Home
>
Outdated forums
>
Phorum 3 forums (READ ONLY)
>
Finished Mods and Plug-ins (READ ONLY)
>
Topic
Login hack ready to go!
Posted by iecstec
Login hack ready to go! November 29, 2000 12:50AM |
This hack was done by iecstec (jamozu@claveempresarial.com)
I tested it from scratch and worked fine.
Exampe you can see at: [www.claveempresarial.com], at the "Foros de discusion" section (the site is in spanish).
For right now it's working only with MySQL.
.txt file in attachment
It was worked using Phorum 3.2.1 with PHP 3.0.6 and MySQL 3.23.23.
I also tested it with Phorum 3.2.11
If you got it working with other versions of Phorum and MySQL please reply to this message.
I tested it from scratch and worked fine.
Exampe you can see at: [www.claveempresarial.com], at the "Foros de discusion" section (the site is in spanish).
For right now it's working only with MySQL.
.txt file in attachment
It was worked using Phorum 3.2.1 with PHP 3.0.6 and MySQL 3.23.23.
I also tested it with Phorum 3.2.11
If you got it working with other versions of Phorum and MySQL please reply to this message.
RE: Login hack ready to go! November 30, 2000 12:08AM |
RE: Login hack ready to go! December 05, 2000 10:42PM |
RE: Login hack ready to go! December 07, 2000 03:45AM |
phorum 3.2.11 version? December 07, 2000 06:57AM |
Hello guys.
Thanks for hacking!
I have little problem:
where in phorum 3.2.11 [post.php] i must add line?:
--- cut ---
Before:
if(!empty($author)){
At the button of file before:
?>
//Login Hack
.......
--- cut ---
there no [if(!empty($author)){] line in post.php...
thanks for help.
good work.
Alexander
Thanks for hacking!
I have little problem:
where in phorum 3.2.11 [post.php] i must add line?:
--- cut ---
Before:
if(!empty($author)){
At the button of file before:
?>
//Login Hack
.......
--- cut ---
there no [if(!empty($author)){] line in post.php...
thanks for help.
good work.
Alexander
Can you guys send me your register script? December 07, 2000 12:37PM |
RE: Can you guys send me your register script? December 07, 2000 03:57PM |
RE: phorum 3.2.11 version? December 07, 2000 05:30PM |
RE: Can you guys send me your register script? December 07, 2000 05:40PM |
To register your members you can use any form processing script. (a lot of that stuff in [php.resourceindex.com]). The only things you need to tell to the phorum are:
* the name of the member database.
* MySQL Username and password to use that database
* member table.
* login name field.
* password field.
* email field.
* The URL of the register script.
Yo can set all this in the phorum admin. in the Database setting section.
I_m using my own script that fits with the login hack. It_s in Beta and all the documents are in spanish. As soon as i finish with traduction and debuging, I_ll make it available.
Regards.
* the name of the member database.
* MySQL Username and password to use that database
* member table.
* login name field.
* password field.
* email field.
* The URL of the register script.
Yo can set all this in the phorum admin. in the Database setting section.
I_m using my own script that fits with the login hack. It_s in Beta and all the documents are in spanish. As soon as i finish with traduction and debuging, I_ll make it available.
Regards.
RE: Can you guys send me your register script? December 07, 2000 07:24PM |
sql tables for auth December 07, 2000 11:39PM |
Hello, iecstec!
I'm not profi in MySQL, but i think i need to build tables for authorization?
I'm configured [Database Settings], but tables don't created... (it must be so?)
What the script to creat tables for your login hack?
Like this: (sorry for mistakes... but i'm "newcomer" on MySQL )
CREATE TABLE session (
id int(11) DEFAULT '0' NOT NULL,
name varchar(150) DEFAULT '' NOT NULL,
ip INT(15) DEFAULT '' NOT NULL,
time DATETIME,
operation TIMESTAMP,
PRIMARY KEY pri_key (name, ip)
);
CREATE TABLE members (
name varchar(150) DEFAULT '' NOT NULL,
pass varchar(100) DEFAULT '' NOT NULL,
email varchar(100) DEFAULT '' NOT NULL,
PRIMARY KEY pri_key (name, pass)
);
fix it please.
thanks for help and script.
I'm not profi in MySQL, but i think i need to build tables for authorization?
I'm configured [Database Settings], but tables don't created... (it must be so?)
What the script to creat tables for your login hack?
Like this: (sorry for mistakes... but i'm "newcomer" on MySQL )
CREATE TABLE session (
id int(11) DEFAULT '0' NOT NULL,
name varchar(150) DEFAULT '' NOT NULL,
ip INT(15) DEFAULT '' NOT NULL,
time DATETIME,
operation TIMESTAMP,
PRIMARY KEY pri_key (name, ip)
);
CREATE TABLE members (
name varchar(150) DEFAULT '' NOT NULL,
pass varchar(100) DEFAULT '' NOT NULL,
email varchar(100) DEFAULT '' NOT NULL,
PRIMARY KEY pri_key (name, pass)
);
fix it please.
thanks for help and script.
MySQL schema December 09, 2000 08:03AM |
Can you please provide a dump of the Login Hack DB schema. I can probably figure it out, but you should really provide this so we can at least have something to go on.
I would like to use my existing user database stored in mysql (from another app), but I want to make sure everything will work nicely together.
Thanks in advance!
-Derek
I would like to use my existing user database stored in mysql (from another app), but I want to make sure everything will work nicely together.
Thanks in advance!
-Derek
RE: MySQL schema December 14, 2000 09:02PM |
Yo shoud crete a member database with at least 4 fields: id, login name, password, email. See below.
-----------------------------------------------------------------------
CREATE DATABASE users;
USE users;
CREATE TABLE members (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
, login CHAR(16) \
, password VARCHAR(32) \
, email VARCHAR(50));
GRANT SELECT, INSERT, UPDATE ON users.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------
A session control database/table:
-----------------------------------------------------------------------
CREATE DATABASE variables;
USE variables;
CREATE TABLE sessions (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
,login CHAR(16), address CHAR(15), lgtime DATETIME, optime DATETIME);
GRANT SELECT, INSERT, UPDATE ON variables.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------
It_s posible to crete all the tables inside th phorum Database.
The 'sessions' table has to be cleaned periodically.
I_m using script that runs every 5 minutes by cron:
-----------------------------------------------------------------------
USE variables;
DELETE FROM sessions WHERE optime < DATE_SUB(NOW(), INTERVAL 15 MINUTE);
-----------------------------------------------------------------------
I_m working on a version that holds the session information inside the
member table with no need to clean.
Run the admin script of phorum.
Go to Phorum Setup
Go to Database Settings
Fill the database information with the tables you already created.
Go to main -> Phorum Setup -> Files/Paths
Set the path to the register script
[Your_site]
-----------------------------------------------------------------------
CREATE DATABASE users;
USE users;
CREATE TABLE members (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
, login CHAR(16) \
, password VARCHAR(32) \
, email VARCHAR(50));
GRANT SELECT, INSERT, UPDATE ON users.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------
A session control database/table:
-----------------------------------------------------------------------
CREATE DATABASE variables;
USE variables;
CREATE TABLE sessions (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
,login CHAR(16), address CHAR(15), lgtime DATETIME, optime DATETIME);
GRANT SELECT, INSERT, UPDATE ON variables.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------
It_s posible to crete all the tables inside th phorum Database.
The 'sessions' table has to be cleaned periodically.
I_m using script that runs every 5 minutes by cron:
-----------------------------------------------------------------------
USE variables;
DELETE FROM sessions WHERE optime < DATE_SUB(NOW(), INTERVAL 15 MINUTE);
-----------------------------------------------------------------------
I_m working on a version that holds the session information inside the
member table with no need to clean.
Run the admin script of phorum.
Go to Phorum Setup
Go to Database Settings
Fill the database information with the tables you already created.
Go to main -> Phorum Setup -> Files/Paths
Set the path to the register script
[Your_site]
Ok... Well I register my username and password. I check to make shure its all there and it is. But when I hit log-in and type my username and password it wont work.... It says my username or password is wrong. Why? Its all there in the databse. I am typing my pass right and I did specify the right databse and tables etc. in the database seetings in the phorum admin.
How are you stoing your password?
The login Hack asumes that you are using encrypted passwords with the PHP crypt function.
In common.php you added:
//Login Hack
function l_encriptar($texto, $llave){
return crypt($texto, $llave);
}
//Login Hack
If you are using plain text password change the function to:
//Login Hack
function l_encriptar($texto, $llave){
return $texto;
}
//Login Hack
If you are using md5 to encrypt the password change he function to:
//Login Hack
function l_encriptar($texto, $llave){
return md5($texto);
}
//Login Hack
Hope that helps.
Regards.
The login Hack asumes that you are using encrypted passwords with the PHP crypt function.
In common.php you added:
//Login Hack
function l_encriptar($texto, $llave){
return crypt($texto, $llave);
}
//Login Hack
If you are using plain text password change the function to:
//Login Hack
function l_encriptar($texto, $llave){
return $texto;
}
//Login Hack
If you are using md5 to encrypt the password change he function to:
//Login Hack
function l_encriptar($texto, $llave){
return md5($texto);
}
//Login Hack
Hope that helps.
Regards.
yes! it's working, but... December 23, 2000 07:20PM |
> Set the path to the register script
> [Your_site]
i have problem with it...
in admin/index.php?page=files :
URL to register script/program (use complete or relative URL):
value is:
<br><b>Warning</b>: Undefined variable: new_reg_url in
<b>admin/pages/files.php</b> on line <b>55</b><br>
i'm not found field $reg_url in forums.php (i think it must be there)...
what is wrong, can you help me?
list.php?f=1&a=login
give me error:
Line: 35
Char: 14
Error: Unterminated string constant
Code: 0
URL: list.php?f=1&a=login
when trying to register by click on [register]:
list.php?f=1&a=login# //see, no url to register script!
give me error:
Line: 78
Char: 1
Error: Object expected
Code: 0
URL: /list.php?f=1&a=login
i cant uderstand, why "register script url" value not saving to DB...
ps: list.php in attach... maybe i have mistake somewhere?
could anybody give me scripts without errors?
and when i try to read new posted message:
Parse error: parse error in read.php on line 478
ps2: i'm using phorum 3.2.11; php 4.0.3; MySQL 3.23.27; apache 1.3.14; w2kpro
Thanks for scripts and help. Best regards.
> [Your_site]
i have problem with it...
in admin/index.php?page=files :
URL to register script/program (use complete or relative URL):
value is:
<br><b>Warning</b>: Undefined variable: new_reg_url in
<b>admin/pages/files.php</b> on line <b>55</b><br>
i'm not found field $reg_url in forums.php (i think it must be there)...
what is wrong, can you help me?
list.php?f=1&a=login
give me error:
Line: 35
Char: 14
Error: Unterminated string constant
Code: 0
URL: list.php?f=1&a=login
when trying to register by click on [register]:
list.php?f=1&a=login# //see, no url to register script!
give me error:
Line: 78
Char: 1
Error: Object expected
Code: 0
URL: /list.php?f=1&a=login
i cant uderstand, why "register script url" value not saving to DB...
ps: list.php in attach... maybe i have mistake somewhere?
could anybody give me scripts without errors?
and when i try to read new posted message:
Parse error: parse error in read.php on line 478
ps2: i'm using phorum 3.2.11; php 4.0.3; MySQL 3.23.27; apache 1.3.14; w2kpro
Thanks for scripts and help. Best regards.
RE: yes! it's working, but... December 25, 2000 10:07PM |
Hi, how would I go about seperating the login.php/logout.php scripts so I can allow members to login and logout from a script not within a phorum include/require statement.. Meaning having a seperate login.php that isn't included into a list.php or read.php..
Has anyone done this or know how to? I keep running into errors and input flex scanner errors when I try. I'm sure the phorum code could have been orgranized alot better? I've spent hours trying to figure out how to do this and i've had no luck...
Thanks,
Kevin Y.
Has anyone done this or know how to? I keep running into errors and input flex scanner errors when I try. I'm sure the phorum code could have been orgranized alot better? I've spent hours trying to figure out how to do this and i've had no luck...
Thanks,
Kevin Y.
No! It isn't working, does it? December 28, 2000 06:24PM |
<b>Parse error</b>: parse error in <b>/daten/web/apache/htdocs/phoenix/forum/include/forums.php</b> on line <b>45</b><br>
<br>
<b>Fatal error</b>: input in flex scanner failed in <b>/daten/web/apache/htdocs/phoenix/forum</b> on line <b>1</b><br>
*sniff* What's the matter? Can anyone help me?
In attacht, there's my forums.php (but without root-pw *g*)
<br>
<b>Fatal error</b>: input in flex scanner failed in <b>/daten/web/apache/htdocs/phoenix/forum</b> on line <b>1</b><br>
*sniff* What's the matter? Can anyone help me?
In attacht, there's my forums.php (but without root-pw *g*)
RE: No! It isn't working, does it? December 28, 2000 06:44PM |
Sorry, you do not have permission to post/reply in this forum.