Parse Me!

[atholon]

Anyone know what I am doing wrong I keep getting a parse error:

if (unset($_POST['UserName']))

is that wrong?

Is there a max amount of && you can add so I can put it like this:

if (unset($_POST['UserName']) && unset($_POST['PassWord']) && unset($_SESSION['db_is_logged_in']))

[IcIshoot]

what is the parse error your getting?

IcI

[Scott]

why are you using IF to unset?

unset($_POST['UserName'],$_POST['PassWord']);

I don't think you can unset($_SESSION), just reset the value in session.

$_SESSION['db_is_logged_in']=false;

[atholon]

Ok,

Has anyone had trouble using Mcrypt in EasyPHP? I cannot seem to get it to work even when I edited the PHP.ini file so that it is enabled!

[SilentTrigger]

Error you get? If you get an error that is.

[atholon]

It is a notice error. It is saying that my index is undefined. They are variables that are passed through the URL. I can't define them or it will mess my script up. I even made it so it was like $myvariable=$_REQUEST[myvariable];
it still gave me the undefined thing.

Encryption works fine on the new version.

[IcIshoot]

are you trying to see if the variable is empty?

Try using

if (!$_POST["UserName"])

IcI

[atholon]

Yeah but I got that fixed. Instead I just set it as Else. The login worked fine with the new version of easyphp but my tutorial script went to **** when I got it. I am getting notices all over for undefined variables.

[JonM]

lol, i think you have error reporting to all buddy.

[atholon]

Yeah, but I shut the notice part off and my script stopped working.

Might was well fix all the warnings to the point where it works

[JonM]

well php will give you errors that aren't necessarily errors, just errors because the script didn't have the right conditions etc...

[atholon]

Got it working now but it is giving me an error when I log in.

[atholon]

This won't set the cookies for a long period of time, just while the browser is open. Know what is wrong?

PHP Code:

<?
if (isset($_SESSION['db_is_logged_in']))
{
  echo ("<center>Welcome <b> $_SESSION[username]</b>"); 
  echo ("<br><center><a href=\"logout.php\">LogOut</a></center>");
}
Else
{

    if (isset($_COOKIE['UserName']) && isset($_COOKIE['PassWord']))
    {
        include 'config2.php';
        
        $userId = $_COOKIE['UserName'];
        $password = $_COOKIE['PassWord'];
                $password3=decrypt($password, $IV);
        $password2 = md5($password3);
        
          // check if the user id and password combination exist in database
        $sql = "SELECT mgroup
               FROM ibf_members
               WHERE name = '$userId'
                     AND password = '$password2'";
        $result = @mysql_query($sql);
                 //or die('Query failed. ' . mysql_error()); 
    
        //=== DEBUG ===
    //    print("Rows: " . mysql_num_rows($result));
    //    exit;
        //=== DEBUG ===
    
        if( mysql_num_rows($result) == 1 )
        {
          // the user id and password match, 
          // set the session
          $_SESSION['db_is_logged_in'] = true;
          $_SESSION['username'] = $userId;      
    
          if( $row = mysql_fetch_object($result) )
          {
              if( $row->mgroup == "4" )
                  $_SESSION['admin_is_logged_in'] = true;
          }
          
          mysql_free_result($result);
        
          // after login we move to the main page
          createformandsubmit($userId, $password3);
        }
    else
        RedirWithError('Invalid Login', 'index.php');
        }    

    if (isset($_POST['UserName']) && isset($_POST['PassWord']))
    {
        include 'config2.php';
    
        $userId = $_POST['UserName'];
        $password = $_POST['PassWord'];
        $password2 = md5($password);
            $IV = '';
        $password3 = encrypt($password, $IV);
          // check if the user id and password combination exist in database
        $sql = "SELECT mgroup
               FROM ibf_members
               WHERE name = '$userId'
                 AND password = '$password2'";
        $result = @mysql_query($sql);
             //or die('Query failed. ' . mysql_error()); 

        //=== DEBUG ===
    //    print("Rows: " . mysql_num_rows($result));
    //    exit;
        //=== DEBUG ===
    
        if( mysql_num_rows($result) == 1 )
        {
          // the user id and password match, 
          // set the session
          $_SESSION['db_is_logged_in'] = true;
          $_SESSION['username'] = $userId;
              setcookie("UserName", "$userId", time()+2147483647);          
              setcookie("PassWord", "$password3", time()+2147483647);           
    
          if( $row = mysql_fetch_object($result) )
          {
              if( $row->mgroup == "4" )
                  $_SESSION['admin_is_logged_in'] = true;
          }
          
          mysql_free_result($result);
        
          // after login we move to the main page
          createformandsubmit($userId, $password);
        }
        else
            RedirWithError('Invalid Login', 'index.php');
    }
    else
    {
    echo ("<form action=\"loginproc.php\" method=\"post\" name=\"LOGIN\">");
    echo ("<input type=\"hidden\" name=\"referer\" value=\"http://www.nerdhq.net/forum/index.php\" />");
    echo ("<input type=\"hidden\" name=\"return\" value=\"http://www.nerdhq.net/\" />");
    echo ("<input type=\"hidden\" name=\"Privacy\" value=\"1\" />");
    echo ("  <table class=\"tablebasic\" cellspacing=\"0\" width=\"100\">");
    echo ("");
    echo ("  <tr>");
    
    echo ("    <td class=\"pformleftw\">Username</td>");
    echo ("    <td class=\"pformright\"><input type=\"text\" size=\"15\" maxlength=\"64\" name=\"UserName\" class=\"forminput\"></td>");
    echo ("  </tr>");
    echo ("  <tr>");
    echo ("    <td class=\"pformleftw\">Password</td>");
    echo ("    <td class=\"pformright\"><input type=\"password\" size=\"15\" name=\"PassWord\" class=\"forminput\" /></td>");
    echo ("  </tr>");
    echo ("");
    echo ("  </table>");
    echo ("  <div class=\"pformstrip\">Options</div>        ");
    echo ("  <table class=\"tablebasic\" cellspacing=\"1\" align=\"center\">");
    echo ("  <tr><td><b>Remember Me</b></td>");
    echo ("   <td class=\"pformright\"><input type=\"radio\" name=\"CookieDate\" value=\"1\" checked=\"checked\">Yes<br />");
    echo ("<input type=\"radio\" name=\"CookieDate\" value=\"0\" />No</td>");
    echo ("");
    echo ("  </tr>");
    echo ("");
    echo ("  </table>     ");
    echo ("  <center><input type=\"submit\" name=\"submit\" value=\"Log me in\" class=\"forminput\"></center>");
    echo ("</form><center><a href=\"../forum/index.php?act=Reg&CODE=00\">Register</a></center> ");
    }

}



//=======================================================================


function RedirWithError( $iErrorMessage, $iRedirURL )
{
    $_SESSION["errMsg"] = trim($iErrorMessage);
    header("Location: $iRedirURL");
    exit;
}
//Encryption
function encrypt($input, &$iv)  // Pass IV by reference
{
$key = "5s4d2d9s8g8d9f9329d9f9j";
$td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);

$iv = trim(base64_encode($iv));
return trim(base64_encode($encrypted_data));
}

//Decryption
function decrypt($input, $iv)
{
$key = "5s4d2d9s8g8d9f9329d9f9j";
$input = base64_decode($input);
$iv = base64_decode($iv);

$td = mcrypt_module_open(MCRYPT_3DES, '', MCRYPT_MODE_ECB, '');
mcrypt_generic_init($td, $key, $iv);
$decrypt = trim(mdecrypt_generic($td, $input));
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $decrypt;
}



function createformandsubmit ( $iUserName, $iPassword )
{
?>
<html>
<head>
</head>
<body onload="document.LOGIN.submit();">
 <form action="../forum/index.php?act=Login&CODE=01" method="post" name="LOGIN">
    <input type="hidden" name="referer" value="<?=($_SERVER["HTTP_REFERER"])?>" />
    <input type="hidden" name="return" value="http://nerdhq.net/index.php" />
    <input type="hidden" name="Privacy" value="0" />
    <input type="hidden" name="UserName" value="<?=($iUserName)?>" />
    <input type="hidden" name="PassWord" value="<?=($iPassword)?>" />
  </form>
</body>
</html>
<?
    exit;
}
?>