Register/login script help

  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

I hate these two scripts. One of them has a bug, but I can't seem to find it.

I help out on an RPG, and either the regiter script or the login script has a problem, i can't tell which.

Some people are able to login, that is possible. But others when you signup, and you go to login you get "Incorrect password and/or username" thing. But for a fact, their information is right, and it's in the db.

Here's the register script, well the part that inserts into the db, the other is just some html fields.

PHP Code: [ Select ]
<?php include "functions.php"; ?>
 
 
 
<?php include "header.php"; ?>
 
<?php
 
// Register Script
 
// Place info in the database
 
$username = $_POST['username'];
 
$password = $_POST['password'];
 
$email = $_POST['email'];
 
$role = $_POST['role'];
 
$query = "INSERT INTO users (username,password,email,galleon,sickle,knut,role,house)
 
            VALUES ('$username','$password','$email','100','0','0','$role','Being Sorted')";
 
// Run the SQL Statment here
 
$result = mysql_query($query)
 
   or die ("Could not intsert in database");
 
   
 
   echo "You may now log into Ackwell RPG";
 
   ?>
 
<?php include "footer.php"; ?>
  1. <?php include "functions.php"; ?>
  2.  
  3.  
  4.  
  5. <?php include "header.php"; ?>
  6.  
  7. <?php
  8.  
  9. // Register Script
  10.  
  11. // Place info in the database
  12.  
  13. $username = $_POST['username'];
  14.  
  15. $password = $_POST['password'];
  16.  
  17. $email = $_POST['email'];
  18.  
  19. $role = $_POST['role'];
  20.  
  21. $query = "INSERT INTO users (username,password,email,galleon,sickle,knut,role,house)
  22.  
  23.             VALUES ('$username','$password','$email','100','0','0','$role','Being Sorted')";
  24.  
  25. // Run the SQL Statment here
  26.  
  27. $result = mysql_query($query)
  28.  
  29.    or die ("Could not intsert in database");
  30.  
  31.    
  32.  
  33.    echo "You may now log into Ackwell RPG";
  34.  
  35.    ?>
  36.  
  37. <?php include "footer.php"; ?>


I'll post the login script next.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

The login script:


PHP Code: [ Select ]
<?
 
 
 
 
 
 
 
include "functions.php";
 
 
 
if ($_REQUEST['action'] == "login") {
 
 
 
    if ($username == "" || $pass == "") message("Log In","Please fill in your username and your password.");
 
 
 
    $encrypt = iencrypt($pass);
 
 
 
    $result = mysql_query("SELECT * FROM users WHERE username='$username'");
 
 
 
    $array = mysql_fetch_array($result);
 
 
 
    mysql_free_result($result);
 
 
 
   
 
 
 
   if ($array[password] == "expelled") message("Log In","This account has been disabled.");
 
 
 
    elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
 
 
 
   elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181")
 
 
 
   {
 
 
 
        if ($remember) {
 
 
 
            mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
 
 
 
            setcookie("hb",$array[username]."-".$array[password], $time + 5 * 24 * 60 * 60);
 
 
 
            setcookie("rem","true", $time + 5 * 24 * 60 * 60);
 
 
 
        }
 
 
 
        else {
 
 
 
         setcookie("hb",$array[username]."-".$array[password]);
 
 
 
         mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
 
 
 
      }
 
 
 
        header("location:/index.php");
 
 
 
    }
 
 
 
}
 
 
 
 
 
 
 
include "header.php";
 
 
 
 
 
 
 
?>
 
 
 
 
 
 
 
<font size=2>
 
 
 
<br><br>
 
 
 
 
 
 
 
<form action="login.php" method="post">
 
 
 
<input type=hidden name=action value="login">
 
 
 
<table border=0 cellpadding=0 cellspacing=1>
 
 
 
<tr><td>
 
 
 
 
 
 
 
<table border=0 cellpadding=2 cellspacing=1 width=130>
 
 
 
<tr>
 
 
 
<td colspan=3><font size=1><b>Login</b></font></td>
 
 
 
</tr>
 
 
 
<tr>
 
 
 
<td colspan=3>&nbsp;</td>
 
 
 
</tr>
 
 
 
<tr>
 
 
 
<td width=30><font size=1>Username :</font></td>
 
 
 
<td width=100><input name=username size=20 maxlength=20 style="width:100px;" class='textfield'></td>
 
 
 
</tr>
 
 
 
<tr>
 
 
 
<td width=30><font size=1>Password :</font></td>
 
 
 
<td width=100><input name=pass size=2000 maxlength=12 style="width:100px;" type=password class='textfield'></td>
 
 
 
</tr>
 
 
 
<tr>
 
 
 
<td colspan=3>&nbsp;</td>
 
 
 
</tr>
 
 
 
<tr>
 
 
 
<td colspan=3>
 
 
 
<input type="submit" value=" Login " class='textfield'>
 
 
 
<input type="reset" value=" Reset " class='textfield'>
 
 
 
</td>
 
 
 
</tr>
 
 
 
</table>
 
 
 
</td></tr>
 
 
 
</table>
 
 
 
</form>
 
 
 
 
 
 
 
<?
 
 
 
 
 
 
 
include "footer.php";
 
 
 
 
 
 
 
?>
  1. <?
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9. include "functions.php";
  10.  
  11.  
  12.  
  13. if ($_REQUEST['action'] == "login") {
  14.  
  15.  
  16.  
  17.     if ($username == "" || $pass == "") message("Log In","Please fill in your username and your password.");
  18.  
  19.  
  20.  
  21.     $encrypt = iencrypt($pass);
  22.  
  23.  
  24.  
  25.     $result = mysql_query("SELECT * FROM users WHERE username='$username'");
  26.  
  27.  
  28.  
  29.     $array = mysql_fetch_array($result);
  30.  
  31.  
  32.  
  33.     mysql_free_result($result);
  34.  
  35.  
  36.  
  37.    
  38.  
  39.  
  40.  
  41.    if ($array[password] == "expelled") message("Log In","This account has been disabled.");
  42.  
  43.  
  44.  
  45.     elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
  46.  
  47.  
  48.  
  49.    elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181")
  50.  
  51.  
  52.  
  53.    {
  54.  
  55.  
  56.  
  57.         if ($remember) {
  58.  
  59.  
  60.  
  61.             mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
  62.  
  63.  
  64.  
  65.             setcookie("hb",$array[username]."-".$array[password], $time + 5 * 24 * 60 * 60);
  66.  
  67.  
  68.  
  69.             setcookie("rem","true", $time + 5 * 24 * 60 * 60);
  70.  
  71.  
  72.  
  73.         }
  74.  
  75.  
  76.  
  77.         else {
  78.  
  79.  
  80.  
  81.          setcookie("hb",$array[username]."-".$array[password]);
  82.  
  83.  
  84.  
  85.          mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
  86.  
  87.  
  88.  
  89.       }
  90.  
  91.  
  92.  
  93.         header("location:/index.php");
  94.  
  95.  
  96.  
  97.     }
  98.  
  99.  
  100.  
  101. }
  102.  
  103.  
  104.  
  105.  
  106.  
  107.  
  108.  
  109. include "header.php";
  110.  
  111.  
  112.  
  113.  
  114.  
  115.  
  116.  
  117. ?>
  118.  
  119.  
  120.  
  121.  
  122.  
  123.  
  124.  
  125. <font size=2>
  126.  
  127.  
  128.  
  129. <br><br>
  130.  
  131.  
  132.  
  133.  
  134.  
  135.  
  136.  
  137. <form action="login.php" method="post">
  138.  
  139.  
  140.  
  141. <input type=hidden name=action value="login">
  142.  
  143.  
  144.  
  145. <table border=0 cellpadding=0 cellspacing=1>
  146.  
  147.  
  148.  
  149. <tr><td>
  150.  
  151.  
  152.  
  153.  
  154.  
  155.  
  156.  
  157. <table border=0 cellpadding=2 cellspacing=1 width=130>
  158.  
  159.  
  160.  
  161. <tr>
  162.  
  163.  
  164.  
  165. <td colspan=3><font size=1><b>Login</b></font></td>
  166.  
  167.  
  168.  
  169. </tr>
  170.  
  171.  
  172.  
  173. <tr>
  174.  
  175.  
  176.  
  177. <td colspan=3>&nbsp;</td>
  178.  
  179.  
  180.  
  181. </tr>
  182.  
  183.  
  184.  
  185. <tr>
  186.  
  187.  
  188.  
  189. <td width=30><font size=1>Username :</font></td>
  190.  
  191.  
  192.  
  193. <td width=100><input name=username size=20 maxlength=20 style="width:100px;" class='textfield'></td>
  194.  
  195.  
  196.  
  197. </tr>
  198.  
  199.  
  200.  
  201. <tr>
  202.  
  203.  
  204.  
  205. <td width=30><font size=1>Password :</font></td>
  206.  
  207.  
  208.  
  209. <td width=100><input name=pass size=2000 maxlength=12 style="width:100px;" type=password class='textfield'></td>
  210.  
  211.  
  212.  
  213. </tr>
  214.  
  215.  
  216.  
  217. <tr>
  218.  
  219.  
  220.  
  221. <td colspan=3>&nbsp;</td>
  222.  
  223.  
  224.  
  225. </tr>
  226.  
  227.  
  228.  
  229. <tr>
  230.  
  231.  
  232.  
  233. <td colspan=3>
  234.  
  235.  
  236.  
  237. <input type="submit" value=" Login " class='textfield'>
  238.  
  239.  
  240.  
  241. <input type="reset" value=" Reset " class='textfield'>
  242.  
  243.  
  244.  
  245. </td>
  246.  
  247.  
  248.  
  249. </tr>
  250.  
  251.  
  252.  
  253. </table>
  254.  
  255.  
  256.  
  257. </td></tr>
  258.  
  259.  
  260.  
  261. </table>
  262.  
  263.  
  264.  
  265. </form>
  266.  
  267.  
  268.  
  269.  
  270.  
  271.  
  272.  
  273. <?
  274.  
  275.  
  276.  
  277.  
  278.  
  279.  
  280.  
  281. include "footer.php";
  282.  
  283.  
  284.  
  285.  
  286.  
  287.  
  288.  
  289. ?>
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I'm not the best with PHP, but it appears to me that these two are reversed.

PHP Code: [ Select ]
if ($array[password] == "expelled") message("Log In","This account has been disabled.");
 
 
 
    elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
 
 
 
    elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181")
 
 
 
    {
  1. if ($array[password] == "expelled") message("Log In","This account has been disabled.");
  2.  
  3.  
  4.  
  5.     elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
  6.  
  7.  
  8.  
  9.     elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181")
  10.  
  11.  
  12.  
  13.     {


If I'm reading that correctly it looks like anyone who's IP is not 212.10.249.181 will get the login error, and anyone who's IP is 212.10.249.181 will be able to login. Try reversing your != and ==

//hmmm - skip that - what I said is not correct. I see the conditions now. I'm not sure exactly what's doing it now, but I still think it's right about there.
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

I redid the encrypt password on the app.php file so now when you login you just get a blank page. You try to go to a page for members only and it says you must login...

PHP Code: [ Select ]
<?php include "functions.php"; ?>
 
 
 
<?php include "header.php"; ?>
 
<?php
 
// Register Script
 
// Place info in the database
 
$username = $_POST['username'];
 
$encrypt = iencrypt($_POST['password']);
 
$email = $_POST['email'];
 
$role = $_POST['role'];
 
 
 
$query = "INSERT INTO users (username,password,email,galleon,sickle,knut,role,house)
 
            VALUES ('$username','$encrypt','$email','100','0','0','$role','Being Sorted')";
 
// Run the SQL Statment here
 
$result = mysql_query($query)
 
   or die ("Could not intsert in database");
 
   
 
   echo "You may now log into Ackwell RPG";
 
   ?>
 
<?php include "footer.php"; ?>
  1. <?php include "functions.php"; ?>
  2.  
  3.  
  4.  
  5. <?php include "header.php"; ?>
  6.  
  7. <?php
  8.  
  9. // Register Script
  10.  
  11. // Place info in the database
  12.  
  13. $username = $_POST['username'];
  14.  
  15. $encrypt = iencrypt($_POST['password']);
  16.  
  17. $email = $_POST['email'];
  18.  
  19. $role = $_POST['role'];
  20.  
  21.  
  22.  
  23. $query = "INSERT INTO users (username,password,email,galleon,sickle,knut,role,house)
  24.  
  25.             VALUES ('$username','$encrypt','$email','100','0','0','$role','Being Sorted')";
  26.  
  27. // Run the SQL Statment here
  28.  
  29. $result = mysql_query($query)
  30.  
  31.    or die ("Could not intsert in database");
  32.  
  33.    
  34.  
  35.    echo "You may now log into Ackwell RPG";
  36.  
  37.    ?>
  38.  
  39. <?php include "footer.php"; ?>
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

anyone else help? please...
  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

why do you have that IP part in there?
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

I don't know, I didn't write the script, just trying to fix it.

Here's login2.php the file that follows login.php, it's pretty much the same...

PHP Code: [ Select ]
<?
 
include "functions.php";
 
 
 
$username = $_POST['username'];
 
$pass = $_POST['password'];
 
 
 
 
 
if ($_REQUEST['action'] == "login") {
 
 
 
    if ($username == "" || $password == "") message("Log In","Please fill in your username and your password.");
 
 
 
    $encrypt = iencrypt($password);
 
 
 
    $result = mysql_query("SELECT * FROM users WHERE username='$username'");
 
 
 
    $array = mysql_fetch_array($result);
 
 
 
    mysql_free_result($result);
 
 
 
   
 
 
 
   if ($array[password] == "expelled") message("Log In","This account has been disabled.");
 
 
 
    elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
 
 
 
   elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181");
 
 
 
   {
 
 
 
        if ($remember) {
 
 
 
            mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
 
 
 
            setcookie("hb",$array[username]."-".$array[password], $time + 5 * 24 * 60 * 60);
 
 
 
            setcookie("rem","true", $time + 5 * 24 * 60 * 60);
 
 
 
        }
 
 
 
        else {
 
 
 
         setcookie("hb",$array[username]."-".$array[password]);
 
 
 
         mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
 
 
 
      }
 
 
 
        header("location:/index.php");
 
 
 
    }
 
 
 
}
 
 
 
 
 
 
 
include "header.php";
 
 
 
 
 
 
 
?>
 
You Should now be logged in
 
<?
 
 
 
 
 
 
 
include "footer.php";
 
 
 
 
 
 
 
?>
  1. <?
  2.  
  3. include "functions.php";
  4.  
  5.  
  6.  
  7. $username = $_POST['username'];
  8.  
  9. $pass = $_POST['password'];
  10.  
  11.  
  12.  
  13.  
  14.  
  15. if ($_REQUEST['action'] == "login") {
  16.  
  17.  
  18.  
  19.     if ($username == "" || $password == "") message("Log In","Please fill in your username and your password.");
  20.  
  21.  
  22.  
  23.     $encrypt = iencrypt($password);
  24.  
  25.  
  26.  
  27.     $result = mysql_query("SELECT * FROM users WHERE username='$username'");
  28.  
  29.  
  30.  
  31.     $array = mysql_fetch_array($result);
  32.  
  33.  
  34.  
  35.     mysql_free_result($result);
  36.  
  37.  
  38.  
  39.    
  40.  
  41.  
  42.  
  43.    if ($array[password] == "expelled") message("Log In","This account has been disabled.");
  44.  
  45.  
  46.  
  47.     elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
  48.  
  49.  
  50.  
  51.    elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181");
  52.  
  53.  
  54.  
  55.    {
  56.  
  57.  
  58.  
  59.         if ($remember) {
  60.  
  61.  
  62.  
  63.             mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
  64.  
  65.  
  66.  
  67.             setcookie("hb",$array[username]."-".$array[password], $time + 5 * 24 * 60 * 60);
  68.  
  69.  
  70.  
  71.             setcookie("rem","true", $time + 5 * 24 * 60 * 60);
  72.  
  73.  
  74.  
  75.         }
  76.  
  77.  
  78.  
  79.         else {
  80.  
  81.  
  82.  
  83.          setcookie("hb",$array[username]."-".$array[password]);
  84.  
  85.  
  86.  
  87.          mysql_query("INSERT INTO ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
  88.  
  89.  
  90.  
  91.       }
  92.  
  93.  
  94.  
  95.         header("location:/index.php");
  96.  
  97.  
  98.  
  99.     }
  100.  
  101.  
  102.  
  103. }
  104.  
  105.  
  106.  
  107.  
  108.  
  109.  
  110.  
  111. include "header.php";
  112.  
  113.  
  114.  
  115.  
  116.  
  117.  
  118.  
  119. ?>
  120.  
  121. You Should now be logged in
  122.  
  123. <?
  124.  
  125.  
  126.  
  127.  
  128.  
  129.  
  130.  
  131. include "footer.php";
  132.  
  133.  
  134.  
  135.  
  136.  
  137.  
  138.  
  139. ?>
  • stinger
  • Graduate
  • Graduate
  • stinger
  • Posts: 157
  • Loc: San Jose, CA

Post 3+ Months Ago

Hello!!!

This should be simple to solve. . . . Lets just use some programming logic!!!

Quote:
Some people are able to login, that is possible. But others when you signup, and you go to login you get "Incorrect password and/or username" thing. But for a fact, their information is right, and it's in the db.



NOW, if the data is being entered into the database correctly, then all we need to focus on is your login script. So lets look at your login script!!!!

Code: [ Select ]
iencrypt()


This is not a php function! If you want to use php to encrypt your data, please refer to the php manual:

http://www.php.net/manual-lookup.php?pattern=encrypt

More than likely, you'll want to use mcrypt().
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

But encrypt() seems to be doing it's job, it's encryptingthe passwords. If I'm not mistaken it's made a fuction on the functions.php page. since there is a file encrypt.phtml
  • stinger
  • Graduate
  • Graduate
  • stinger
  • Posts: 157
  • Loc: San Jose, CA

Post 3+ Months Ago

If the iencrypt() function is being defined through the functions page, you are going to want to look at that function. All your sql statements are correct and doing their job. If you post data from your functions page, make sure NOT to include any passwords or database login info

Quote:
DO NOT DISPLAY YOUR LOGIN INFORMATION FOR YOUR DATABASE


Hope to help. . . . .
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Stinger is right about your iencrypt function being your problem, however posting the contents of that function may expose your encryption key :wink:

Being the problem is known passwords & usernames comming up wrong, your problem has somthing to do with your encryption algorythem.

Is there an uniencrypt() function floating around that script ?
Generally once a password is being accessed from a post it is allready at the server & the password is unEncrypted from the database to compare against the one posted, the way you have it as of now the posted data is encrypted then compared against the one in the database. If your encryption works with time/date or anything like that to produce a key then that's why your getting comparason errors.
  • Cafu
  • Student
  • Student
  • Cafu
  • Posts: 97

Post 3+ Months Ago

what does the iencrypt function do? I see:
Code: [ Select ]
$encrypt = iencrypt($pass);


But I don't see the function. You don't seem to be encrypting the password in the signup page, why are you encrypting the password the user sends you on login when you compare it to the one in the DB?
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

Here's fuctions.php


Yeah, iencrypt() is not made a fuction on fuctions.php but on encrypt.phtml (next post)

PHP Code: [ Select ]
<?
 
 
 
 
 
 
 
# functions.phtml (C) Hidden Beauxbaton
 
 
 
# 2002 Lauren, laurenedw@yahoo.com
 
 
 
# Global variables, please don't overwrite
 
 
 
# $username
 
 
 
 
 
 
 
error_reporting(0);
 
 
 
 
 
 
 
if ($HTTP_HOST != "localhost" && $HTTP_HOST != "www.hp.ibsz.com") {
 
 
 
    header("location:http://www.hp.ibsz.com$REQUEST_URI"); exit;
 
 
 
}
 
 
 
 
 
 
 
########## FUNCTIONS
 
 
 
 
 
 
 
function getmicrotime(){
 
 
 
    list($usec, $sec) = explode(" ",microtime());
 
 
 
    return ((float)$usec + (float)$sec);
 
 
 
}
 
 
 
 
 
 
 
$time1 = getmicrotime();
 
 
 
 
 
 
 
function textarea_parse($str) {
 
 
 
    $str = eregi_replace("textarea","textarea",$str);
 
 
 
    $str = eregi_replace("<script","&lt;script",$str);
 
 
 
    $str = eregi_replace("<!","&lt;!",$str);
 
 
 
    return $str;
 
 
 
}
 
 
 
 
 
 
 
function gsk_to_knut($g=0,$s=0,$k=0) {
 
 
 
    return (493 * $g) + (29 * $s) + $k;
 
 
 
}
 
 
 
 
 
 
 
function knut_to_gsk($k=0) {
 
 
 
    $g = floor($k/493);
 
 
 
    $s = floor(($k-$g*493)/29);
 
 
 
    $k = floor($k-$g*493-$s*29);
 
 
 
    return array($g,$s,$k);
 
 
 
}
 
 
 
 
 
 
 
function pages_links($pages,$link="",$current=0) {
 
 
 
    for ($i=1;$i<=min($pages,500);$i++)
 
 
 
        if ($current == $i) $return .= "<font color=#FFFFFF><b>$i</b></font> ";
 
 
 
        else $return .= "<a href='".$link.$i."'>$i</a> ";
 
 
 
    return $return;
 
 
 
}
 
 
 
 
 
 
 
function mysql_count($mixed) {
 
 
 
    if (is_resource($mixed)) return mysql_num_rows($mixed);
 
 
 
    else {
 
 
 
        $result = mysql_query("SELECT count(*) AS count FROM $mixed");
 
 
 
        $array = mysql_fetch_array($result);
 
 
 
        mysql_free_result($result);
 
 
 
        return $array[count];
 
 
 
    }
 
 
 
}
 
 
 
 
 
 
 
function mysql_distinct($query) {
 
 
 
    $result = mysql_query("SELECT DISTINCT $query");
 
 
 
    $array = mysql_fetch_array($result);
 
 
 
    mysql_free_result($result);
 
 
 
    return $array;
 
 
 
}
 
 
 
 
 
 
 
function htmlstr($str) {
 
 
 
    return htmlspecialchars(stripslashes($str));
 
 
 
}
 
 
 
 
 
 
 
function sendmail($to,$subject,$pagetext,$from="cole@animarium.net") {
 
 
 
    @mail($to,$subject,$pagetext,"From: $from\nReply-To: $from\nX-Mailer: PHP/".phpversion());
 
 
 
}
 
 
 
 
 
 
 
function membersonly() {
 
 
 
    global $userarray;
 
 
 
    if (!is_array($userarray)) message("Ackwell RPG","You must login to view this page.");
 
 
 
}
 
 
 
 
 
 
 
function arraytolower($array) {
 
 
 
    foreach (array_keys($array) as $each) $array[$each] = trim(strtolower($array[$each]));
 
 
 
    return $array;
 
 
 
}
 
 
 
 
 
 
 
function listtoarray($list) {
 
 
 
    $array = array();
 
 
 
    foreach (split(",",$list) as $each) array_push($array,trim($each));
 
 
 
    return $array;
 
 
 
}
 
 
 
 
 
 
 
function message($title,$message,$backlink="",$second=1) {
 
 
 
global $redirect;
 
 
 
if (!$title) $title = "Animarium RPG";
 
 
 
if (!$message) $message = "No message";
 
 
 
if ($backlink) $backlink = "<a href=\"javascript&#058;history.go(-1)\">Click here to go back</a><br>";
 
 
 
 
 
 
 
if ($redirect) $redirect = "<meta http-equiv='Refresh' content='$second; URL=$redirect'>";
 
 
 
 
 
 
 
echo <<<EOT
 
 
 
<html>
 
 
 
<head>
 
 
 
<title>Ackwell Castle</title>
 
 
 
$redirect
 
 
 
<style>
 
 
 
td { font-family: Verdana,  Helvetica; font-size: 10px; }
 
 
 
</style>
 
 
 
</head>
 
 
 
<body text=#0000000 link=#000000 alink=#000000 vlink=#000000>
 
 
 
<font face=verdana size=1>
 
 
 
<b>$title</b><br> $message<br>
 
 
 
$backlink
 
 
 
<br>
 
 
 
</body>
 
 
 
</html>
 
 
 
EOT;
 
 
 
exit;
 
 
 
}
 
 
 
 
 
 
 
########## VARIABLES
 
 
 
 
 
 
 
$ipadd = $REMOTE_ADDR;
 
 
 
$time = time();
 
 
 
$query = split("\.",getenv('QUERY_STRING'));
 
 
 
list($referer) = split("\?",getenv('HTTP_REFERER'));
 
 
 
$inventory_max = 50;
 
 
 
$username = "";
 
 
 
$hunger_array = array("Too bloated","Bloated","Full","Satiated","Fine","Not hungry","Hungry","Very hungry","Famished","Starving","Dying");
 
 
 
$thirst_array = array("Fine","Not Thirsty","Thirsty","Very Thirsty");
 
 
 
 
 
 
 
include "$DOCUMENT_ROOT/encrypt.phtml";
 
 
 
 
 
 
 
########## MYSQL DATABASE
 
 
 
mysql_connect(" "," "," ");
 
 
 
mysql_select_db(" ");
 
 
 
########## CHECK FOR LOGIN
 
 
 
$hbLogin = $HTTP_COOKIE_VARS["hb"];
 
 
 
list($cuser,$cpass) = split("-",$hbLogin);
 
 
 
if ($hbLogin) {
 
 
 
    $result = mysql_query("SELECT * FROM users WHERE username='$cuser'");
 
 
 
    if (mysql_num_rows($result)) {
 
 
 
        $array = mysql_fetch_array($result);
 
 
 
        if ($array[password] == "expelled") message("User","Your account has been frozen.");
 
 
 
        if ($array[password] == $cpass) {
 
 
 
           $userarray = $array;
 
 
 
        $username = $userarray[username];
 
 
 
            list($house) = mysql_distinct("house FROM users  WHERE username='$cuser'");
 
 
 
            mysql_query("UPDATE users SET lastlogin='$time' WHERE username='$username'");
 
 
 
            $login = 1;
 
 
 
        } else $login = 0;
 
 
 
    }
 
 
 
}
 
 
 
 
 
 
 
########## LOG
 
 
 
 
 
 
 
function write_w($file,$pagetext) { $f = fopen($file,"w"); fwrite($f,$pagetext); fclose($f); }
 
 
 
function write_a($file,$pagetext) { $f = fopen($file,"a"); fwrite($f,$pagetext); fclose($f); }
 
 
 
 
 
 
 
$j = 20 - strlen($username);
 
 
 
for ($i=1;$i<=$j;$i++) $space .= " ";
 
 
 
if (eregi("command",$HTTP_REFERER)) $HTTP_REFERER = "";
 
 
 
write_a("$DOCUMENT_ROOT/hb/log/log.txt","$username$space\t".date("M. d, H:i:s",$time)."\t$REMOTE_ADDR\t$HTTP_REFERER\t\t$REQUEST_URI\n");
 
 
 
# if (date("s",$time) == 0) { write_w("$DOCUMENT_ROOT/hb/log/log.txt","<pre>"); }
 
 
 
 
 
 
 
if ($username == "Lauren" or $username == "Hoojx") $timezone = 14 * 60 * 60;
 
 
 
 
 
 
 
########## Admin Level
 
 
 
 
 
 
 
list($adminlevel) = mysql_distinct("level FROM admin WHERE username='$username'");
 
 
 
if ($adminlevel) { $linkcolor = "#00FF00"; } else { $linkcolor = "#FFFFFF"; }
 
 
 
 
 
 
 
########## Map
 
 
 
 
 
 
 
if ($username) {
 
 
 
    $result = mysql_query("SELECT * FROM map WHERE username='$username'");
 
 
 
    if (mysql_num_rows($result))
 
 
 
        mysql_query("UPDATE map SET dateline='$time' WHERE username='$username'");
 
 
 
    else
 
 
 
        mysql_query("INSERT INTO map SET username='$username',dateline='$time'");
 
 
 
    mysql_free_result($result);
 
 
 
}
 
 
 
 
 
 
 
 
 
 
 
######## Checking if user is ip banned
 
 
 
$result = mysql_query("SELECT * FROM banned WHERE ip='$ipadd'") or die("didnt work!");
 
 
 
if (mysql_numrows($result)) {
 
 
 
   list ($timeban) = mysql_distinct("banuntill FROM banned WHERE ip='$ipadd'");
 
 
 
   list ($banreason) = mysql_distinct("reason FROM banned WHERE ip='$ipadd'") or die ("Couldn't distinct banreason");
 
 
 
   
 
 
 
   if ($timeban == "0") {
 
 
 
      message("Banned", "You are permanently banned from this site because
 
 
 
      of the following reason: <br><br>$banreason");
 
 
 
   } elseif ($timeban > $time) {
 
 
 
      message("Banned", "You are currently banned from this site because
 
 
 
      of the following reason: <br><br>$banreason<br><br>You are banned fr");
 
 
 
      mysql_free_result($result);
 
 
 
   } elseif ($timeban <= $time) {
 
 
 
      mysql_query("DELETE FROM banned WHERE ip='$ipadd'");
 
 
 
   }
 
 
 
}
 
 
 
?>
  1. <?
  2.  
  3.  
  4.  
  5.  
  6.  
  7.  
  8.  
  9. # functions.phtml (C) Hidden Beauxbaton
  10.  
  11.  
  12.  
  13. # 2002 Lauren, laurenedw@yahoo.com
  14.  
  15.  
  16.  
  17. # Global variables, please don't overwrite
  18.  
  19.  
  20.  
  21. # $username
  22.  
  23.  
  24.  
  25.  
  26.  
  27.  
  28.  
  29. error_reporting(0);
  30.  
  31.  
  32.  
  33.  
  34.  
  35.  
  36.  
  37. if ($HTTP_HOST != "localhost" && $HTTP_HOST != "www.hp.ibsz.com") {
  38.  
  39.  
  40.  
  41.     header("location:http://www.hp.ibsz.com$REQUEST_URI"); exit;
  42.  
  43.  
  44.  
  45. }
  46.  
  47.  
  48.  
  49.  
  50.  
  51.  
  52.  
  53. ########## FUNCTIONS
  54.  
  55.  
  56.  
  57.  
  58.  
  59.  
  60.  
  61. function getmicrotime(){
  62.  
  63.  
  64.  
  65.     list($usec, $sec) = explode(" ",microtime());
  66.  
  67.  
  68.  
  69.     return ((float)$usec + (float)$sec);
  70.  
  71.  
  72.  
  73. }
  74.  
  75.  
  76.  
  77.  
  78.  
  79.  
  80.  
  81. $time1 = getmicrotime();
  82.  
  83.  
  84.  
  85.  
  86.  
  87.  
  88.  
  89. function textarea_parse($str) {
  90.  
  91.  
  92.  
  93.     $str = eregi_replace("textarea","textarea",$str);
  94.  
  95.  
  96.  
  97.     $str = eregi_replace("<script","&lt;script",$str);
  98.  
  99.  
  100.  
  101.     $str = eregi_replace("<!","&lt;!",$str);
  102.  
  103.  
  104.  
  105.     return $str;
  106.  
  107.  
  108.  
  109. }
  110.  
  111.  
  112.  
  113.  
  114.  
  115.  
  116.  
  117. function gsk_to_knut($g=0,$s=0,$k=0) {
  118.  
  119.  
  120.  
  121.     return (493 * $g) + (29 * $s) + $k;
  122.  
  123.  
  124.  
  125. }
  126.  
  127.  
  128.  
  129.  
  130.  
  131.  
  132.  
  133. function knut_to_gsk($k=0) {
  134.  
  135.  
  136.  
  137.     $g = floor($k/493);
  138.  
  139.  
  140.  
  141.     $s = floor(($k-$g*493)/29);
  142.  
  143.  
  144.  
  145.     $k = floor($k-$g*493-$s*29);
  146.  
  147.  
  148.  
  149.     return array($g,$s,$k);
  150.  
  151.  
  152.  
  153. }
  154.  
  155.  
  156.  
  157.  
  158.  
  159.  
  160.  
  161. function pages_links($pages,$link="",$current=0) {
  162.  
  163.  
  164.  
  165.     for ($i=1;$i<=min($pages,500);$i++)
  166.  
  167.  
  168.  
  169.         if ($current == $i) $return .= "<font color=#FFFFFF><b>$i</b></font> ";
  170.  
  171.  
  172.  
  173.         else $return .= "<a href='".$link.$i."'>$i</a> ";
  174.  
  175.  
  176.  
  177.     return $return;
  178.  
  179.  
  180.  
  181. }
  182.  
  183.  
  184.  
  185.  
  186.  
  187.  
  188.  
  189. function mysql_count($mixed) {
  190.  
  191.  
  192.  
  193.     if (is_resource($mixed)) return mysql_num_rows($mixed);
  194.  
  195.  
  196.  
  197.     else {
  198.  
  199.  
  200.  
  201.         $result = mysql_query("SELECT count(*) AS count FROM $mixed");
  202.  
  203.  
  204.  
  205.         $array = mysql_fetch_array($result);
  206.  
  207.  
  208.  
  209.         mysql_free_result($result);
  210.  
  211.  
  212.  
  213.         return $array[count];
  214.  
  215.  
  216.  
  217.     }
  218.  
  219.  
  220.  
  221. }
  222.  
  223.  
  224.  
  225.  
  226.  
  227.  
  228.  
  229. function mysql_distinct($query) {
  230.  
  231.  
  232.  
  233.     $result = mysql_query("SELECT DISTINCT $query");
  234.  
  235.  
  236.  
  237.     $array = mysql_fetch_array($result);
  238.  
  239.  
  240.  
  241.     mysql_free_result($result);
  242.  
  243.  
  244.  
  245.     return $array;
  246.  
  247.  
  248.  
  249. }
  250.  
  251.  
  252.  
  253.  
  254.  
  255.  
  256.  
  257. function htmlstr($str) {
  258.  
  259.  
  260.  
  261.     return htmlspecialchars(stripslashes($str));
  262.  
  263.  
  264.  
  265. }
  266.  
  267.  
  268.  
  269.  
  270.  
  271.  
  272.  
  273. function sendmail($to,$subject,$pagetext,$from="cole@animarium.net") {
  274.  
  275.  
  276.  
  277.     @mail($to,$subject,$pagetext,"From: $from\nReply-To: $from\nX-Mailer: PHP/".phpversion());
  278.  
  279.  
  280.  
  281. }
  282.  
  283.  
  284.  
  285.  
  286.  
  287.  
  288.  
  289. function membersonly() {
  290.  
  291.  
  292.  
  293.     global $userarray;
  294.  
  295.  
  296.  
  297.     if (!is_array($userarray)) message("Ackwell RPG","You must login to view this page.");
  298.  
  299.  
  300.  
  301. }
  302.  
  303.  
  304.  
  305.  
  306.  
  307.  
  308.  
  309. function arraytolower($array) {
  310.  
  311.  
  312.  
  313.     foreach (array_keys($array) as $each) $array[$each] = trim(strtolower($array[$each]));
  314.  
  315.  
  316.  
  317.     return $array;
  318.  
  319.  
  320.  
  321. }
  322.  
  323.  
  324.  
  325.  
  326.  
  327.  
  328.  
  329. function listtoarray($list) {
  330.  
  331.  
  332.  
  333.     $array = array();
  334.  
  335.  
  336.  
  337.     foreach (split(",",$list) as $each) array_push($array,trim($each));
  338.  
  339.  
  340.  
  341.     return $array;
  342.  
  343.  
  344.  
  345. }
  346.  
  347.  
  348.  
  349.  
  350.  
  351.  
  352.  
  353. function message($title,$message,$backlink="",$second=1) {
  354.  
  355.  
  356.  
  357. global $redirect;
  358.  
  359.  
  360.  
  361. if (!$title) $title = "Animarium RPG";
  362.  
  363.  
  364.  
  365. if (!$message) $message = "No message";
  366.  
  367.  
  368.  
  369. if ($backlink) $backlink = "<a href=\"javascript&#058;history.go(-1)\">Click here to go back</a><br>";
  370.  
  371.  
  372.  
  373.  
  374.  
  375.  
  376.  
  377. if ($redirect) $redirect = "<meta http-equiv='Refresh' content='$second; URL=$redirect'>";
  378.  
  379.  
  380.  
  381.  
  382.  
  383.  
  384.  
  385. echo <<<EOT
  386.  
  387.  
  388.  
  389. <html>
  390.  
  391.  
  392.  
  393. <head>
  394.  
  395.  
  396.  
  397. <title>Ackwell Castle</title>
  398.  
  399.  
  400.  
  401. $redirect
  402.  
  403.  
  404.  
  405. <style>
  406.  
  407.  
  408.  
  409. td { font-family: Verdana,  Helvetica; font-size: 10px; }
  410.  
  411.  
  412.  
  413. </style>
  414.  
  415.  
  416.  
  417. </head>
  418.  
  419.  
  420.  
  421. <body text=#0000000 link=#000000 alink=#000000 vlink=#000000>
  422.  
  423.  
  424.  
  425. <font face=verdana size=1>
  426.  
  427.  
  428.  
  429. <b>$title</b><br> $message<br>
  430.  
  431.  
  432.  
  433. $backlink
  434.  
  435.  
  436.  
  437. <br>
  438.  
  439.  
  440.  
  441. </body>
  442.  
  443.  
  444.  
  445. </html>
  446.  
  447.  
  448.  
  449. EOT;
  450.  
  451.  
  452.  
  453. exit;
  454.  
  455.  
  456.  
  457. }
  458.  
  459.  
  460.  
  461.  
  462.  
  463.  
  464.  
  465. ########## VARIABLES
  466.  
  467.  
  468.  
  469.  
  470.  
  471.  
  472.  
  473. $ipadd = $REMOTE_ADDR;
  474.  
  475.  
  476.  
  477. $time = time();
  478.  
  479.  
  480.  
  481. $query = split("\.",getenv('QUERY_STRING'));
  482.  
  483.  
  484.  
  485. list($referer) = split("\?",getenv('HTTP_REFERER'));
  486.  
  487.  
  488.  
  489. $inventory_max = 50;
  490.  
  491.  
  492.  
  493. $username = "";
  494.  
  495.  
  496.  
  497. $hunger_array = array("Too bloated","Bloated","Full","Satiated","Fine","Not hungry","Hungry","Very hungry","Famished","Starving","Dying");
  498.  
  499.  
  500.  
  501. $thirst_array = array("Fine","Not Thirsty","Thirsty","Very Thirsty");
  502.  
  503.  
  504.  
  505.  
  506.  
  507.  
  508.  
  509. include "$DOCUMENT_ROOT/encrypt.phtml";
  510.  
  511.  
  512.  
  513.  
  514.  
  515.  
  516.  
  517. ########## MYSQL DATABASE
  518.  
  519.  
  520.  
  521. mysql_connect(" "," "," ");
  522.  
  523.  
  524.  
  525. mysql_select_db(" ");
  526.  
  527.  
  528.  
  529. ########## CHECK FOR LOGIN
  530.  
  531.  
  532.  
  533. $hbLogin = $HTTP_COOKIE_VARS["hb"];
  534.  
  535.  
  536.  
  537. list($cuser,$cpass) = split("-",$hbLogin);
  538.  
  539.  
  540.  
  541. if ($hbLogin) {
  542.  
  543.  
  544.  
  545.     $result = mysql_query("SELECT * FROM users WHERE username='$cuser'");
  546.  
  547.  
  548.  
  549.     if (mysql_num_rows($result)) {
  550.  
  551.  
  552.  
  553.         $array = mysql_fetch_array($result);
  554.  
  555.  
  556.  
  557.         if ($array[password] == "expelled") message("User","Your account has been frozen.");
  558.  
  559.  
  560.  
  561.         if ($array[password] == $cpass) {
  562.  
  563.  
  564.  
  565.            $userarray = $array;
  566.  
  567.  
  568.  
  569.         $username = $userarray[username];
  570.  
  571.  
  572.  
  573.             list($house) = mysql_distinct("house FROM users  WHERE username='$cuser'");
  574.  
  575.  
  576.  
  577.             mysql_query("UPDATE users SET lastlogin='$time' WHERE username='$username'");
  578.  
  579.  
  580.  
  581.             $login = 1;
  582.  
  583.  
  584.  
  585.         } else $login = 0;
  586.  
  587.  
  588.  
  589.     }
  590.  
  591.  
  592.  
  593. }
  594.  
  595.  
  596.  
  597.  
  598.  
  599.  
  600.  
  601. ########## LOG
  602.  
  603.  
  604.  
  605.  
  606.  
  607.  
  608.  
  609. function write_w($file,$pagetext) { $f = fopen($file,"w"); fwrite($f,$pagetext); fclose($f); }
  610.  
  611.  
  612.  
  613. function write_a($file,$pagetext) { $f = fopen($file,"a"); fwrite($f,$pagetext); fclose($f); }
  614.  
  615.  
  616.  
  617.  
  618.  
  619.  
  620.  
  621. $j = 20 - strlen($username);
  622.  
  623.  
  624.  
  625. for ($i=1;$i<=$j;$i++) $space .= " ";
  626.  
  627.  
  628.  
  629. if (eregi("command",$HTTP_REFERER)) $HTTP_REFERER = "";
  630.  
  631.  
  632.  
  633. write_a("$DOCUMENT_ROOT/hb/log/log.txt","$username$space\t".date("M. d, H:i:s",$time)."\t$REMOTE_ADDR\t$HTTP_REFERER\t\t$REQUEST_URI\n");
  634.  
  635.  
  636.  
  637. # if (date("s",$time) == 0) { write_w("$DOCUMENT_ROOT/hb/log/log.txt","<pre>"); }
  638.  
  639.  
  640.  
  641.  
  642.  
  643.  
  644.  
  645. if ($username == "Lauren" or $username == "Hoojx") $timezone = 14 * 60 * 60;
  646.  
  647.  
  648.  
  649.  
  650.  
  651.  
  652.  
  653. ########## Admin Level
  654.  
  655.  
  656.  
  657.  
  658.  
  659.  
  660.  
  661. list($adminlevel) = mysql_distinct("level FROM admin WHERE username='$username'");
  662.  
  663.  
  664.  
  665. if ($adminlevel) { $linkcolor = "#00FF00"; } else { $linkcolor = "#FFFFFF"; }
  666.  
  667.  
  668.  
  669.  
  670.  
  671.  
  672.  
  673. ########## Map
  674.  
  675.  
  676.  
  677.  
  678.  
  679.  
  680.  
  681. if ($username) {
  682.  
  683.  
  684.  
  685.     $result = mysql_query("SELECT * FROM map WHERE username='$username'");
  686.  
  687.  
  688.  
  689.     if (mysql_num_rows($result))
  690.  
  691.  
  692.  
  693.         mysql_query("UPDATE map SET dateline='$time' WHERE username='$username'");
  694.  
  695.  
  696.  
  697.     else
  698.  
  699.  
  700.  
  701.         mysql_query("INSERT INTO map SET username='$username',dateline='$time'");
  702.  
  703.  
  704.  
  705.     mysql_free_result($result);
  706.  
  707.  
  708.  
  709. }
  710.  
  711.  
  712.  
  713.  
  714.  
  715.  
  716.  
  717.  
  718.  
  719.  
  720.  
  721. ######## Checking if user is ip banned
  722.  
  723.  
  724.  
  725. $result = mysql_query("SELECT * FROM banned WHERE ip='$ipadd'") or die("didnt work!");
  726.  
  727.  
  728.  
  729. if (mysql_numrows($result)) {
  730.  
  731.  
  732.  
  733.    list ($timeban) = mysql_distinct("banuntill FROM banned WHERE ip='$ipadd'");
  734.  
  735.  
  736.  
  737.    list ($banreason) = mysql_distinct("reason FROM banned WHERE ip='$ipadd'") or die ("Couldn't distinct banreason");
  738.  
  739.  
  740.  
  741.    
  742.  
  743.  
  744.  
  745.    if ($timeban == "0") {
  746.  
  747.  
  748.  
  749.       message("Banned", "You are permanently banned from this site because
  750.  
  751.  
  752.  
  753.       of the following reason: <br><br>$banreason");
  754.  
  755.  
  756.  
  757.    } elseif ($timeban > $time) {
  758.  
  759.  
  760.  
  761.       message("Banned", "You are currently banned from this site because
  762.  
  763.  
  764.  
  765.       of the following reason: <br><br>$banreason<br><br>You are banned fr");
  766.  
  767.  
  768.  
  769.       mysql_free_result($result);
  770.  
  771.  
  772.  
  773.    } elseif ($timeban <= $time) {
  774.  
  775.  
  776.  
  777.       mysql_query("DELETE FROM banned WHERE ip='$ipadd'");
  778.  
  779.  
  780.  
  781.    }
  782.  
  783.  
  784.  
  785. }
  786.  
  787.  
  788.  
  789. ?>
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

encrypt.phtml

PHP Code: [ Select ]
<?
 
 
 
$chr = array(
 
a=>P,b=>O,c=>N,d=>M,e=>L,f=>K,g=>J,h=>I,i=>H,j=>G,k=>F,l=>E,m=>D,n=>C,o=>B,p=>A,
 
q=>Q,r=>R,s=>S,t=>T,u=>U,v=>V,w=>W,x=>X,y=>Y,z=>Z,
 
A=>9,B=>8,C=>7,D=>6,E=>5,F=>4,G=>3,H=>2,I=>1,J=>"0",
 
K=>p,L=>o,M=>n,N=>m,O=>l,P=>k,Q=>j,R=>i,S=>h,T=>g,U=>f,V=>e,W=>d,X=>c,Y=>b,Z=>a,
 
0=>q,1=>r,2=>s,3=>t,4=>u,5=>v,6=>w,7=>x,8=>y,9=>z);
 
 
 
function iencrypt($str,$salt=2) {
 
    global $chr;
 
    for ($i=0;$i<=strlen($str)-1;$i++) {
 
        $c = substr($str,$i,1);
 
        for ($t=0;$t<=$i+$salt;$t++) {
 
            if ($chr[$c] != "") { $c = $chr[$c]; }
 
        }
 
        $encrypt .= $c;
 
    }
 
    return $encrypt;
 
}
 
 
 
function idecrypt($str,$salt=2) {
 
    global $chr;
 
    foreach (array_keys($chr) as $each) {
 
        $key = $each;
 
        $value = $chr[$each];
 
        $chr2["$value"] = "$key";
 
    }
 
    $chr = $chr2;
 
    for ($i=0;$i<=strlen($str)-1;$i++) {
 
        $c = substr($str,$i,1);
 
        for ($t=0;$t<=$i+$salt;$t++) {
 
            if ($chr[$c] != "") { $c = $chr[$c]; }
 
        }
 
        $decrypt .= $c;
 
    }
 
    return $decrypt;
 
}
 
 
 
?>
  1. <?
  2.  
  3.  
  4.  
  5. $chr = array(
  6.  
  7. a=>P,b=>O,c=>N,d=>M,e=>L,f=>K,g=>J,h=>I,i=>H,j=>G,k=>F,l=>E,m=>D,n=>C,o=>B,p=>A,
  8.  
  9. q=>Q,r=>R,s=>S,t=>T,u=>U,v=>V,w=>W,x=>X,y=>Y,z=>Z,
  10.  
  11. A=>9,B=>8,C=>7,D=>6,E=>5,F=>4,G=>3,H=>2,I=>1,J=>"0",
  12.  
  13. K=>p,L=>o,M=>n,N=>m,O=>l,P=>k,Q=>j,R=>i,S=>h,T=>g,U=>f,V=>e,W=>d,X=>c,Y=>b,Z=>a,
  14.  
  15. 0=>q,1=>r,2=>s,3=>t,4=>u,5=>v,6=>w,7=>x,8=>y,9=>z);
  16.  
  17.  
  18.  
  19. function iencrypt($str,$salt=2) {
  20.  
  21.     global $chr;
  22.  
  23.     for ($i=0;$i<=strlen($str)-1;$i++) {
  24.  
  25.         $c = substr($str,$i,1);
  26.  
  27.         for ($t=0;$t<=$i+$salt;$t++) {
  28.  
  29.             if ($chr[$c] != "") { $c = $chr[$c]; }
  30.  
  31.         }
  32.  
  33.         $encrypt .= $c;
  34.  
  35.     }
  36.  
  37.     return $encrypt;
  38.  
  39. }
  40.  
  41.  
  42.  
  43. function idecrypt($str,$salt=2) {
  44.  
  45.     global $chr;
  46.  
  47.     foreach (array_keys($chr) as $each) {
  48.  
  49.         $key = $each;
  50.  
  51.         $value = $chr[$each];
  52.  
  53.         $chr2["$value"] = "$key";
  54.  
  55.     }
  56.  
  57.     $chr = $chr2;
  58.  
  59.     for ($i=0;$i<=strlen($str)-1;$i++) {
  60.  
  61.         $c = substr($str,$i,1);
  62.  
  63.         for ($t=0;$t<=$i+$salt;$t++) {
  64.  
  65.             if ($chr[$c] != "") { $c = $chr[$c]; }
  66.  
  67.         }
  68.  
  69.         $decrypt .= $c;
  70.  
  71.     }
  72.  
  73.     return $decrypt;
  74.  
  75. }
  76.  
  77.  
  78.  
  79. ?>
  • stinger
  • Graduate
  • Graduate
  • stinger
  • Posts: 157
  • Loc: San Jose, CA

Post 3+ Months Ago

Ok, This is a very quick shot in the dark as I am running on 2 hours sleep, but when I glanced, (and I mean glanced) at all the code you posted, 1 thing popped out at me. . .


Code: [ Select ]
I=>1,J=>"0",


Now, the ozzu code tag has listed the "0" in red. None of your other varialbes for encryption are red. Is this of any relevance???

I have not worked with any encryption/decryption codes, so I can't speak from experience.

A word of advice though, I really think that your entire encryption process could be eliminated.. I am betting that a skilled hacker would be able to hack your encryption within 5 seconds using a processor of very slow speeds compared to todays standards.


Let me sleep on it for a few hours. . . . .LOL

Good luck. . . Should be easier now knowing where to look for your problem
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

*SmackForehead*
  • balko
  • Beginner
  • Beginner
  • balko
  • Posts: 39
  • Loc: Lancaster, Pa

Post 3+ Months Ago

Like I said, I didn't write the scripts, I is only trying to fix them
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13503
  • Loc: Florida

Post 3+ Months Ago

Going back to your second post on this topic,

Quote:
include "functions.php";

if ($_REQUEST['action'] == "login") {

if ($username == "" || $pass == "") message("Log In","Please fill in your username and your password.");

$encrypt = $pass;

$result = mysql_query("SELECT * FROM users WHERE username='$username'");

$array = mysql_fetch_array($result);

mysql_free_result($result);

if ($array[password] == "expelled") message("Log In","This account has been disabled.");

$array[password] = idecrypt($array[password]);

elseif $array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");

elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181");

{



I've marked changes in bold, you may have to switch theese theese two lines if your banning script eccrypts the word "expelled" when it overwrites it in the database.

Code: [ Select ]
  if ($array[password] == "expelled") message("Log In","This account has been disabled.");

$array[password] = idecrypt($array[password]);
  1.   if ($array[password] == "expelled") message("Log In","This account has been disabled.");
  2. $array[password] = idecrypt($array[password]);


to
Code: [ Select ]
$array[password] = idecrypt($array[password]);

  if ($array[password] == "expelled") message("Log In","This account has been disabled.");
  1. $array[password] = idecrypt($array[password]);
  2.   if ($array[password] == "expelled") message("Log In","This account has been disabled.");


Using the idecrypt() function should unscramble the password from the database the exact oppisite way it was scrambled in the first place, I haven't taken the time to examine it all the way but the presence of the idecrypt() function suggests that is how this script was meant to be used when it was written :wink:

Post Information

  • Total Posts in this topic: 18 posts
  • Users browsing this forum: Liamw411 and 61 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.