Using the login Details via Application

Posted by ramin ss on Stack Overflow See other posts from Stack Overflow or by ramin ss
Published on 2012-05-23T11:04:55Z Indexed on 2012/05/30 16:41 UTC
Read the original article Hit count: 156

Filed under:
|
|
|
|

I have a CURL(in C++) to send my user and pass to remauth.php file so i think i do something wrong on remuth.php ( because i am basic in php and my program can not run because the auth not passed.) I use login via Application.

my CURL:

bool Auth_PerformSessionLogin(const char* username, const char* password)
{
curl_global_init(CURL_GLOBAL_ALL);

CURL* curl = curl_easy_init();

if (curl)
{
    char url[255];
    _snprintf(url, sizeof(url), "http://%s/remauth.php", "SITEADDRESS.com");

    char buf[8192] = {0};
    char postBuf[8192];
    _snprintf(postBuf, sizeof(postBuf), "%s&&%s", username, password);

    curl_easy_setopt(curl, CURLOPT_URL, url);
    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, AuthDataReceived);
    curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void*)&buf);
    curl_easy_setopt(curl, CURLOPT_USERAGENT, "IW4M");
    curl_easy_setopt(curl, CURLOPT_FAILONERROR, true);
    curl_easy_setopt(curl, CURLOPT_POST, 1);
    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, postBuf);
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, -1);
    curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);

    CURLcode code = curl_easy_perform(curl);
    curl_easy_cleanup(curl);

    curl_global_cleanup();

    if (code == CURLE_OK)
    {
        return Auth_ParseResultBuffer(buf);

    }
    else
    {
        Auth_Error(va("Could not reach the SITEADDRESS.comt server. Error code from   CURL: %x.", code));

    }

    return false;
  }

curl_global_cleanup();
return false;
}

and my remauth.php:

<?php
ob_start();
$host=""; // Host name 
$dbusername=""; // Mysql username 
$dbpassword=""; // Mysql password 
$db_name=""; // Database name 
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$dbusername", "$dbpassword") or die(mysql_error());
mysql_select_db("$db_name") or die(mysql_error());

// Define $username and $password 
//$username=$username; 
//$password=md5($_POST['password']);
//$password=$password;

$username=$_POST['username']; 
$password=$_POST['password'];
//$post_item[]='action='.$_POST['submit'];


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
if (md5(md5($row['salt']).md5($password)) == $row['password']){
    session_register("username");
    session_register("password"); 
    echo "#";
    return true;
 }
 else {
    echo "o";
    return false;
 }
}
else{
echo "o";
return false;
}
ob_end_flush();
?>

///////////////////////////////////

© Stack Overflow or respective owner

Related posts about php

Related posts about sql