Hey all,
Instead of using another md5 password script, I wanted to move to a autologin function for a module I am enhancing. Currently I have a login for members of my gaming clan to view a drill report. Now they are presented with a login page for access to a drill report page. I use a CMS for my website called PHPNuke version 7.6 and want to use the username from within the nuke_members table. Create a field called nuke_username in my modules table called milpacs_members and then do a compare on these two and if I find a match then set a session. If no match then they are directed to an accessdenied.php page.
What I have so far is the following:
This is the checkuser.php which sets the session.
<?
if (!eregi("modules.php", $PHP_SELF )) {
die ("You can't access this file directly...");
}
$nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));
$query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";
$result = $db->sql_query($query);
if ($row = $db->sql_fetchrow($result)) {
@session_destroy();
session_start();
$_SESSION['loggedin1'] = 1;
Header("Location: modules.php?name=MILPACS&file=viewdrill");
} else {
@session_destroy();
session_start();
$_SESSION['loggedin1'] = 0;
Header("Location: modules.php?name=MILPACS&file=accessdenied");
}
die();
?>
For each page I make private including the viewdrill page I call a funtion written in common.php.
if (!milpacs_is_user())
{
Header("Location: modules.php?name=MILPACS&file=accessdenied");
}
I include common.php in all my private pages.
<?
if (stristr($_SERVER['SCRIPT_NAME'], "common.php")) {
Header("Location: ../index.php");
die();
}
session_start();
function milpacs_is_user()
{
global $db, $prefix;
if (isset($_SESSION['loggedin1']) AND $_SESSION['loggedin1'] == 1)
{
$nukeusername = $db->sql_fetchrow($db->sql_query("SELECT username from ".$prefix."_users where user_id='$user_id'"));
$query = "SELECT * FROM ".$prefix."_milpacs_members WHERE nuke_username =$nukeusername";
$result = $db->sql_query($query);
if ($row = $db->sql_fetchrow($result)) {
return true;
} else {
return false;
}
} else {
return false;
}
}
?>
My username on the site is Donovan [3rd ID] which I have as nuke_username in my milpacs_members table. I just need to find a way to match these two fields and set a session for access to private pages in my module. Like I said I want to move away from using another password and just use this method.
Is it secure? It currently doesn't work and even though I have Donovan [3rd ID] in my milpacs_members table under my record it wont send me to the viewdrill page.
back to the grindstone... 🙂
