Using the login Details via Application
Posted
by
ramin ss
on Stack Overflow
See other posts from Stack Overflow
or by ramin ss
Published on 2012-05-23T11:04:55Z
Indexed on
2012/05/30
16:41 UTC
Read the original article
Hit count: 154
I have a CURL(in C++) to send my user and pass to remauth.php file so i think i do something wrong on remuth.php ( because i am basic in php and my program can not run because the auth not passed.) I use login via Application.
my CURL:
bool Auth_PerformSessionLogin(const char* username, const char* password)
{
curl_global_init(CURL_GLOBAL_ALL);
CURL* curl = curl_easy_init();
if (curl)
{
char url[255];
_snprintf(url, sizeof(url), "http://%s/remauth.php", "SITEADDRESS.com");
char buf[8192] = {0};
char postBuf[8192];
_snprintf(postBuf, sizeof(postBuf), "%s&&%s", username, password);
curl_easy_setopt(curl, CURLOPT_URL, url);
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AuthDataReceived);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf);
curl_easy_setopt(curl, CURLOPT_USERAGENT, "IW4M");
curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
curl_easy_setopt(curl, CURLOPT_POST, 1);
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuf);
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
CURLcode code = curl_easy_perform(curl);
curl_easy_cleanup(curl);
curl_global_cleanup();
if (code == CURLE_OK)
{
return Auth_ParseResultBuffer(buf);
}
else
{
Auth_Error(va("Could not reach the SITEADDRESS.comt server. Error code from CURL: %x.", code));
}
return false;
}
curl_global_cleanup();
return false;
}
and my remauth.php:
<?php
ob_start();
$host=""; // Host name
$dbusername=""; // Mysql username
$dbpassword=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword") or die(mysql_error());
mysql_select_db("$db_name") or die(mysql_error());
// Define $username and $password
//$username=$username;
//$password=md5($_POST['password']);
//$password=$password;
$username=$_POST['username'];
$password=$_POST['password'];
//$post_item[]='action='.$_POST['submit'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
if (md5(md5($row['salt']).md5($password)) == $row['password']){
session_register("username");
session_register("password");
echo "#";
return true;
}
else {
echo "o";
return false;
}
}
else{
echo "o";
return false;
}
ob_end_flush();
?>
///////////////////////////////////
© Stack Overflow or respective owner