Login hack ready to go!

This hack was done by iecstec (jamozu@claveempresarial.com)
I tested it from scratch and worked fine.
Exampe you can see at: [www.claveempresarial.com], at the "Foros de discusion" section (the site is in spanish).

For right now it's working only with MySQL.
.txt file in attachment

It was worked using Phorum 3.2.1 with PHP 3.0.6 and MySQL 3.23.23.
I also tested it with Phorum 3.2.11

If you got it working with other versions of Phorum and MySQL please reply to this message.

my upload is in mess right now, but i uploaded the hack, so grab it and say what u think :)

vulpes
www.pch.f2s.com

What is the location of the register proggy on f2s?

there is no one, just find it in script's site or make one yourself.

Hello guys.

Thanks for hacking!
I have little problem:
where in phorum 3.2.11 [post.php] i must add line?:

--- cut ---
Before:
if(!empty($author)){
At the button of file before:
?>
//Login Hack
.......
--- cut ---
there no [if(!empty($author)){] line in post.php...
thanks for help.
good work.

Alexander

Can you guys send me your register script? Well I can make one, but I don't know what variables are passed in, what table & fields to write in or what..... Or does the log-in hack tell it what table and field etc?

to Alexander:

post.php in 11th version really don't have
if(!empty($author)){
but (i'm not sure about it, i'll check it tonight) just add hack lines before ?> at the very bottom of the file...

vulpes

Right, just add hack lines before ?> at the very bottom of the file.

To register your members you can use any form processing script. (a lot of that stuff in [php.resourceindex.com]). The only things you need to tell to the phorum are:
* the name of the member database.
* MySQL Username and password to use that database
* member table.
* login name field.
* password field.
* email field.
* The URL of the register script.
Yo can set all this in the phorum admin. in the Database setting section.

I_m using my own script that fits with the login hack. It_s in Beta and all the documents are in spanish. As soon as i finish with traduction and debuging, I_ll make it available.

Regards.

Can u give e-mail me your register script, iecstec?

vulpes

Hello, iecstec!

I'm not profi in MySQL, but i think i need to build tables for authorization?
I'm configured [Database Settings], but tables don't created... (it must be so?)
What the script to creat tables for your login hack?
Like this: (sorry for mistakes... but i'm "newcomer" on MySQL )
CREATE TABLE session (
id int(11) DEFAULT '0' NOT NULL,
name varchar(150) DEFAULT '' NOT NULL,
ip INT(15) DEFAULT '' NOT NULL,
time DATETIME,
operation TIMESTAMP,
PRIMARY KEY pri_key (name, ip)
);
CREATE TABLE members (
name varchar(150) DEFAULT '' NOT NULL,
pass varchar(100) DEFAULT '' NOT NULL,
email varchar(100) DEFAULT '' NOT NULL,
PRIMARY KEY pri_key (name, pass)
);
fix it please.

thanks for help and script.

Can you please provide a dump of the Login Hack DB schema. I can probably figure it out, but you should really provide this so we can at least have something to go on.

I would like to use my existing user database stored in mysql (from another app), but I want to make sure everything will work nicely together.

Thanks in advance!

-Derek

Yo shoud crete a member database with at least 4 fields: id, login name, password, email. See below.
-----------------------------------------------------------------------
CREATE DATABASE users;
USE users;
CREATE TABLE members (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
, login CHAR(16) \
, password VARCHAR(32) \
, email VARCHAR(50));
GRANT SELECT, INSERT, UPDATE ON users.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------

A session control database/table:
-----------------------------------------------------------------------
CREATE DATABASE variables;
USE variables;
CREATE TABLE sessions (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY \
,login CHAR(16), address CHAR(15), lgtime DATETIME, optime DATETIME);
GRANT SELECT, INSERT, UPDATE ON variables.* TO your_user IDENTIFIED BY 'password';
-----------------------------------------------------------------------
It_s posible to crete all the tables inside th phorum Database.

The 'sessions' table has to be cleaned periodically.

I_m using script that runs every 5 minutes by cron:
-----------------------------------------------------------------------
USE variables;
DELETE FROM sessions WHERE optime < DATE_SUB(NOW(), INTERVAL 15 MINUTE);
-----------------------------------------------------------------------

I_m working on a version that holds the session information inside the
member table with no need to clean.

Run the admin script of phorum.
Go to Phorum Setup
Go to Database Settings
Fill the database information with the tables you already created.
Go to main -> Phorum Setup -> Files/Paths
Set the path to the register script
[Your_site]

Ok... Well I register my username and password. I check to make shure its all there and it is. But when I hit log-in and type my username and password it wont work.... It says my username or password is wrong. Why? Its all there in the databse. I am typing my pass right and I did specify the right databse and tables etc. in the database seetings in the phorum admin.

How are you stoing your password?

The login Hack asumes that you are using encrypted passwords with the PHP crypt function.
In common.php you added:

//Login Hack
function l_encriptar($texto, $llave){
return crypt($texto, $llave);
}
//Login Hack

If you are using plain text password change the function to:

//Login Hack
function l_encriptar($texto, $llave){
return $texto;
}
//Login Hack

If you are using md5 to encrypt the password change he function to:

//Login Hack
function l_encriptar($texto, $llave){
return md5($texto);
}
//Login Hack

Hope that helps.
Regards.

would someone be willing to set this up and make functional on my page? willing to pay if needed..

shiloh

> Set the path to the register script
> [Your_site]
i have problem with it...
in admin/index.php?page=files :
URL to register script/program (use complete or relative URL):
value is:
<br><b>Warning</b>: Undefined variable: new_reg_url in
<b>admin/pages/files.php</b> on line <b>55</b><br>
i'm not found field $reg_url in forums.php (i think it must be there)...
what is wrong, can you help me?
list.php?f=1&a=login
give me error:
Line: 35
Char: 14
Error: Unterminated string constant
Code: 0
URL: list.php?f=1&a=login

when trying to register by click on [register]:
list.php?f=1&a=login# //see, no url to register script!
give me error:
Line: 78
Char: 1
Error: Object expected
Code: 0
URL: /list.php?f=1&a=login

i cant uderstand, why "register script url" value not saving to DB...
ps: list.php in attach... maybe i have mistake somewhere?
could anybody give me scripts without errors?

and when i try to read new posted message:
Parse error: parse error in read.php on line 478

ps2: i'm using phorum 3.2.11; php 4.0.3; MySQL 3.23.27; apache 1.3.14; w2kpro
Thanks for scripts and help. Best regards.

Hi, how would I go about seperating the login.php/logout.php scripts so I can allow members to login and logout from a script not within a phorum include/require statement.. Meaning having a seperate login.php that isn't included into a list.php or read.php..

Has anyone done this or know how to? I keep running into errors and input flex scanner errors when I try. I'm sure the phorum code could have been orgranized alot better? I've spent hours trying to figure out how to do this and i've had no luck...

Thanks,
Kevin Y.

<b>Parse error</b>: parse error in <b>/daten/web/apache/htdocs/phoenix/forum/include/forums.php</b> on line <b>45</b><br>
<br>
<b>Fatal error</b>: input in flex scanner failed in <b>/daten/web/apache/htdocs/phoenix/forum</b> on line <b>1</b><br>

*sniff* What's the matter? Can anyone help me?

In attacht, there's my forums.php (but without root-pw *g*)

Uhhps.... I've found the missteak. But, now, uhm, how to register? Everything works, but I can't register, because there isn't any file to do it...