Linchpin311 Mon Feb 15, 2010 7:27 pm
well when the script works correctly, and a user enters a valid user name and password the function should return 0. this might be why it looks like there is no value returned in the function.
i am curious if the function is indeed returning 0 and not some other value ...or no value at all. do you think you could change the values the function is suppose to return to a string. first, open up database.php and find the
confirmUserPass function and replace it with the following:
- Code:
function confirmUserPass($username, $password){
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$username = addslashes($username);
}
/* Verify that user is in database */
$q = "SELECT password FROM ".TBL_USERS." WHERE username = '$username'";
$result = mysql_query($q, $this->connection);
if(!$result || (mysql_numrows($result) < 1)){
return 'a'; //Indicates username failure
}
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password']){
return 'c'; //Success! Username and password confirmed
}
else{
return 'b'; //Indicates password failure
}
}
then you would have to change the conditional in session.php to match the new values the function will return. just under
$result = $database->confirmUserPass($subuser, md5($subpass)); look for where the script checks the error codes (originally on line 155) and replace it with this:
- Code:
/* Check error codes */
if($result == 'a'){
$field = "user";
$form->setError($field, "* Username not found");
}
else if($result == 'b'){
$field = "pass";
$form->setError($field, "* Invalid password");
}
else{
$field = "user";
$form->setError($field, "TRIGGERED ERROR:<BR><BR>result: $result<BR>username: $subuser<BR>password (no md5): $subpass<BR>password (md5): " . md5($subpass));
}
that last else statement should stop the script from executing regardless of what the function returned. it should also display a few clues as to whats happening here. when we get this all worked out well have to remove that little bit of code.
try this and let me know what the script does now.