IntegraMOD

Home of phpBB Integrated Modifications
http://www.integramod.com/forum/

[Solved] Login error

http://www.integramod.com/forum/viewtopic.php?f=17&t=2307

Page 1 of 1

[Solved] Login error

PostPosted: Wed Oct 25, 2006 3:36 pm
Author: zenrei
Ok.

I'm sure this is a simple one.

After updating my login.php, I get the following error:

[color=indigo]Error in obtaining userdata

DEBUG MODE

SQL Error ]

Here is the code for my changed login.php:

Code: Select all
 <php>sql_query($sql)) )         {             message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);         }           if( $row = $db->sql_fetchrow($result) )         {#======================================================================= |#==== Start: == phpBB Security ========================================= |#==== v1.0.2 =========================================================== |#====         if (md5($password) != $row['user_password'])             phpBBSecurity_InvalidLogin($row['user_id']);                                             phpBBSecurity_CheckTries($row['user_id']);#====#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |#==== End: ==== phpBB Security ========================================= |   #======================================================================= |             if( $row['user_level'] != ADMIN && $board_config['board_disable'] )             {                 redirect(append_sid("portal.$phpEx", true));             }             else             {                 // If the last login is more than x minutes ago, then reset the login tries/time                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] <time>sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);                     $row['user_last_login_try'] = $row['user_login_tries'] = 0;                 }                                 // Check to see if user is allowed to login again... if his tries are exceeded                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&                     $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])                 {                     message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));                 }                 if( md5($password) == $row['user_password'] && $row['user_active'] )                 {                     lw_check_membership($row);                     $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;                       $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;                     $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);                     // Reset login tries                     $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);                       if( $session_id )                     {#======================================================================= |#==== Start: == phpBB Security ========================================= |#==== v1.0.2 =========================================================== |#====                                             phpBBSecurity_ResetTries($row['user_id']);#====#==== Author: aUsTiN [austin@phpbb-amod.com] [http://phpbb-amod.com] === |#==== End: ==== phpBB Security ========================================= |   #======================================================================= |                         $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";                         redirect(append_sid($url, true));                     }                     else                     {                         message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);                     }                 }                 else                 {                     // Save login tries and last login                     if ($row['user_id'] != ANONYMOUS)                     {                         $sql = 'UPDATE ' . USERS_TABLE . '                             SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '                             WHERE user_id = ' . $row['user_id'];                         $db->sql_query($sql);                     }                     $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';                     $redirect = str_replace('?', '&', $redirect);                       if (strstr(urldecode($redirect), "n") || strstr(urldecode($redirect), "r"))                     {                         message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');                     }                       $template->assign_vars(array(                         'META' => "<meta>")                     );                       $message = $lang['Error_login'] . '<br><br>' . sprintf($lang['Click_return_login'], "<a>", '</a>') . '<br><br>' .  sprintf($lang['Click_return_index'], '<a>', '</a>');                       message_die(GENERAL_MESSAGE, $message);                 }             }         }         else         {             $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";             $redirect = str_replace("?", "&", $redirect);               if (strstr(urldecode($redirect), "n") || strstr(urldecode($redirect), "r"))             {                 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');             }               $template->assign_vars(array(                 'META' => "<meta>")             );               $message = $lang['Error_login'] . '<br><br>' . sprintf($lang['Click_return_login'], "<a>", '</a>') . '<br><br>' .  sprintf($lang['Click_return_index'], '<a>', '</a>');               message_die(GENERAL_MESSAGE, $message);         }     }     else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )     {         // session id check         if ($sid == '' || $sid != $userdata['session_id'])         {             message_die(GENERAL_ERROR, 'Invalid_session');         }         if( $userdata['session_logged_in'] )         {             session_end($userdata['session_id'], $userdata['user_id']);         }//--------------------------------------------------------------------------------// Prillian - Begin Code Addition//         if ( !empty($_REQUEST['in_prill']) )         {             im_session_update(true, true);         }//// Prillian - End Code Addition//--------------------------------------------------------------------------------           if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))         {             $url = (!empty($HTTP_POST_VARS['redirect'])) ? htmlspecialchars($HTTP_POST_VARS['redirect']) : htmlspecialchars($HTTP_GET_VARS['redirect']);             $url = str_replace('&', '&', $url);             redirect(append_sid($url, true));         }         else         {             redirect(append_sid("portal.$phpEx", true));         }     }     else     {         $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "portal.$phpEx";         redirect(append_sid($url, true));     }}else{     //     // Do a full login page dohickey if     // user not already logged in     //     include_once($phpbb_root_path . 'includes/functions_jr_admin.' . $phpEx);       $jr_admin_userdata = jr_admin_get_user_info($userdata['user_id']);         if( !$userdata['session_logged_in'] || (isset($HTTP_GET_VARS['admin']) && $userdata['session_logged_in'] && (!empty($jr_admin_userdata['user_jr_admin']) || $userdata['user_level'] == ADMIN)))     {         $page_title = $lang['Login'];         include($phpbb_root_path . 'includes/page_header.'.$phpEx);  //--------------------------------------------------------------------------------// Prillian - Begin Code Addition//         $body_tpl = '';         if( $gen_simple_header )         {             $body_tpl = 'prillian/';         }//// Prillian - End Code Addition//--------------------------------------------------------------------------------         $template->set_filenames(array(             'body' => $body_tpl . 'login_body.tpl')         );           $forward_page = '';         if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )         {             $forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];               if( preg_match("/^redirect=([a-z0-9.#/?&=+-_]+)/si", $forward_to, $forward_matches) )             {                 $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];                 $forward_match = preg_split('[?|&]', $forward_to);                   if(count($forward_match) > 1)                 {                     for($i = 1; $i <count>assign_vars(array(             'USERNAME' => $username,               'L_ENTER_PASSWORD' => (isset($HTTP_GET_VARS['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],             'L_SEND_PASSWORD' => $lang['Forgotten_password'],               'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),               'S_HIDDEN_FIELDS' => $s_hidden_fields)         );           $template->pparse('body');           include($phpbb_root_path . 'includes/page_tail.'.$phpEx);     }     else     {         redirect(append_sid("portal.$phpEx", true));     }  }  ?>  


This is the direction I followed for the update:

Code: Select all
   #-----[ OPEN ]--------------------------------------------- # login.php  ##-----[ FIND ]---------------------------------------------# Line 80         $sql = "SELECT user_id, username, user_password, user_active, user_level, user_rank, user_actviate_date, user_expire_date, user_regdate  ##-----[ REPLACE WITH ]---------------------------------------------#         $sql = "SELECT user_id, username, user_password, user_active, user_level, user_rank, user_actviate_date, user_expire_date, user_regdate, user_login_tries, user_last_login_try  ##-----[ FIND ]---------------------------------------------# Line 107                 if( md5($password) == $row['user_password'] && $row['user_active'] )  ##-----[ BEFORE, ADD ]---------------------------------------------#                 // If the last login is more than x minutes ago, then reset the login tries/time                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $row['user_last_login_try'] <time>sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);                     $row['user_last_login_try'] = $row['user_login_tries'] = 0;                 }                                 // Check to see if user is allowed to login again... if his tries are exceeded                 if ($row['user_last_login_try'] && $board_config['login_reset_time'] && $board_config['max_login_attempts'] &&                     $row['user_last_login_try'] >= (time() - ($board_config['login_reset_time'] * 60)) && $row['user_login_tries'] >= $board_config['max_login_attempts'])                 {                     message_die(GENERAL_MESSAGE, sprintf($lang['Login_attempts_exceeded'], $board_config['max_login_attempts'], $board_config['login_reset_time']));                 }    ##-----[ FIND ]---------------------------------------------# Line 125                     $admin = (isset($HTTP_POST_VARS['admin'])) ? 1 ], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);    ##-----[ AFTER, ADD ]---------------------------------------------#                     // Reset login tries                     $db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_login_tries = 0, user_last_login_try = 0 WHERE user_id = ' . $row['user_id']);    ##-----[ FIND ]---------------------------------------------# Line 151                     $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';                     $redirect = str_replace('?', '&', $redirect);  ##-----[ BEFORE, ADD ]---------------------------------------------#                     // Save login tries and last login                     if ($row['user_id'] != ANONYMOUS)                     {                         $sql = 'UPDATE ' . USERS_TABLE . '                             SET user_login_tries = user_login_tries + 1, user_last_login_try = ' . time() . '                             WHERE user_id = ' . $row['user_id'];                         $db->sql_query($sql);                     }                      


What did i do wrong?

PostPosted: Wed Oct 25, 2006 3:47 pm
Author: IntegraMOD
Why did you update your login.php a little more information would help?

PostPosted: Wed Oct 25, 2006 3:56 pm
Author: zenrei
ok.. i think i made a mistake.

i didn't apply the security upgrade before starting my phpbb upgrade.
I'm going from phpbb 2.0.17 to 18 to 19... and NOW i see that I was supposed to do the security upgrade FIRST

but I did that change in login.php because that's what it says to do in the upgrade docs.... I'm going to apply the security upgrade now and THEN do the other 2 again and see if the issue persists.

PostPosted: Wed Oct 25, 2006 8:28 pm
Author: zenrei
Installing the security update first fixed this.
All times are UTC - 8 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/