Problems with user auth

[Vedran]

Hi,
I'm trying to integrate your Simple User Auth script, and I had a lot of bugs and problems, but there is only one that I can't really figure out...
When I try to log in using script, I get following error

Code:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /***/***/usermenu.php on line 28

Apperantly there is a problem with

PHP Code:

iif(mysql_num_rows($query) > 0) {
            
                    setcookie("loggedin",true,time()+170000);
                    $_SESSION['loggedin']=true; 


What is the problem and can u help me fix it?

[Scott]

That problem usually occures when there isd no database setup or the database fields do not match the fields you are selecting from. Do you have a database setup?

[Vedran]

Yes, i'm actually accessing pbpBB db here is the code:

PHP Code:

<? mysql_connect('localhost', 'omeragic_phpb1', 'g7zCV9VJmuNJ'); ?>
            <?php
            if($_POST['login']) {
                if(auth_user($_POST['username'],$_POST['user_password'])) {
                    echo("You are now logged in. Click here to go to your page");
                } else {
                    echo("Login Failed! Please try again. <br /><br />");
                }
            }
            
            login_form(); 
            ?>

            
            <?
            function auth_user($username,$user_password) {            
                $query=mysql_query("SELECT username,user_password FROM phpbb_users WHERE username='".addslashes($username)."' AND user_password='".addslashes($user_password)."' LIMIT 1");
                if(mysql_num_rows($query) > 0) {
                    setcookie("loggedin",true,time()+170000);
                    $_SESSION['loggedin']=true;
            
                    return true;
            
                } else {
                    return false;
            
                }
                return false;
            }
            
            function is_logged_in() {
            
                if(($_COOKIE['loggedin']==true) or ($_SESSION['loggedin']==true)) {
                    return true;
                } else {
                    return false;
                }
            }
            
            
            function login_form() {
            ?> 
            <form method="post" action="<?echo($_SERVER['PHP_SELF']);?>">
            Username: <input type="text" name="username" value="" /><br />
            Password: <input type="password" name="user_password" value="" /><br />
            <input type="hidden" name="login" value="true" />
            <input type="submit" name="submit" value="login" />
            </form>
            <?
            }
            ?>

EDIT: btw, sorry for wraping the forum with my post

[IcIshoot]

I think the problem is your select statement - your just adding slashes.

phpbb passwords are encrypted using MD5.... thus the entered password your compairing to the database won't match.

But to make sure your generating the correct MD5 hash, you also need to find out if phpbb is using the addslashes function on the passwords before it runs the MD5 algorithim (I don't believe it does, as I have reset passwords by just replacing the password with my own MD5 hash - but then again, none of my passwords have special characters). You need to figure that out as that will effect the MD5


You will also need to check to see if phpbb uses addslashes on the username....

Based on my quick researchon the only copy I have (nuke evolution) they use htmlspecial caracters, then do some extra work on it...

thats what stands out at first glance - the mysql_query("select****") statement returns nothing because the name and password wasn't properly formated before being used to compair with the data in the database.

IcI