Announcement

Collapse
No announcement yet.

Example: PHP User/Password Validation

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    works for me, double check your address and your user/pass combo
    Embrace change in your life, you never know, it could all work out for the best

    Comment


    • #17
      Okay, I've tripled-checked my address and password combo. I've ensured the php-script has been set to execute (via chmod-755), and have even tried FTPing in both ascii (text) & binary mode.

      What the friggin' firetruck, man???

      I'm including my server-settings here (it's just a free test-site ... no security-issues), in the event that anyone would like to check this out for me.

      Code:
      Website URL: http://blacknet.phpnet.us/check_user.php
      FTP Server: ftp.phpnet.us
      FTP Username (FTP/SQL): pn_2542241
      FTP Password (FTP/SQL): sassas
      
      ControlPanel URL : http://cpanel.phpnet.us
      ControlPanel  Username (FTP/SQL): pn_2542241
      ControlPanel  Password (FTP/SQL): sassas
      I'd really like some feedback, if anyone has the time?

      Comment


      • #18
        Are you passing the data from your autoplay application as GET or POST data?

        If you're using GET, try POST.

        Desmond.

        Comment


        • #19
          it dont work, theres something amiss with your free server

          try the script at this address and it will work

          http://www.dnet-software.com/check_user.php

          edit, ill remove this script in a few days
          Embrace change in your life, you never know, it could all work out for the best

          Comment


          • #20
            Originally posted by Desmond View Post
            Are you passing the data from your autoplay application as GET or POST data?

            If you're using GET, try POST.

            Desmond.
            I'm using POST, just as it is in the original apz.script (only ever use POST anyway).


            Originally posted by RizlaUK View Post
            it dont work, theres something amiss with your free server

            try the script at this address and it will work

            http://www.dnet-software.com/check_user.php

            edit, ill remove this script in a few days
            RizlaUK, I retried the apz.script, using your server ... and you're right of course, it's works perfectly when the php-script is hosted there. Now, here's what I don't get:

            The server that I'm using at http://phpnet.us supports PHP-5 (it's stated in their speil advertising free accounts). The same applies to the other server I tried at http://lycos.tripod.com, yet I have the same problem there. Surely, BOTH servers can't be the problem?

            Which leads me to conclude, there must be something wrong with the way in which I'm transferring the php-script. So RizlaUK, I have to ask; when you uploaded the php-script to your server at d-net software, am I correct in assuming that you:

            I. uploaded using ascii (text) mode? (I'm assuming that your server is unix)
            II. set the file permissions to 755

            If so, I'm confused ... because I'm already doing these things on my end. Which takes me back to my original question of:

            What the friggin firetruck, man???

            Any comments? (anyone???)

            Comment


            • #21
              maybe the free servers do not allow you to exacute scripts remotely or they reject the ams POST headers (if thats possable),

              i uploaded in ASCII mode, dident set permissions, just ran the script

              your script is intact because when you load the URL you get the "No Post Data" message, it must be the server rejecting the connection!
              Embrace change in your life, you never know, it could all work out for the best

              Comment


              • #22
                Or...
                http://www.indigorose.com/forums/sho...highlight=home

                Comment


                • #23
                  what about the free server adds and url redirections
                  does your server add advertisement banners to your pages
                  or silent navigations

                  Code:
                  if ($_POST)
                  {
                  	// Loop through table
                  	foreach($user_table as $username=>$password)
                  	{
                  		// Check if md5's of user/pass match passed values
                  		if (($_POST['username_md5'] == md5($username)) AND ($_POST['password_md5'] == md5($password)))
                  		{
                  			// The user/pass combo matched
                  			echo '1';
                  			exit;
                  		}
                  	}
                  // The user/pass combox did not match
                  echo '0';
                  exit;
                  
                  [B][COLOR="Red"]free server may add anything here (javascript,html....)[/COLOR][/B]
                  }
                  add
                  Code:
                  Dialog.Message("Notice", sResult, MB_OK, MB_ICONNONE);
                  after
                  Code:
                  sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);
                  and see ,what your server was sent to you

                  it should be 0 or 1

                  i have used the url that you specified (http://blacknet.phpnet.us/check_user.php)
                  and tested it
                  there is a silent navigation that you can detect with only socket connection
                  like : HTTP.Submit();
                  a normal web browser can not detect this
                  let me show you the result before you test it
                  Attached Files
                  amsplugins.com Is Closed.

                  Facebook Page

                  Comment


                  • #24
                    Originally posted by reteset View Post
                    what about the free server adds and url redirections
                    does your server add advertisement banners to your pages
                    or silent navigations

                    Code:
                    if ($_POST)
                    {
                    	// Loop through table
                    	foreach($user_table as $username=>$password)
                    	{
                    		// Check if md5's of user/pass match passed values
                    		if (($_POST['username_md5'] == md5($username)) AND ($_POST['password_md5'] == md5($password)))
                    		{
                    			// The user/pass combo matched
                    			echo '1';
                    			exit;
                    		}
                    	}
                    // The user/pass combox did not match
                    echo '0';
                    exit;
                    
                    [B][COLOR="Red"]free server may add anything here (javascript,html....)[/COLOR][/B]
                    }
                    add
                    Code:
                    Dialog.Message("Notice", sResult, MB_OK, MB_ICONNONE);
                    after
                    Code:
                    sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);
                    and see ,what your server was sent to you

                    it should be 0 or 1

                    i have used the url that you specified (http://blacknet.phpnet.us/check_user.php)
                    and tested it
                    there is a silent navigation that you can detect with only socket connection
                    like : HTTP.Submit();
                    a normal web browser can not detect this
                    let me show you the result before you test it
                    Okay ... but what does this mean? You have lost me!

                    Comment


                    • #25
                      Okay guys,

                      Thanks for the feedback ... but the point is now mute. I've set up an another free test-account at 000webhost.com who provide free-access with FULL PHP-support.

                      Now the script runs without any problems at all ... didn't even have to set the file permissions.

                      It would seem that my initial problem was that I didn't read the terms-of-service of the other freebie-hosts properly who (although offering free PHP support) placed certains restrictions on what exaxtly could be executed, etc...

                      Anyway, problem now solved.

                      Thanks everyone.

                      Comment


                      • #26
                        Thanks !

                        Thanks ! I'ts very cool !

                        Comment


                        • #27
                          Originally posted by mystica View Post
                          Okay ... but what does this mean? You have lost me!
                          simlpified

                          Normal Web Server :

                          AMS >> HTTP.Submit() >> check_user.php

                          check_user.php returns 0 or 1

                          -----------------------------------------------------------------
                          Your Web Server :

                          AMS >> HTTP.Submit() >> advertisement.php >> check_user.php

                          advertisement.php returns its html source before check_user.php
                          amsplugins.com Is Closed.

                          Facebook Page

                          Comment


                          • #28
                            Works with smf 1.1.10?

                            Comment


                            • #29
                              Originally posted by RazorPT View Post
                              Works with smf 1.1.10?
                              i guess it would be intergreated with ANY php site.

                              Comment


                              • #30
                                Php Code

                                <?php
                                $hostname_conn = "mysql.server.net";
                                $database_conn = "user11";
                                $username_conn = "user1";
                                $password_conn = "password";

                                $conn = mysql_pconnect($hostname_conn, $username_conn, $password_conn) or die(mysql_error() );

                                if( isset( $_POST['a'] ) )
                                {
                                $loginUsername = $_POST['a'];
                                $password = $_POST['b'];

                                mysql_select_db( $database_conn, $conn );

                                $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username='%s' AND password='%s' AND aktivan='DA'",
                                get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));
                                //echo $LoginRS__query;
                                $LoginRS = mysql_query($LoginRS__query, $conn) or die(mysql_error());
                                $loginFoundUser = mysql_num_rows($LoginRS);
                                if( $loginFoundUser )
                                {
                                echo "1";
                                }
                                else
                                {
                                echo "0";
                                }
                                }
                                else
                                {
                                echo "0";
                                }

                                ?>

                                APM Code

                                sCheckScriptURL = "http://youserver.com/provera/auth.php";


                                sUsername = Registry.GetValue(HKEY_LOCAL_MACHINE, "Software\\Dream", "username", true);
                                sPassword = Registry.GetValue(HKEY_LOCAL_MACHINE, "Software\\Dream", "password", true);

                                tValuesToPass = {a = sUsername, b = sPassword};
                                nSubmitMethod = SUBMITWEB_POST;
                                nTimeout = 20;
                                nPort = 80;
                                tAuthData = nil;
                                tProxyData = nil;

                                sResult = HTTP.Submit(sCheckScriptURL, tValuesToPass, nSubmitMethod, nTimeout, nPort, tAuthData, tProxyData);



                                -- The details were correct. (the installer received a value of one)
                                if sResult == "1" then
                                -- The username and password was right
                                Page.Jump("Page2");

                                else
                                -- Those details provided were wrong. Or no longer in the database.
                                Dialog.Message("Licenca not ok", "Username and serial not OK", MB_OK, MB_ICONINFORMATION);

                                end

                                Comment

                                Working...
                                X