Wednesday, May 23, 2012

Using the login Details via Application

I have a CURL(in C++) to send my user and pass to remauth.php file so i think i do something wrong on remuth.php ( because i am basic in php and my program can not run because the auth not passed.)
I use login via Application.



my CURL:



bool Auth_PerformSessionLogin(const char* username, const char* password)
 {
 curl_global_init(CURL_GLOBAL_ALL);
 
 CURL* curl = curl_easy_init();
 
 if (curl)
 {
     char url[255];
     _snprintf(url, sizeof(url), "http://%s/remauth.php", "SITEADDRESS.com");
 
     char buf[8192] = {0};
     char postBuf[8192];
     _snprintf(postBuf, sizeof(postBuf), "%s&&%s", username, password);
 
     curl_easy_setopt(curl, CURLOPT_URL, url);
     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AuthDataReceived);
     curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf);
     curl_easy_setopt(curl, CURLOPT_USERAGENT, "IW4M");
     curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
     curl_easy_setopt(curl, CURLOPT_POST, 1);
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuf);
     curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1);
     curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
 
     CURLcode code = curl_easy_perform(curl);
     curl_easy_cleanup(curl);
 
     curl_global_cleanup();
 
     if (code == CURLE_OK)
     {
         return Auth_ParseResultBuffer(buf);
 
     }
     else
     {
         Auth_Error(va("Could not reach the SITEADDRESS.comt server. Error code from   CURL: %x.", code));
 
     }
 
     return false;
   }
 
 curl_global_cleanup();
 return false;
 }


and my remauth.php:



<?php
 ob_start();
 $host=""; // Host name 
 $dbusername=""; // Mysql username 
 $dbpassword=""; // Mysql password 
 $db_name=""; // Database name 
 $tbl_name=""; // Table name
 
 // Connect to server and select databse.
 mysql_connect("$host", "$dbusername", "$dbpassword") or die(mysql_error());
 mysql_select_db("$db_name") or die(mysql_error());
 
 // Define $username and $password 
 //$username=$username; 
 //$password=md5($_POST['password']);
 //$password=$password;
 
 $username=$_POST['username']; 
 $password=$_POST['password'];
 //$post_item[]='action='.$_POST['submit'];
 
 
 // To protect MySQL injection (more detail about MySQL injection)
 $username = stripslashes($username);
 $password = stripslashes($password);
 $username = mysql_real_escape_string($username);
 $password = mysql_real_escape_string($password);
 
 $sql="SELECT * FROM $tbl_name WHERE username='$username'";
 $result=mysql_query($sql);
 
 // Mysql_num_row is counting table row
 $count=mysql_num_rows($result);
 // If result matched $username and $password, table row must be 1 row
 if($count==1){
 $row = mysql_fetch_assoc($result);
 if (md5(md5($row['salt']).md5($password)) == $row['password']){
     session_register("username");
     session_register("password"); 
     echo "#";
     return true;
  }
  else {
     echo "o";
     return false;
  }
 }
 else{
 echo "o";
 return false;
 }
 ob_end_flush();
 ?>


///////////////////////////////////




Posted by at

1 comment:

  1. AnonymousMay 26, 2012 at 9:32 AM

    nice copy past :|
    this is my post on http://stackoverflow.com with out any one change !!!


    so anyway can some one help me?!

    ReplyDelete

Subscribe to: Post Comments (Atom)