0
我在我的應用程序中使用了curl協議。檢查mybb密碼丟失應用程序用CURL登錄
在我的論壇中的用戶只允許使用這個應用程序日誌後把這個應用程序扔在我的論壇上他的帳戶,但我有一個問題在PHP端進行密碼檢查。 我認爲我的php代碼有問題,因爲使用正確的用戶名和密碼我有這個錯誤: (不正確的用戶名和/或密碼)。
<?php
// Database info
$MySQL_Host = "localhost";
$MySQL_User = "lol";
$MySQL_Pass = "lol2";
$MySQL_DB = "lol3";
$tbl_name = "mybb_users";
function ParsePost()
{
$username = '';
$password = '';
$post = file_get_contents("php://input");
$post = str_replace("&", " ", $post);
sscanf($post, "%s %s", $username, $password);
return array('user' => $username,
'pass' => $password
);
}
function mysql_fetch_full_result_array($result)
{
$table_result = array();
$r = 0;
if($result === true)
{
return $result;
}
if(mysql_num_rows($result) == 0)
{
return $result;
}
while($row = mysql_fetch_assoc($result))
{
$arr_row = array();
$c = 0;
while ($c < mysql_num_fields($result))
{
$col = mysql_fetch_field($result, $c);
$arr_row[ $col -> name ] = $row[ $col -> name ];
$c++;
}
$table_result[ $r ] = $arr_row;
$r++;
}
return $table_result;
}
class DWAuth
{
var $keys;
function AddDWValue($val)
{
$this->keys[] = $val;
}
function GetAuthString()
{
$result = "";
foreach($this->keys as $c)
{
$result .= $c."#";
}
return $result;
}
}
class DB
{
var $connection;
var $started;
function start()
{
global $MySQL_Host, $MySQL_User, $MySQL_Pass, $MySQL_DB;
$this->connection = mysql_connect("$MySQL_Host", "$MySQL_User", "$MySQL_Pass");
mysql_select_db("$MySQL_DB", $this->connection);
}
function query($query)
{
$result = mysql_query($query, $this->connection);
if($result)
{
return mysql_fetch_full_result_array($result);
}
else
{
return $result;
}
}
function end()
{
mysql_close($this->connection);
}
function isStarted()
{
return $started;
}
}
class Login
{
function CheckLogin($username, $password)
{
$db = new DB();
$db->start();
$query = "SELECT id, password, email FROM $tbl_name WHERE username='".$username."' AND password='".md5($password)."';";
$result = $db->query($query);
$db->end();
if($result == false)
return false;
fwrite($fh, $result);
fclose($fh);
if(md5(md5($row['salt']).md5($password)) == $result[ 0 ][ 'password' ])
{
return array('id' => $result[ 0 ][ 'id' ],
'mail' => $result[ 0 ][ 'email' ],
'user' => $username
);
}
}
}
$packet = new DWAuth();
$result = ParsePost();
if((empty($result[ 'user' ])) || (empty($result[ 'pass' ])))
{
$packet->AddDWValue("fail");
$packet->AddDWValue("Username and/or password is empty.");
$packet->AddDWValue(1);
$packet->AddDWValue("Anonymous");
$packet->AddDWValue("[email protected]");
$packet->AddDWValue(0);
echo $packet->GetAuthString();
die();
}
$login = new Login();
$result = $login->CheckLogin($result[ 'user' ], $result[ 'pass' ]);
if($result == false)
{
$packet->AddDWValue("fail");
$packet->AddDWValue("incorrect username and/or password.");
$packet->AddDWValue(1);
$packet->AddDWValue("Anonymous");
$packet->AddDWValue("[email protected]");
$packet->AddDWValue(0);
}
else
{
$sessionID = md5(rand());
// How to make the return
$packet->AddDWValue("ok"); // fail or ok
$packet->AddDWValue("Success."); // Success or error
$packet->AddDWValue($result[ 'id' ]); // UserID
$packet->AddDWValue($result[ 'user' ]); // Username
$packet->AddDWValue($result[ 'mail' ]); // email
$packet->AddDWValue($sessionID); // sessionID
$db = new DB();
$db->start();
$query = "UPDATE users SET sid='".$sessionID."' WHERE id=".$result[ 'id' ];
$result = $db->query($query);
$db->end();
}
echo $packet->GetAuthString();
?>
嗨,這是太多的代碼和方式太少的具體信息來幫助你。你能試着找出更多的問題嗎?到底在哪裏? – 2013-04-30 12:16:57
我有「類登錄」其實我不知道mybb使用什麼方法來編碼密碼,因爲我不能使用PHP代碼來檢查密碼是否正確的問題。 – user1973003 2013-04-30 13:19:29