Geplaatst: 29 okt 2006, 11:58
door Paul
Je hebt de SQL opdrachten niet uitgevoerd bij de installatie van de mod.

Geplaatst: 29 okt 2006, 17:42
door marijke2
Bedankt voor de tips, pasword protection werkt :lol:
Echter het enige probleem en waarschijnlijk ook een hele grote is, dat als men drie keer een fout pasword heeft ingevuld er geen email uit gaat naar de persoon in kwestie, wel blijft zijn account geblokkeerd

Hebben jullie enig idee waar ik deze fout moet zoeken

Geplaatst: 29 okt 2006, 18:08
door marijke2
Ik ben er zelf al achter, was vergeten de user_account_blocked.tpl ook in de email map van lang-dutch te zetten

gr
marijke
Alle tijden zijn UTC+01:00
Pagina 1 van 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/