Zubrag.com
October 18, 2018, 08:08:44 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: password protect with SQLite  (Read 8534 times)
kuzco
Newbie
*
Posts: 8


« on: April 11, 2012, 07:22:37 AM »

Hello,
I love this script, but unfortunately I was not able to change the script to use a SQLite database. Have found some hints in this forum, but I am still not successful

Can someone please send me his full *.php which is using SQL or mySQL to kuzco1@gmx.ch. After that I will try to change it to use it with SQLite.

Many thanks
kuzco1

Logged
Caffeine_Cadet
Newbie
*
Posts: 13


« Reply #1 on: April 11, 2012, 11:58:52 AM »

i got you covered.  yo you really shouldn't post your email address on this forum.  youre about to get spammed to DEATH so... yah be ready for that.  but yah ill send mine over.
Logged
Caffeine_Cadet
Newbie
*
Posts: 13


« Reply #2 on: April 11, 2012, 10:05:02 PM »

sorry got called away in the middle of coding your script for you.  anyway, email sent.
Logged
kuzco
Newbie
*
Posts: 8


« Reply #3 on: April 12, 2012, 01:41:12 AM »

Ok, many thanks for your mail. I will try to makes it useable with SQLite - but I believe that my knowledge is not good enough.
Yes, I should use mySQL, but unfortunately it is not possible in my case.

The SQlite database already exits including login, logoff, change and passwordlost. The database is only used to store username and password (plus some other data) for 100 students and to organize every 5 years a "party".

My thought was to only edit the original password_protect.php to use it with SQLite.
Some hints in this forum describes that I have to chnage:
$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);
in a connection mode to use SQLite, i.e.:

   $db = new PDO('sqlite:user_PDO.sqlite');
   
   $pass1 = trim(md5($pass));
   $result = $db->query("SELECT * FROM `users` WHERE lower(username)=lower('$login') AND password='$pass1'");
   
   foreach($result as $row)
   {
    if ($row['username'] != '') {
      $validUser = true;
      $_SESSION['username'] = strtolower($user);
      //print_r($user);
     }
  }
  $db = NULL;

Unfortunately it does not work.

So, it seems that I have still to figure out how to chnange the password_protect.php to make it useable with SQLite.

Nevertheless, many thanks for your files.

regards
kuzco


Logged
kuzco
Newbie
*
Posts: 8


« Reply #4 on: April 12, 2012, 09:35:37 AM »

Ok, have played some hours with password_protect.php and I believe that I have found a solution how to work wit SQLite.

Have done the following:
1. Took the original password_protect.php
2. deleted the whole LOGIN_INFORMATION section
3. Changed the code under the line "// user provided password"
if (isset($_POST['access_password'])) {
  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $passUncrypt = $_POST['access_password'];
  $pass = trim(md5($passUncrypt));
  $dbHandle = new PDO('sqlite:UserDB_PDO.sqlite');
  $result = $dbHandle->query("SELECT * FROM `users` WHERE lower(username)=lower('$login') AND password='$pass'",PDO::FETCH_ASSOC);
  if(!$result) print_r($dbHandle->errorInfo()); 

  // checking if the above user with password exists
  $LoginOK = 0;
  foreach($result as $row)
    {
    $LoginOK++;
   }

  $dbHandle = NULL;

//  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
//  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
//  ) {
  if ($LoginOK != 1) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/'); 
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }
  .....


In this case I do not work with $LOGIN_INFORMATION (because I do not how).

Regards
kuzco

Perhaps someone with good php knowledge can check this solution.
Any feedback is welcome.
Logged
kuzco
Newbie
*
Posts: 8


« Reply #5 on: April 12, 2012, 01:24:22 PM »

Ok, it is working  BUT due to the fact I am not using LOGIN_INFORMATION the verfication of the cookie does not work, this means that user will be ask every time for user/password.

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
   }
  }

Can someone please help to solve this issue ?

What is necessray to use LOGIN_INFORMATION with SQLite ?
or
How do I have to change the verification above ?

In case it is necessary, I will provide the whole script.

Thx
kuzco
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC