mvisia
Goto Top

MySql Script fonctioniert nicht

Hallo ich habe hier ein script entwickelt um von 2 CMS user von einer Datenbank in die ander zu verschieben . Ich benutze als Haubt CMS Jamroom und wir wollen die User nach Joomla Kopieren das einzige Problehm ist dass Joomla ein ander crypt benutz und ich weis nich wie ich das in mein Script einbauen soll kann mir da jemand helfen?


Hier is mal mein Script
<?php


// BASE DE DONNEES (A) Jamroom
$lga = ''; // LOGIN  
$mpa = ''; // MOT DE PASSE  
$cxa = ''; // SERVEUR  
$dba = ''; // NOM DE LA BASE  
$tba = 'jamroom_user'; // NOM DE LA TABLE  

// BASE DE DONNEES (B) Joomla
$lgb = ''; // LOGIN  
$mpb =''; // MOT DE PASSE  
$cxb = ''; // SERVEUR  
$dbb = 'jamroomsocial'; // BASE  
$tbb = 'jos_users'; // TABLE  

$i = 0; // COMMENCER DU DEBUT (RESULTAT 0)
$j = 0; // COMPTEUR DES AJOUTS

$switch = true;

echo 'Chaque point signifie un ajout d&#039;utilisateur : ';  

while($switch)
{



	// CONNEXION mySQL (A)
	$mca = mysql_connect($cxa, $lga, $mpa) or  die('Could not connect: '.mysql_error().'<br />'.fin());  
	mysql_select_db($dba, $mca);

	// REQUETE DE SELECTION TRIE PAR id RESULTAT PAR RESULTAT
	
	// C EST ICI QU'ON POURRAIT AJOUTE WHERE `sync` = 0 POUR LES UTILISATEURS NON SYNCHRONISES DE (A) VERS (B) 
	
	$result = mysql_query('SELECT * FROM `'.$tba.'` ORDER BY `user_nickname` LIMIT '.$i.', 1');  
	
	// CHANGER LE $switch SI PAS DE RESULTAT => ARRETER LA BOUCLE
	if(!$result)
	{
		mysql_close($cxa);
		$switch = false;
		die('ERREUR essaies ca dans phpmyadmin : <b>SELECT * FROM `'.$tba.'` ORDER BY `user_nickname` LIMIT '.$i.', 1</b>');  
	}
	
	// UPLOADER RANGEE SI RESULTAT
	else
	{
		// PASSER AU RESULTAT SUIVANTE AU PROCHAIN PASSAGE DANS LA BOUCLE while($switch)
		++$i;

		// RECUPERRER RANGEE
		$row = mysql_fetch_assoc($result);
		
		// EFFACER MEMOIRE mySQL
		mysql_free_result($result);
		mysql_close($mca);
		
		
		// CONNEXION mySQL B
		$mcb = mysql_connect($cxb, $lgb, $mpb) or  die('Could not connect: '.mysql_error().'<br />'.fin());  
		mysql_select_db($dbb, $mcb);
		
		// VERIFIER SI DONNEE EXISTE
		$result = mysql_query('SELECT * FROM `'.$tbb.'` WHERE `name` = \''.$row['user_nickname'].'\'');  
		
		// AJOUTER UTILISATEUR INEXISTANT
		if(!$result)
		{
			// ON POURRAIT CYCLER DANS CES ARRAYS POUR PARAMETRER LES TABLES
			/*
			$coa = array('user_fullname 
			', 'user_nickname', 'user_emailadr', 'user_password', 'user_band_id', 'user_created', 'user_lastlogin'); 
			$cob = array('name', 'email', 'password', 'gid', 'registerDate', 'lastvisitDate'); 

			// VALEURS SPECIALES
			$vcb = array('usertype', 'block', 'sendEmail', 'activation', 'params'); 
			$vab = array('Registered', 0, 0, '', ''); 
			
			*/


			$temp  = 'INSERT INTO `'.$tbb.'` ';  
			$temp .= 		'(`name`, `username`, `email`, `password`, `gid`, `registerDate`, `lastvisitDate`, `usertype`, `block`, `sendEmail`, `activation`, `params`)';  
			$temp .= 'VALUES (\''.$row['user_nickname'].'\', \''.$row['user_nickname'].'\', \''.$row['user_emailadr'].'\', \''.$row['user_password'].'\', \''.$row['user_band_id'].'\', \''.date('Y-m-d H:i:s', $row['user_created']).'\', \''.date('Y-m-d H:i:s', $row['user_lastlogin']).'\', \'Registered\', 0, 0, NULL, NULL);';  
							
			// IMPRIMER ERREUR INSERTION
			if(!mysql_query($temp)){ echo htmlentities($temp, ENT_QUOTES).'<br />'; }  
			
			// AJOUT OK
			else
			{
				echo '.';  
				++$j;
			}
			
		
		}
		
		// SI L'UTILISATEUR EXISTE else{ // TRAITEMENT D'EXCEPTION UTILISATEUR EXISTE } 
		
		mysql_close($mcb);

	}
}

echo fin();

function fin()
{
	global $i;
	global $j;
	
	// RESULTAT
	return '<br /><b>'.$i.' utilisateurs ont &eacute;t&eacute; analys&eacute; !<br />'.$j.' utilisateurs ont &eacute;t&eacute; ajout&eacute; !</b>  
	<br />';  
}

Jamroom biete ein bridge an die bei der registriereung den username automatich von jamroom nach joomla kopiert aber dies ist nur bei einer neu registrierung so da ich schon in jamroom über 400 user habe wollte ich an hander bridge ein anderer script schreiwen deen mir die actuellen user von jamroom nach joomla copiert aber da ist das MD5 Problehm was ich nicht weis wie ich es sol lösen.

dieser script hier drunter ist die bridge von Jamroom nach joomla:

<?php>
/**
 * Joomla_15 Jamroom Bridge Plugin
 * @package Talldude_Library
 * @subpackage Jamroom_Bridges
 * @copyright 2008 by Brian Johnson / Talldude Networks LLC
 * @author Brian Johnson - bigguy@talldude.net
 * @filesource
 * $Id: Joomla_15.php,v 1.2 2008-07-16 21:21:04 bigguy Exp $
 */
defined('IN_JAMROOM') or exit();  

//------------------------------------------------------------
// configuration
//------------------------------------------------------------
$GLOBALS['joomla_15']['server']    = '';     // machine Joomla is running on  
$GLOBALS['joomla_15']['dbname']    = 'jamroomsocial';              // Joomla Database name  
$GLOBALS['joomla_15']['dbuser']    = 'jamroomsocial';              // database user name  
$GLOBALS['joomla_15']['dbpass']    = '';              // database user password  
$GLOBALS['joomla_15']['prefix']    = 'jos_';          // default Joomla_15 table prefix  
$GLOBALS['joomla_15']['user_type'] = 'Registered';    // Name of User Group Joomla_15  

//------------------------------------------------------------
// You should not need to edit below here
//------------------------------------------------------------

/**
 * The jrBridge_check function is used before the "create" function 
 * as a way to "precheck" the Joomla_15 forum and see if a user account 
 * name already exists - this allows an error to be returned in
 * Jamroom so name duplication does not occur.
 *
 * @param array Incoming array of User Info
 *
 * @return bool Returns true/false on success/fail
 */
function jrBridge_Joomla_15_check($_data)
{
    // Verify we recieved our input array
    if (!is_array($_data)) {
        return('ERROR: jrBridge_create() Input _data array is empty!');  
    }
    // Now connect up to the Joomla_15 database and do our work
    $con = jrBridge_Joomla_15_connect();
    if (!is_resource($con)) {
        return("ERROR: unable to open the Joomla_15 database - MySQL error: {$con}");  
    }
    $user = dbEscapeString($_data['user_nickname']);  
    // check to see if the user account already exists
    $req = "SELECT username  
              FROM {$GLOBALS['joomla_15']['prefix']}users  
             WHERE username = '{$user}'";  
    $res = mysql_query($req,$con);
    if (mysql_num_rows($res) > 0) {
        return("ERROR: username {$user} already exists in Joomla_15 user table!");  
    }
    return(true);
}

/**
 * The jrBridge_create function is used for "creating" a new 
 * entry in the Joomla_15 forum.
 *
 * @param array Incoming array of User Info
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_create($_data)
{
    // Verify we recieved our input array
    if (!is_array($_data)) {
        return('ERROR: jrBridge_create() Input _data array is empty!');  
    }
    // our user password comes in unencrypted - lets MD5 it
    $salt = md5(microtime());
    $pass = md5($_data['user_password'] . $salt);  
    $user = dbEscapeString($_data['user_nickname']);  
    if (isset($_data['user_fullname']) && strlen($_data['user_fullname']) > 0) {  
        $full = dbEscapeString($_data['user_fullname']);  
    }
    else {
        $full = $user;
    }
    $mail = dbEscapeString($_data['user_emailadr']);  

    // Now connect up to the Joomla_15 database and do our work
    $con = jrBridge_Joomla_15_connect();
    if (!is_resource($con)) {
        return("ERROR: unable to open the Joomla_15 database - MySQL error: {$con}");  
    }
    // First we want to figure out our GID from the jos_core_acl_aro_groups table
    $req = "SELECT id  
              FROM {$GLOBALS['joomla_15']['prefix']}core_acl_aro_groups  
             WHERE name = '". dbEscapeString($GLOBALS['joomla_15']['user_type']) ."'  
             LIMIT 1";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_num_rows($res) > 0) {
        $_row = mysql_fetch_assoc($res);
        $ugid = $_row['id'];  
    }
    mysql_free_result($res);
    if (isset($err) && !is_numeric($ugid)) {
        mysql_close($con);
        return("ERROR: unable to determine the correct GID value for users in the core_acl_aro_groups table {$err}");  
    }
    // Insert our User account
    $req = "INSERT INTO {$GLOBALS['joomla_15']['prefix']}users (name,username,email,password,usertype,gid,registerDate,lastvisitDate)  
            VALUES ('{$full}','{$user}','{$mail}','{$pass}:{$salt}','". dbEscapeString($GLOBALS['joomla_15']['user_type']) ."','{$ugid}','". strftime('%Y-%m-%d %H:%M:%S') ."','". strftime('%Y-%m-%d %H:%M:%S') ."')";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con)) {
        $usid = mysql_insert_id($con);
    }
    else {
        mysql_close($con);
        return("ERROR: failed to insert new user into the Joomla_15 user table - MySQL error: {$err}");  
    }
   
    // Add to core_acl_aro table 
    $req = "INSERT INTO {$GLOBALS['joomla_15']['prefix']}core_acl_aro (section_value,value,name)  
            VALUES ('users','{$usid}','{$full}')";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con)) {
        $arid = mysql_insert_id($con);
    }
    else {
        mysql_close($con);
        return("ERROR: failed to insert new user into the Joomla_15 core_acl_aro table - MySQL error: {$err}");  
    }

    // Add to core_acl_groups_aro_map table 
    $req = "INSERT INTO {$GLOBALS['joomla_15']['prefix']}core_acl_groups_aro_map (group_id,aro_id)  
            VALUES ('{$ugid}','{$arid}')";  
    mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (isset($err)) {
        mysql_close($con);
        return("ERROR: failed to insert new user_id into the Joomla_15 core_acl_groups_aro_map table - MySQL error: {$err}");  
    }

    mysql_close($con);
    return(true);
}

/**
 * The jrBridge_create function is used for "creating" a new 
 * entry in the Joomla_15 forum.
 *
 * @param array Incoming array of User Info
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_update($_data)
{
    // Verify we recieved our input array
    if (!is_array($_data)) {
        return('ERROR: jrBridge_create() Input _data array is empty!');  
    }
    // Now connect up to the Joomla_15 database and do our work
    $con = jrBridge_Joomla_15_connect();
    if (!is_resource($con)) {
        return("ERROR: unable to open the Joomla_15 database - MySQL error: {$con}");  
    }
    // Update User account
    $req = "UPDATE {$GLOBALS['joomla_15']['prefix']}users SET ";  
    if (isset($_data['user_password']) && strlen($_data['user_password']) > 0) {  
        $sal = md5(microtime());
        $req .= "password = '". md5($_data['user_password'] . $sal) .':'. $sal ."',  
                 email    = '". dbEscapeString($_data['user_emailadr']) ."' ";  
    }
    else {
        $req .= "email = '". dbEscapeString($_data['user_emailadr']) ."' ";  
    }
    $req .= "WHERE username = '". dbEscapeString($_data['user_nickname']) ."'  
             LIMIT 1";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con) == 0) {
        mysql_close($con);
        return("ERROR: failed to update user {$_data['user_nickname']} in Joomla_15 user table - MySQL error: {$err}");  
    }
    mysql_close($con);
    return(true);
}

/**
 * The jrBridge_delete function is used for "deleting" an entry 
 * in the Joomla_15 forum.
 *
 * @param string Username to remove from forum
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_delete($_data)
{
    // Verify we recieved our input array
    if (!is_array($_data)) {
        return('ERROR: jrBridge_delete() Input _data array is empty!');  
    }
    // Now connect up to the Joomla_15 database and do our work
    $con = jrBridge_Joomla_15_connect();
    if (!is_resource($con)) {
        return("ERROR: unable to open the Joomla_15 database - MySQL error: {$con}");  
    }

    // First we want to figure out our GID from the jos_core_acl_aro_groups table
    $req = "SELECT id  
              FROM {$GLOBALS['joomla_15']['prefix']}users  
             WHERE username = '". dbEscapeString($_data['user_nickname']) ."'  
             LIMIT 1";  
    $res = mysql_query($req,$con);
    if (mysql_num_rows($res) > 0) {
        $_row = mysql_fetch_assoc($res);
        $usid = $_row['id'];  
    }
    mysql_free_result($res);

    // Delete User account
    $req = "DELETE FROM {$GLOBALS['joomla_15']['prefix']}users  
             WHERE id = '{$usid}'  
             LIMIT 1";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con) == 0) {
        mysql_close($con);
        return("ERROR: failed to delete user {$_data['user_nickname']} from Joomla_15 user table - MySQL error: {$err}");  
    }

    // Next, get our core_acl_aro value
    $req = "SELECT aro_id  
              FROM {$GLOBALS['joomla_15']['prefix']}core_acl_aro  
             WHERE value = '{$usid}'  
             LIMIT 1";  
    $res = mysql_query($req,$con);
    if (mysql_num_rows($res) > 0) {
        $_row = mysql_fetch_assoc($res);
        $arid = $_row['aro_id'];  
    }
    mysql_free_result($res);

    // Delete from core_acl_aro
    $req = "DELETE FROM {$GLOBALS['joomla_15']['prefix']}core_acl_aro  
             WHERE value = '{$usid}'  
             LIMIT 1";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con) == 0) {
        mysql_close($con);
        return("ERROR: failed to delete value {$usid} from Joomla_15 core_acl_aro table - MySQL error: {$err}");  
    }

    // Delete from core_acl_groups_aro_map
    $req = "DELETE FROM {$GLOBALS['joomla_15']['prefix']}core_acl_groups_aro_map  
             WHERE aro_id = '{$arid}'  
             LIMIT 1";  
    $res = mysql_query($req,$con) or $err = mysql_errno() ."-". mysql_error();  
    if (mysql_affected_rows($con) == 0) {
        mysql_close($con);
        return("ERROR: failed to delete aro_id {$arid} from Joomla_15 core_acl_groups_aro_map table - MySQL error: {$err}");  
    }
    mysql_close($con);
    return(true);
}

/**
 * The jrBridge_test function is used for "testing" the Bridge Plugin.  
 * Any "checks" can be added to this function  
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_test()
{
    // Test Database connection
    $con = jrBridge_Joomla_15_connect();
    if (!is_resource($con)) {
        return("ERROR: unable to open the Joomla_15 database - MySQL error: {$con}");  
    }

    // Test incremental USER ID select
    $req = "SELECT id FROM {$GLOBALS['joomla_15']['prefix']}users LIMIT 1";  
    $res = mysql_query($req,$con);
    if (mysql_num_rows($res) == 0) {
        return("ERROR: unable to determine the incremental user_id value from Joomla_15 - verify database connectivity");  
    }
    mysql_close($con);
    return(true);
}

/**
 * The jrBridge_login function is executed upon a successful login by
 * a Jamroom User Account.
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_login($_data)
{
    return(true);
}

/**
 * The jrBridge_logout function is executed upon a successful logout by
 * a Jamroom User Account.
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_logout($_data)
{
    return(true);
}

/**
 * The jrBridge_create function is used for "creating" a new 
 * entry in the Joomla_15 forum.
 *
 * @param array Incoming array of User Info
 *
 * @return mixed Returns error string on failure, bool true on success
 */
function jrBridge_Joomla_15_connect()
{
    // Now connect up to the Joomla_15 database and do our work
    $con = mysql_connect($GLOBALS['joomla_15']['server'],$GLOBALS['joomla_15']['dbuser'],$GLOBALS['joomla_15']['dbpass']) or $err = mysql_errno() .' - '. mysql_error();  
    if (isset($err)) {
        return('Invalid MySQL Server Name, Username or Password');  
    }
    mysql_select_db($GLOBALS['joomla_15']['dbname'],$con) or $err = mysql_errno() .' - '. mysql_error();  
    if (isset($err)) {
        return('Invalid MySQL Database');  
    }
    return($con);
}
?>

Ich hoffe dass mir da jemand helfen kan.

Danke Im Vorraus

Gordon



[Edit Biber] Code-Tags nachgezogen [/Edit]

Content-Key: 122786

Url: https://administrator.de/contentid/122786

Ausgedruckt am: 29.03.2024 um 14:03 Uhr

Mitglied: filippg
filippg 14.08.2009 um 20:24:51 Uhr
Goto Top
Hallo,

wie speichert Jamroom denn die Passwörter? Das ganze wird in drei Fällen funktionieren:
1. Jamroom speichern die Passwörter unverschlüsselt - dann kannst du die Funktion wie im Import-Skript zusammensetzen. Aus Security-Gründen ziemlich unwahrscheinlich
2. Jamroom speichert die Passwörter mit einer umkehrbahren Verschlüsselung - letztlich das gleiche wie 1.
3. Jamroom verwendet exakt das gleiche Format wie Joomla. Dann kannst du sie einfach umkopieren. Eigentlich nicht unwahrscheinlich, aber das solltest du schon probiert haben.
Ansonsten: Hash-Strings kann man nicht einfach ineinander umwandeln...

Such dir den PHP-Code raus, wie Jamroom ein Passwort abspeichert, wenn man es ändert (oder einen neuen Nutzer anlegt). Vergleiche das mit dem hier geposteten Skript.

Gruß

Filipp

PS: Es gibt sogar noch einen 4. Fall: Jamroom nimmt einen immer gleich bleibenden Salt. Dann hängst du an das in der DB gespeicherte Passwort einfach : und diesen Salt an und kannst ihn so in die Joomla-DB schreiben.
Mitglied: scan5416
scan5416 15.08.2009 um 00:54:17 Uhr
Goto Top
Hallo


Das Problem an der Sache ist, dass normalerweise die Passwörter verschlüsselt gespeichert werden und zwar so das sie nur verschlüsselt werden können aber nicht mehr entschlüsselt.

Das leider zimmlich sicher Jamroon und Joomla ihre Passwörter nicht gleich verschlüsseln. Daher kannst du die Benutzer nicht einfach so kopieren.

Mir kommt da nur eine Variante in den Sinn:

Und zwar kannst du das Loginscript so abändern das nach der Passwort überprüfen du das eingegeben Passwort (also das unverschlüsselte - wenn du da irgendwie ran kommst) nehmen und dies im Joomla Standart verschlüsseln und in die Joomla Tabelle abspeichern.

Ob es möglich ist an das unverschlüsselte Passwort bei der Passwort überprüfung ranzukommen weiss ich nicht. Geschweige denn ob es dir möglich ist das Loginscript so abzuändern.

Es ist jeglich eine Idee von mir, ist ungetestet!

Grüsse

scan
Mitglied: Mvisia
Mvisia 15.08.2009 um 01:52:36 Uhr
Goto Top
Hallo, ich kennen mich mysql kaum aus also ich sammle hier tips für diese problehm lösen zu können ich habe hier 2x das gleich password einmal von jamroom un einmaal von joomla


vieleicht kan dass was helfen:


Jamroom: 86160309721f82b0e39d40b456af33f8

hier das gleiche vom selben user in joomla

Joomla: dbdd26838248cc2e6d4b3b5cb575b1d3:ijqptGlIEIqVNRW3X96h5PNvHyiUgkF5 <---- so weit ich weis ist das MD5


aber ich wie nicht wie ich mein copy scrip schreiben kan so dass er die user aus jamroom copiert un umwandel in md5, dieser script ist ja nur gedach um einmal all e user rüber ze kopieren danch habe ich ja die orginale bridge die das automatich tuht wein ein neuer user sich registreiert.( die orginal bridge ist der 2te script der ich geposte habe der erste soll mein copierungs script werden) wo nur die convertierung fehlt und eine oder 2 kleine verbesserungen.


Danke

Grüsse

Gordon
Mitglied: filippg
filippg 15.08.2009 um 17:27:00 Uhr
Goto Top
Hallo,

vielleicht mal zu den Grundlagen:
Passwörter werden oft MD5-verschlüsselt gespeichert. MD5 ist ein sog. "Hash-Verfahren". Es basiert daraus, das aus jeder eingabe ein bestimmter (immer gleicher String) wird. Aber: Es ist nicht möglich aus diesem String (dem MD5-"Verschlüsselten" Kennwort) wieder den Klartext-String zu berechnen. D.h. auch ein bösartiger Mensch, der Zugriff auf die Kennwort-DB hat kann die Originalkennwörter nicht erlangen. Wenn sich ein Nutzer authentifizieren will, dann gibt er sein Kennwort ein. Dieses wird dann auch md5-verschlüsselt, und mit dem gespeicherten, verschlüsselten verglichen. Wenn sie gleich sind, war es wohl das richtige Kennwort. So weit, so gut.
Es gibt also zwei wichtige Eigenschaften:
1. wenn ich auf Text "abc" den md5-Algorithmus anwende, dann kommt immer der gleiche Wert heraus, sagen wir "X55FG". Kurz md5("abc") = "X55FG"
2. Aus dem Ergebnis der md5-Funktion kann ich den Ausgangswert nicht mehr errechnen. Es gibt also keine Funktion re-md5("X55FG") = "abc".
Das Problem: wir benötigen die in 2. angesprochene Funktion re-md5() gar nicht unbedingt: Wir wissen doch, dass "X55FG" entsteht, wenn ich "abc" eingebe. Und wir können uns eine riesige Liste aufbauen, in der für möglichst viele md5-verschlüsselte Strings steht, wie sein Ausgangswert ist (eine sog. "Rainbow Table"). Diese List wird niemals vollständig sein, dafür gibt es zu viele Möglichkeiten. Aber man kann einfach mal mit einem Wörterbuch anfangen.
Um das abzuwehren wird in vielen Fällen dem Original-Kennwort vor der Verschlüsselung ein sog. "Salt" angehängt.
$pass = md5($_data['user_password'] . $salt);
Statt md5("abc") mache ich also md5("abc"+"IK3F6S"). Warum? Weil "abc" bestimmt in vielen Tabellen enthalten sein wird. "abcIK3F6S" aber bestimmt nicht. D.h. ich bekomme einen Wert heraus, für den in keiner Tabelle steht, wie die Eingabe war.
Joomla verwendet für jedes Passwort einen eigenen Salt und speichert zusammen mit dem Passwort, wie dieser ist
$req = "INSERT INTO ...users (name,username,email,password,usertype,gid,registerDate,lastvisitDate) VALUES (...,'{$pass}:{$salt}',...
Im Beispiel stünde in der DB etwa FEIX3H:IK3F6S.

Jamroom verwendet afaik auch md5 für die Kennwortspeicherung. Die Frage ist nur, wieder Salt ist. Wenn du den kennst kannst du ihn einfach an das Pwd aus der DB anhängen, und dann wird es wahrscheinlich auch funktionieren. Wie er ist findest du heraus, wenn du dir anschaust, wie Jamroom die Pwds speichert. Wahrscheinlich ist der Salt für alle Pwd gleich und steht irgendwo in einer globalen Variable.

Gruß

Filipp
Mitglied: Mvisia
Mvisia 15.08.2009 um 18:39:37 Uhr
Goto Top
Vielen dank Filipp,

Solte ich heraus bekommen wie jamroom passwörter schreibt kanz du mir dan helfen ein scrip zu schreiben der user von jamroom copiert und die passwörter verschlüsselt?


Das wäre mir eine sehr grosse hilfe.


Danke

Gordon
Mitglied: Mvisia
Mvisia 15.08.2009 um 18:55:11 Uhr
Goto Top
Hier ist der Registierungs Script:

Ich hoffe dies kan helfen


<?php

#-----------------------------------------------------------------------
  1. $Id: signup.php,v 1.3 2009/07/19 19:50:46 kyle Exp $
#-----------------------------------------------------------------------
Jamroom Profile Signup Module
@copyright 2003-2009 by Talldude Networks LLC
@author Brian Johnson - bigguy@jamroom.net
set up our include files
require('include/jamroom-include.inc.php');
require('include/jamroom-theme.inc.php');
-------------------------------------------------------------------------
MAIN BEGIN
-------------------------------------------------------------------------
make sure we do not have a banned IP coming in
blockBannedIp();
Our script
$GLOBALS['JR_SCRIPT_NAME'] = 'signup.php';
see if we got our form variables
$_post = getPostVars();
See if we have Jamroom SEF URLs turned on - if so, we need to "explode" extra variables
$_post = jrArrayMerge($_post,jrParseRequestUri());
Setup Session
switch ($_post['mode']) {
case 'suser':
case 'signup':
case 'register':
case 'register_user':
case 'show_license':
case 'activate':
case 'check_delete':
case 'process_delete':
$_user = sessionCheck();
break;
case 'delete':
case 'request_delete':
case 'invite':
case 'invite_user':
case 'invite_resend':
case 'invite_import':
case 'invite_cancel':
case 'invite_delete':
make sure we are logged in to do this action
$_user = sessionVerify();
break;
default:
see if we are signing up..
if (isset($_post['mode']) && strlen($_post['mode']) > 0) {
$_user = sessionVerify();
jrAdminOnly();
}
else {
$_post['mode'] = 'signup';
$_user = sessionCheck();
}
break;
}
update our session location
$_mode = array(
'suser' => 'Viewing Signup Form',
'artist_signup' => 'Artist Signing Up',
'member_signup' => 'Member Signing Up',
'register' => 'Validating Signing Up',
'register_user' => 'Validating Signing Up',
'show_license' => 'Viewing User Agreement / TOS',
'activate' => 'Activating Account',
'check_delete' => 'Validating Account Deletion',
'delete' => 'Account Deletion Screen',
'check_delete' => 'Processing Account Deletion',
'process_delete' => 'Processing Account Deletion',
'config' => 'Viewing Signup Settings',
'val_all_signup' => 'Admin Validation of All Pending Accounts',
'rem_signup' => 'Deleting Pending User',
'modify_config' => 'Saving Signup Settings',
'show_signup' => 'Viewing Pending User Accounts',
'invite_import' => 'Importing Friends for invitations',
'invite' => 'Inviting a Friend',
'invite_resend' => 'Resending a Pending invitation',
'invite_user' => 'Inviting a Friend',
'invite_cancel' => 'Canceling an Invitation',
'invite_delete' => 'Deleting an Invitation'
);
sessionSetLocation($_mode);
see what language we are doing our signups in
$language = getLanguage();
$a = genc('get','czoxNToiYXJ0aXN0X2FjY291bnRzIjs=');
$lnote = 'The maximum number of Artist Accounts allowed under the current Jamroom License has been reached.';
Figure our "default" signup template
$stpl = 'jr_signup.tpl';
if (is_file("{$jamroom['jm_dir']}/skins/{$config['index_template']}/signup.tpl")) {
$stpl = 'signup.tpl';
}
-----------------------------------
VAL_ALL_SIGNUP (master admin)
-----------------------------------
if (isset($_post['mode']) && $_post['mode'] == 'val_all_signup') {
Get our pending user accounts
$req = "SELECT u.*,
b.*,
q.quota_themes, q.quota_default_theme, quota_power_count, quota_power_quota, q.quota_default_fan, q.quota_fan_note
FROM {$jamroom_db['user']} u
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
LEFT JOIN {$jamroom_db['quota']} q ON q.quota_id = b.band_quota
WHERE u.user_deleted = 'new' ";
if (checkType($_post['signup_user_id'],'number_nz')) {
$req .= " AND u.user_id = '{$_post['signup_user_id']}' ";
}
$_rt = dbQuery($req,'NUMERIC');
if (checkType($_post['signup_user_id'],'number_nz')) {
jrNoticePage('error','The specified User Account no longer exists or has already been validated.');
}
jrNoticePage('error','There are currently no User Accounts pending validation.');
exit;
}
now go through them one at a time
foreach ($_rt as $_v) {
update the account to be validated
$req = "UPDATE {$jamroom_db['user']} SET
user_updated = ". time() .',';
Check for Power User via Quota
if (checkType($_v['quota_power_count'],'number_nz') && checkType($_v['quota_power_quota'],'number_nz')) {
$req .= "user_max_accounts = '{$_v['quota_power_count']}',
user_power_quota = '{$_v['quota_power_quota']}',";
}
$req .= "user_deleted = 'no'
WHERE user_id = '{$_v['user_id']}'
LIMIT 1";
$cnt = dbQuery($req,'COUNT');
Convert them if they are a fan
jrSignupConvertFan($_v['user_emailadr'],$_v['user_id']);
--------------------------------
EMAILING (if needed)
--------------------------------
if (isset($config['admin_emails']) && $config['admin_emails'] == 'yev') {
$_rp = array_change_key_case($_v,CASE_UPPER);
$_rp['SYSTEM_NAME'] = $config['system_name'];
$_rp['ADMIN_EMAIL'] = $config['admin_address'];
list($sub,$msg) = jrProcessEmail('jr_signup_admin_approved',$_rp);
jrSendEmail($_v['user_emailadr'],$sub,$msg);
}
--------------------------------
POST PROCESSING
--------------------------------
if (isset($config['active_bridge']) && strlen($config['active_bridge']) > 0) {
$_v['user_password'] = $_v['user_temp'];
jrRunBridge('create',jrArrayMerge($jamroom,$_v));
}
make sure our band directory is set
makeBandDir($_v['band_id']);
Add any default fans
jrCreateDefaultFans($_v['band_id'],$_v);
and now generate our Artist Page - figure out the theme to use
$use_theme = $config['default_theme'];
if (checkType($_v['quota_default_theme'],'number_nz')) {
$use_theme = $_v['quota_default_theme'];
}
elseif (checkType($_v['quota_themes'],'number_nz')) {
$use_theme = $_v['quota_themes'];
}
elseif (strstr($_v['quota_themes'],';')) {
$use_theme = reset(explode(';',$_v['quota_themes']));
}
now make sure we update our band_info table with the correct theme info
$req = "UPDATE {$jamroom_db['band_info']} SET
band_theme = '{$use_theme}',
band_active = '1'
WHERE band_id = '{$_v['band_id']}'
LIMIT 1";
$cnt = dbQuery($req,'COUNT');
Build profile
generateTheme($_v['band_id'],$use_theme);
log our new user validation
jmLogger(0,'INF',"val_all_signup: new profile (user_id: {$_v['user_id']}, name: {$_v['user_nickname']}) has been successfully validated");
}
cleanup old accounts
jrSignupPurge();
$msg = 'All pending User Accounts have been successfully validated.';
if (isset($_post['signup_user_id']) && is_numeric($_post['signup_user_id'])) {
$msg = 'The pending User Account has been successfully validated.';
}
jrNoticePage('success',$msg,'refresh');
}
-----------------------------------
REM_SIGNUP (master admin)
-----------------------------------
elseif (isset($_post['mode']) && $_post['mode'] == 'rem_signup') {
make sure we get a good user_id
if (!checkType($_post['signup_userid'],'number_nz')) {
jrNoticePage('error','Invalid signup_userid received - verify usage.');
}
get our information for this user_id
$req = "SELECT u.*, b.*
FROM {$jamroom_db['user']} u
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
WHERE u.user_id = {$_post['signup_userid']}
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
if (strlen($_rt['user_id']) === 0) {
jrNoticePage('error',"Unable to retrieve User and Artist information for user_id {$_post['signup_userid']} - verify connection");
}
Send out our rejection Email if configured to do so and the user has a valid email address
if ($config['admin_emails'] == 'yev' && ($_post['reject'] == 'yes' && checkType($_rt['user_emailadr'],'email'))) {
$_rp = array_change_key_case($_rt,CASE_UPPER);
$_rp['SYSTEM_NAME'] = $config['system_name'];
$_rp['ADMIN_EMAIL'] = $config['admin_address'];
list($sub,$msg) = jrProcessEmail('jr_signup_admin_rejected',$_rp);
jrSendEmail($_rt['user_emailadr'],$sub,$msg);
}
Delete Artist and User accounts
deleteArtist($_rt['band_id'],false,true);
deleteUser($_rt['user_id'],true);
jmLogger(0,'INF',"rem_signup: new account (id {$_post['signup_userid']}) has been successfully deleted");
cleanup old accounts
jrSignupPurge();
jrNoticePage('success',"The new User Account (id {$_post['signup_userid']}) has been successfully deleted.",'signup.php?mode=show_signup');
}
-----------------------------------
CONFIG MODE
-----------------------------------
elseif (isset($_post['mode']) && $_post['mode'] == 'config') {
Check to see if we have anything that was already submitted
$_rep = getForm('signup_config');
if (is_array($_rep)) {
$_sign = $_rep;
}
else {
$_sign = $config;
}
Set purge default values
if (!is_numeric($_sign['newband_purge'])) {
$_sign['newband_purge'] = 3;
}
if (!is_numeric($_sign['new_member_purge'])) {
$_sign['new_member_purge'] = 3;
}
if (isset($_sign['admin_emails']) && $_sign['admin_emails'] == 'yev') {
$_sign['admin_emails'] = 'yes';
}
Set up default admin email address if it is empty
if (strlen($_sign['admin_address']) === 0 && checkType($_user['user_emailadr'],'email')) {
$_sign['admin_address'] = $_user['user_emailadr'];
}
get our quotas
$req = "SELECT quota_id, quota_name, quota_disk, quota_bandwidth
FROM {$jamroom_db['quota']}
WHERE quota_id != 0";
$_rt = dbQuery($req,'NUMERIC');
if (is_array($_rt)) {
we need to display a list of bands to choose - get our bands
foreach ($_rt as $_qt) {
$disk_show = "unlimited";
if (is_numeric($_qt['quota_disk']) && $_qt['quota_disk'] > 0) {
$disk_show = "{$_qt['quota_disk']} MB";
}
if ($_qt['quota_id'] > 0) {
$bwidth_show = "unlimited";
if (is_numeric($_qt['quota_bandwidth']) && $_qt['quota_bandwidth'] > 0) {
$bwidth_show = "{$_qt['quota_bandwidth']} MB";
}
$_art["{$_qt['quota_id']}"] = "{$_qt['quota_name']} ({$disk_show}, {$bwidth_show})";
}
else {
$_mem["{$_qt['quota_id']}"] = "{$_qt['quota_name']} ({$disk_show})";
}
}
@natcasesort($_art);
@natcasesort($_mem);
}
jmHtmlBegin('signup configuration');
jmBodyBegin();
General
jmSpanCell('Signup System Settings','configuration and options for the Signup System.',30,'html_modify.png');
if (jrIsDemoMode()) {
jmShowLine('Jamroom is currently running in DEMO MODE - <span class="jmFont3">not all settings can be saved!</span>');
}
jmBeginForm('signup.php?mode=modify_config&amp;tmode=config');
Error Check
if (isset($_sign['e_text']) && strlen($_sign['e_text']) > 0) {
jrShowNotice('error',$_sign['e_text'],false);
remInForm('signup_config','e_text');
}
elseif (isset($_post['s']) && $_post['s'] == '1') {
jrShowNotice('success','The Singup Settings have been successfully saved');
}
jmYesNo('Require Image Test','use_captcha','If this is set to &quot;yes&quot;, then Members will be required to enter a &quot;code&quot; that is generated within an image on the Signup form. It is recommended to set this to &quot;yes&quot; to prevent web-bots from creating accounts in your system.',$_sign['use_captcha']);
jmYesNo('Admin E-Mails','admin_emails','Set this to &quot;yes&quot; to make it so that whenever a new artists signs up for an account in your system, the Master Admin is sent an e-mail with the new user details. (Note: this is automatically set to &quot;yes&quot; if the Admin Validation option is set to yes).',$_sign['admin_emails']);
$_emt = array(
'1' => 'After Initial Signup',
'2' => 'After Successful Validation',
'3' => 'After Both Signup and Validation'
);
jmSelect('Admin E-Mail Method','email_method',$_emt,$_sign['email_method'],'If you have set the &quot;Admin E-Mails&quot; option to &quot;yes&quot;, then the system can notify you a few different ways:<br>After Initial Signup - the Admin will receive an e-mail message after the User has Signed up, but before Validation.<br>After Successful Validation - the Admin will receive an email only after the User Account has been validated.<br>After Both Signup and Validation - the Admin will receive an e-mail when a new User Signs up, as well as when the User validates their account.');
jmInput('Admin E-Mail Address','admin_address','description',$_sign['admin_address'],'If you have set the Admin E-Mail option to &quot;yes&quot;, then enter the e-mail address you would like the new artist e-mail notifications to be sent to.');
jmSpanCell('Artist Profile Settings','Signup configuration options related to Artist Profiles');
jmYesNo('Artist Signups','user_signups','If this is set to &quot;yes&quot;, users will be allowed to signup for an Artist Profile. Set this to &quot;no&quot; to disable Artist signups.',$_sign['user_signups']);
jmSelect('New Artist Quota','new_artist_quota',$_art,$_sign['new_artist_quota'],'The New Artist Quota Setting defines the &quot;default&quot; Quota that will be used by Artist Profiles when they signup. This value can be overridden in the Signup template, so this value will be used in instances where the Artist Quota cannot be determined.');
jmInput('New Artist Purge','newband_purge','description',$_sign['newband_purge'],'The &quot;New Artist Purge&quot; setting will allow Artists accounts that have not been validated after a set amount of days to be deleted from your system. The default is 3, and is the number of days a new Artist has to validate their account. Valid values are between 0 and 99. A Setting of 0 de-activates the New Artist Purge.');
jmYesNo("Artist Self Removal?",'artist_delete','Setting this to &quot;yes&quot; will create a new Menu entry that will allow your Artists to delete their own Artist Profile. If they choose to delete their account, an e-mail will be sent to their e-mail address for validation before allowing the removal to take place. Set this to &quot;no&quot; to require Admin deletion of Artist Profiles.',$_sign['artist_delete']);
$_vlt = array(
'yes' => 'Admin Validation',
'no' => 'Email Validation',
'off' => 'Instant Validation'
);
jmSelect('Artist Profile Validation','admin_validate',$_vlt,$_sign['admin_validate'],'There are three (3) different options for Artist Profile Validation:<br>Admin Validation - This option requires that the Master Admin approve the Artist Profile before it is activated.<br>Email Validation - This option sends the Artist an email where they can perform self validation for activation.<br>Instant Validation - This option bypasses all validation and instantly activates the Artist account without validation (not recommended).',$_sign['admin_validate']);
jmSpanCell('Member Profile Settings','Signup configuration options related to Member Profiles');
jmYesNo('Member Signups','member_signups','If this is set to &quot;yes&quot;, users will be allowed to signup for a Member Profile. Set this to &quot;no&quot; to disable Member signups.',$_sign['member_signups']);
jmSelect('New Member Quota','new_member_quota',$_mem,$_sign['new_member_quota'],'The New Member Quota Setting defines the &quot;default&quot; Quota that will be used by Member Profile when they signup. This value can be overridden in the Signup template, so this value will be used in instances where the Member Quota cannot be determined.');
jmInput('New Member Purge','new_member_purge','description',$_sign['new_member_purge'],'The &quot;New Member Purge&quot; setting will allow Member Profiles that have not been validated after a set amount of days to be deleted from your system. The default is 3, and is the number of days a new Member has to validate their account. Valid values are between 0 and 99. A Setting of 0 de-activates the New Member Purge.');
jmYesNo("Member Self Removal?",'member_delete','Setting this to &quot;yes&quot; will create a new Menu entry that will allow your Members to delete their own Member Profile. If they choose to delete their account, an e-mail will be sent to their e-mail address for validation before allowing the removal to take place. Set this to &quot;no&quot; to require Admin deletion of Member Profiles.',$_sign['member_delete']);
jmSelect('Member Profile Validation','member_validate',$_vlt,$_sign['member_validate'],'There are three (3) different options for Member Profile Validation:<br>Admin Validation - This option requires that the Master Admin approve the Member Profile before it is activated.<br>Email Validation - This option sends the Member an email where they can perform self validation for activation.<br>Instant Validation - This option bypasses all validation and instantly activates the Member account without validation (not recommended).',$_sign['member_validate']);
jmSubmitClear('update settings',false,'150px','null','','jrconfig.php?mode=settings');
jmEndForm();
jmBodyEnd();
jmHtmlEnd();
exit;
}
------------------------------------
UPDATE SETTINGS
------------------------------------
elseif (isset($_post['mode']) && $_post['mode'] == 'modify_config') {
let's see if we are running in DEMO mode
if (jrIsDemoMode()) {
$_post['admin_emails'] = 'yes';
$_post['email_method'] = 2;
$_post['admin_address'] = 'bigguy@jamroom.net';
}
save our incoming form
saveForm('signup_config');
redirect URL
$url = 'signup.php?mode=config';
Valid Artist Purge
($_post['newband_purge'] < 0
addToForm('e_text','You have entered in invalid value for &quot;New Artist Purge&quot; - please enter a valid number between 0 and 99.','signup_config');
setFormHighlight('newband_purge');
jrLocation($url);
}
Valid Member Purge
($_post['new_member_purge'] < 0
addToForm('e_text','You have entered in invalid value for &quot;New Member Purge&quot; - please enter a valid number between 0 and 99.','signup_config');
setFormHighlight('new_member_purge');
jrLocation($url);
}
Check for valid Admin Email Address
if (!checkType($_post['admin_address'],'email')) {
addToForm('e_text','You have entered an invalid Email Address for &quot;Admin E-Mail Address&quot; - please enter a valid E-Mail Address','signup_config');
setFormHighlight('admin_address');
jrLocation($url);
}
check to see if we are doing artist validation
If "admin_validate" is set to "yes", then it means the Master Admin needs to approve accounts
$_post['admin_emails'] = 'yev';
}
resetForm('signup_config');
setData(0,'settings',$_post);
jrLocation('signup.php?mode=config&s=1');
}
-----------------------------------
SHOW SIGNUP USERS
-----------------------------------
elseif (isset($_post['mode']) && $_post['mode'] == 'show_signup') {
cleanup old accounts
jrSignupPurge();
jmHtmlBegin('pending users');
jmBodyBegin();
jmSpanCell('New User Accounts','The Following User Accounts have yet to be validated','30','html_details.png');
$dat[1]['title'] = 'User ID';
$dat[1]['style'] = 'width:5%;';
$dat[2]['title'] = 'Type';
$dat[2]['style'] = 'width:5%;';
$dat[3]['title'] = 'User Name';
$dat[3]['style'] = 'width:21%;';
$dat[4]['title'] = 'User E-Mail';
$dat[4]['style'] = 'width:22%;';
$dat[5]['title'] = 'Profile Name';
$dat[5]['style'] = 'width:22%;';
$dat[6]['title'] = 'Created';
$dat[6]['style'] = 'width:16%;';
$dat[7]['title'] = 'Delete';
$dat[7]['style'] = 'width:3%;';
$dat[8]['title'] = 'Reject';
$dat[8]['style'] = 'width:3%;';
$dat[9]['title'] = 'Approve';
$dat[9]['style'] = 'width:3%;';
See if we show resend
$dat[10]['title'] = 'Resend';
$dat[10]['style'] = 'width:3%;';
}
htmlPageSelect('header',$dat);
create our query string
$req = "SELECT u.user_id, u.user_band_id, u.user_created, u.user_nickname, u.user_emailadr, u.user_birthdate,
b.band_name, b.band_quota
FROM {$jamroom_db['user']} u
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
WHERE u.user_deleted = 'new'
ORDER BY u.user_created ASC";
$_rt = dbQuery($req,'NUMERIC');
if (isset($_rt) && is_array($_rt)) {
foreach ($_rt as $_row) {
$email = encodeString($_row['user_emailadr']);
$dat[1]['title'] = $_row['user_id'];
$dat[1]['style'] = 'width:5%;text-align:center;';
Let's see the type of user this user is
if (isset($_row['band_quota']) && $_row['band_quota'] > 0) {
$dat[2]['title'] = 'artist';
$cfg = $config['admin_validate'];
}
else {
$dat[2]['title'] = 'member';
$cfg = $config['member_validate'];
}
$dat[2]['style'] = 'width:5%;text-align:center;';
See if we need to show COPPA status
$coppa = '';
if (isset($_row['user_birthdate']) && strlen($_row['user_birthdate']) === 8 && $_row['user_birthdate'] > 0) {
Okay - let's validate that they are over 13 years old
$b_y = substr($_row['user_birthdate'],0,4);
$b_m = substr($_row['user_birthdate'],4,2);
$b_d = substr($_row['user_birthdate'],6,2);
$t_y = strftime('%Y');
if (($t_y - $b_y) == 13) {
Looks like we could be under 13 years old - check
$cpr = (int) $b_m . $b_d;
$cpt = strftime('%m%d');
if ($cpr > $cpt) {
$coppa = '&nbsp;<span class="jmFont3">[COPPA]</span>';
}
}
Check for less then 13
elseif (($t_y - $b_y) < 13) {
$coppa = '&nbsp;<span class="jmFont3">[COPPA]</span>';
}
}
$dat[3]['title'] = '<a href="user.php?mode=user_edit&amp;newuser=1&amp;user_id='. $_row['user_id'] .'"><span class="jmFont3">'. $_row['user_nickname'] .'</span></a>'. $coppa;
$dat[3]['style'] = 'width:21%';
See if we just resent
$rtag = '';
if (isset($_post['r']) && is_numeric($_post['r']) && $_post['r'] == $_row['user_id']) {
$rtag = '&nbsp;<span class="jmFont3">[resent]</span>';
}
$dat[4]['title'] = '<a href="note.php?mode=compose&amp;user_id='. urlencode($_row['user_emailadr']) .'"><span class="jmFont3">'. $email .'</span></a>'. $rtag;
$dat[4]['style'] = 'width:22%;';
$dat[5]['title'] = "<a href=\"band.php?mode=band_mod&amp;band_id={$_row['user_band_id']}\" target=\"_self\"><span class=\"jmFont3\">{$_row['band_name']}</span></a>";
$dat[5]['style'] = 'width:22%;';
$dat[6]['title'] = gmstrftime($config['date1'],convertTime($_row['user_created'],$config['server_offset']));
$dat[6]['style'] = 'width:16%;';
$dat[7]['title'] = jrHtmlButtonCode('delete',"if (!confirm('Do you really want to DELETE the pending user: {$_row['user_nickname']}?\\nNote: A rejected e-mail will NOT be sent')) return false; else window.location = 'signup.php?mode=rem_signup&amp;signup_userid={$_row['user_id']}&amp;signup_bandid={$_row['user_band_id']}'");
$dat[7]['style'] = 'width:3%;';
$dat[8]['title'] = jrHtmlButtonCode('reject',"if (!confirm('Do you really want to REJECT the pending user {$_row['user_nickname']}?\\nNote: a rejected e-mail WILL be sent')) return false; else window.location = 'signup.php?mode=rem_signup&amp;signup_userid={$_row['user_id']}&amp;signup_bandid={$_row['user_band_id']}&amp;reject=yes'");
$dat[8]['style'] = 'width:3%;';
$dat[9]['title'] = jrHtmlButtonCode('approve',"if (!confirm('Do you really want to APPROVE the pending user {$_row['user_nickname']}?')) return false; else window.location = 'signup.php?mode=val_all_signup&amp;signup_user_id={$_row['user_id']}'");
$dat[9]['style'] = 'width:3%;';
See if we can "resend" the activation code to this user
if (isset($cfg) && $cfg == 'no') {
$dat[10]['title'] = jrHtmlButtonCode('resend',"window.location = 'signup.php?mode=resend&amp;signup_user_id={$_row['user_id']}'");
$dat[10]['style'] = 'width:3%;';
}
$dat[10]['title'] = jrHtmlButtonCode('resend','disabled');
$dat[10]['style'] = 'width:3%;';
}
htmlPageSelect('row',$dat);
}
htmlPageSelect('footer');
$dat = array();
unset($dat);
$dat[1]['title'] = jrHtmlButtonCode('approve all','if (!confirm(\'Do you really want to Validate ALL Pending users?\')){return false;} else {window.location=\'signup.php?mode=val_all_signup\'}');
$dat[1]['style'] = 'width:100%;';
htmlPageSelect('header',$dat);
}
htmlPageSelect('footer');
jmBodyEnd();
jmHtmlEnd();
exit;
}
------------------------------------
RESEND
------------------------------------
elseif (isset($_post['mode']) && $_post['mode'] == 'resend') {
Check for valid signup_user_id
if (!checkType($_post['signup_user_id'],'number_nz')) {
jrNoticeage('error','Invalid User ID received - unable to resend activation email!');
}
get all of the details we can about this user
$req = "SELECT u.*,
b.band_name, b.band_quota
FROM {$jamroom_db['user']} u
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
WHERE u.user_id = {$_post['signup_user_id']}
AND u.user_deleted = 'new'
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
jrNoticeage('error','Unable to retrieve User information from the database for user_id '. $_post['signup_user_id'] .' - verify account');
}
verify user email address
if (!checkType($_rt['user_emailadr'],'email')) {
jrNoticeage('error','The Email Address associated with this account does not appear to be valid - verify account.');
}
Here is where we store the Unique Code for this artist account
$code = encString($_rt['user_band_id'] .'|'. $_rt['band_quota']);
send out e-mail
$_rp['VALIDATE_LINK'] = "{$jamroom['jm_htm']}/signup.php?mode=activate&id={$code}";
$_rp['SYSTEM_NAME'] = $config['system_name'];
$_rp['ADMIN_EMAIL'] = $config['admin_address'];
list($sub,$msg) = jrProcessEmail('jr_signup_user_verify',$_rp);
jrSendEmail($_rt['user_emailadr'],$sub,$msg);
jrLocation('signup.php?mode=show_signup&r='. $_post['signup_user_id']);
}
------------------------------------
EMPTY MODE - show form
------------------------------------
strlen($_post['mode']) === 0) ($_post['mode'] == 'suser'
check for previous form submission
$_rep = getForm('signup');
Check to see if we are at our artist limit
dbUpdateItem('signup');
Verify signup quota
$_rep['quota_id'] = $_post['quota_id'];
unset($_rep['e_text']);
}
check to see if we are disabled
if (isset($config['disable_jamroom']) && $config['disable_jamroom'] == 'yes') {
$_rep['e_text'] = $config['disable_notice'];
}
If we get an ICODE on our signup, then we'll find out the quota that we are going
to use based on WHO INVITED, and their quota id
if (isset($_post['icode']) && strlen($_post['icode']) === 8) {
Looks like we have an invitation code - do our work
$req = "SELECT *
FROM {$jamroom_db['invites']}
WHERE invite_code = '". dbEscapeString($_post['icode']) ."'
AND invite_accept = '0'
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
if (isset($_rt['invite_code']) && strlen($_rt['invite_code']) === 8) {
$_rep['user_emailadr'] = $_rt['invite_email'];
$_rep['user_emailadr2'] = $_rt['invite_email'];
Looks like we match in the DB - get our quota_id
$req = "SELECT q.quota_invite_quota
FROM {$jamroom_db['user']} u
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
LEFT JOIN {$jamroom_db['quota']} q ON q.quota_id = b.band_quota
WHERE u.user_id = '{$_rt['invite_user_id']}'
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
if (is_numeric($_rt['quota_invite_quota']) && $_rt['quota_invite_quota'] != '0') {
$_rep['quota_id'] = $_rt['quota_invite_quota'];
}
else {
It looks like we could not figure out our signup quota
for this code - let's default to our member signup quota
$_rep['quota_id'] = $config['new_member_quota'];
}
$_post['quota_id'] = $_rep['quota_id'];
$_SESSION['JR_INVITE_CODE'] = $_post['icode'];
}
}
check for error
if (isset($_rep['e_text']) && strlen($_rep['e_text']) > 0) {
$_rep['SIGNUP_ERROR'] = $_rep['e_text'];
unset($_rep['e_text']);
remInForm('e_text','signup');
}
$_rep['style'] = str_replace('.css','',$config['default_style']);
now let's verify that the quota we have received is an ALLOWED
quota to be signed up in
if (!isset($_SESSION['JR_INVITE_CODE'])) {
$req = "SELECT quota_id
FROM {$jamroom_db['quota']}
WHERE quota_signups = 'yes'";
$_rt = dbQuery($req,'quota_id');
if (!is_array($_rt["{$_rep['quota_id']}"])) {
looks like the quota ID we received is NOT setup to allow signups -
let's double check the signup settings to see if they have misconfigured the quota
if ($_rep['quota_id'] != $config['new_artist_quota'] && $_rep['quota_id'] != $config['new_member_quota']) {
looks like they are scammers - lets reset them as a member
$_rep['quota_id'] = (int) $config['new_member_quota'];
}
}
}
if ($_rep['quota_id'] > 0) {
$n = readMasterConfig(genc('get','czoxOiI1Ijs='));
if (is_numeric($config[$a]) && $config[$a] >= $n) {
$b = genc('get','czo1OiJsbm90ZSI7');
$_rep['SIGNUP_ERROR'] = 'An Error has been encountered and new signups have been disabled - the System Administrator has been notified';
$_rep['DISABLED'] = 1;
jmLogger(0,'MAJ',$$b);
}
}
$_rep = jrArraymerge(cleanPostVars($_post),$_rep);
$_tpl = htmlGetTemplate('template',$_post,'signup',$stpl);
htmlShowTemplate($_tpl['tpl_dir'],$_tpl['template'],$_rep);
exit;
}
------------------------------------
REGISTER USER
------------------------------------
make sure we do not get any HTML in our input (XSS)
$_post = stripHtml($_post);
See if we have an incoming template - we need to make sure it gets added
in so if we encounter an error it gets used on the refresh.
$url = 'signup.php?mode=signup';
if (isset($_post['template']) && strpos($_post['template'],'.tpl')) {
$url .= '&template='. stripHtml($_post['template']);
}
common entries - these entries are shared by new Members and Artists alike (User info)
$_post['user_nickname'] = trim($_post['user_nickname']);
$_post['user_emailadr'] = trim($_post['user_emailadr']);
$_post['user_emailadr2'] = trim($_post['user_emailadr2']);
save our form elements into the session so we can use them again if needed
saveForm('signup',$_post);
addToForm('quota_id',$_post['quota_id'],'signup');
check to see if we are disabled
if (isset($config['disable_jamroom']) && $config['disable_jamroom'] == 'yes') {
addToForm('e_text',$config['disable_notice'],'signup');
$_post['ERROR_CODE'] = 'JAMROOM_DISABLED';
jrResultResponse($_post,$url);
}
see what type of signup we are doing - Member or Artist
if (is_numeric($_post['quota_id']) && $_post['quota_id'] > 0) {
let's verify that Artist Signups are allowed
jmLogger(0,'MAJ',"signup: attempt to signup to quota that has signups disabled - quota_id: {$_post['quota_id']}");
addToForm('e_text',$language['signup'][32],'signup');
$_post['ERROR_CODE'] = 'INVALID_SIGNUP_QUOTA';
jrResultResponse($_post,$url);
}
$_post['band_name'] = trim($_post['band_name']);
looks like we are doing ARTIST VALIDATION - set our flag
$v_type = $config['admin_validate'];
}
--------------------------
COMMON VALIDATION
--------------------------
check for valid captcha
if (!checkType($_post['captcha_code'],'captcha')) {
addToForm('e_text',$language['signup'][31],'signup');
$_post['ERROR_CODE'] = 'INVALID_CAPTCHA';
jrResultResponse($_post,$url);
}
}
USER AGREEMENT (if it is there)
if (isset($_post['user_agreement']) && $_post['user_agreement'] != 'on') {
addToForm('e_text',$language['signup'][30],'signup');
$_post['ERROR_CODE'] = 'USER_AGREEMENT';
jrResultResponse($_post,$url);
}
VERIFY EMPTY USER NAME
addToForm('e_text',$language['signup'][4],'signup');
$_post['ERROR_CODE'] = 'INVALID_USER_NICKNAME';
jrResultResponse($_post,$url);
}
UNIQUE/BANNED User name
addToForm('e_text',$language['signup'][5],'signup');
$_post['ERROR_CODE'] = 'USER_NICKNAME_EXISTS';
jrResultResponse($_post,$url);
}
See if we are "checking" in a bridge script
if (isset($config['active_bridge']) && strlen($config['active_bridge']) > 0) {
$ret = jrRunBridge('check',$_post);
if (isset($ret) && strstr($ret,'ERROR')) {
addToForm('e_text',$language['signup'][5],'signup');
$_post['ERROR_CODE'] = 'USER_NICKNAME_EXISTS';
jrResultResponse($_post,$url);
}
}
CHECK EMAIL ADDRESS
if (dbBannedItem('check','banned_address',$_post['user_emailadr'])) {
addToForm('e_text',$language['signup'][8],'signup');
$_post['ERROR_CODE'] = 'INVALID_EMAIL';
jrResultResponse($_post,$url);
}
VERIFY EMAIL
addToForm('e_text',$language['signup'][8],'signup');
$_post['ERROR_CODE'] = 'INVALID_EMAIL';
jrResultResponse($_post,$url);
}
else {
make sure that this e-mail address has not already signed up before
$req = "SELECT user_id
FROM {$jamroom_db['user']}
WHERE user_emailadr = '{$_post['user_emailadr']}'
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
if (strlen($_rt['user_id']) > 0) {
addToForm('e_text',$language['signup'][9],'signup');
$_post['ERROR_CODE'] = 'EMAIL_ALREADY_USED';
jrResultResponse($_post,$url);
}
}
VERIFY PASSWORD MATCH
if (($_post['user_password1'] == $_post['user_password2']) && strlen($_post['user_password1']) > 1) {
$_post['user_temp'] = $_post['user_password1'];
$_post['user_password'] = md5($_post['user_password1']);
}
else {
addToForm('e_text',$language['signup'][3],'signup');
$_post['ERROR_CODE'] = 'PASSWORD_MISMATCH';
jrResultResponse($_post,$url);
}
--------------------------
ARTIST VALIDATION
--------------------------
Let's check to see if member signups are allowed
addToForm('e_text',$language['signup'][32],'signup');
$_post['ERROR_CODE'] = 'SIGNUP_DISABLED';
jrResultResponse($_post,$url);
}
$_post['band_name'] = trim($_post['user_nickname']);
looks like we are doing MEMBER VALIDATION - set our flag
$v_type = $config['member_validate'];
}
VERIFY BAND NAME
addToForm('e_text',$language['band'][15],'signup');
$_post['ERROR_CODE'] = 'INVALID_BAND_NAME';
jrResultResponse($_post,$url);
}
UNIQ/BANNED/CHARS
dbBannedItem('check','banned_name',$_post['band_name'])
addToForm('e_text',$language['signup'][6],'signup');
$_post['ERROR_CODE'] = 'INVALID_BAND_NAME';
jrResultResponse($_post,$url);
}
CREATE BAND_URL
$_post['band_url'] = $_post['band_name'];
}
$_post['band_url'] = fileString($_post['band_url']);
--------------------------
COPPA VALIDATION
--------------------------
$_coppa = false;
if (isset($config['coppa_active']) && $config['coppa_active'] == 'yes') {
if (isset($_post['birth_day'])) {
$_post['user_birthdate'] = $_post['birth_year'] . $_post['birth_month'] . $_post['birth_day'];
}
$_post['user_birthdate'] = (int) trim($_post['user_birthdate']);
Let's validate the incoming age
addToForm('e_text',$language['misc'][110] .' '. $language['user'][90],'signup');
$_post['ERROR_CODE'] = 'INVALID_BIRTH_DATE';
jrResultResponse($_post,$url);
}
Okay - let's validate that they are over 13 years old
$b_y = substr($_post['user_birthdate'],0,4);
$b_m = substr($_post['user_birthdate'],4,2);
$b_d = substr($_post['user_birthdate'],6,2);
$t_y = strftime('%Y');
if (($t_y - $b_y) == 13) {
Looks like we could be under 13 years old - check
$cpr = (int) $b_m . $b_d;
$cpt = strftime('%m%d');
if ($cpr > $cpt) {
Turn on Admin Validation and flag it
$v_type ='yes';
$_coppa = true;
}
}
Check for less then 13
elseif (($t_y - $b_y) < 13) {
$v_type ='yes';
$_coppa = true;
}
}
--------------------------
QUOTA VALIDATION
--------------------------
$quota_check = true;
if (isset($_SESSION['JR_INVITE_CODE'])) {
We're not going to do quota validation if this user
was brought in via an invite - but we need to verify this
is a good invite code
$req = "SELECT *
FROM {$jamroom_db['invites']}
WHERE invite_code = '". dbEscapeString($_SESSION['JR_INVITE_CODE']) ."'
AND invite_accept = '0'
LIMIT 1";
$_qc = dbQuery($req,'SINGLE');
if (isset($_qc['invite_code']) && strlen($_qc['invite_code']) === 8) {
Looks like we are NOT going to validate quota, since they are an invitee
get quota info
$req = "SELECT q.*
FROM {$jamroom_db['invites']} i
LEFT JOIN {$jamroom_db['user']} u ON u.user_id = i.invite_user_id
LEFT JOIN {$jamroom_db['band_info']} b ON b.band_id = u.user_band_id
LEFT JOIN {$jamroom_db['quota']} q ON q.quota_id = b.band_quota
WHERE i.invite_code = '". dbEscapeString($_SESSION['JR_INVITE_CODE']) ."'
AND i.invite_accept = '0'
LIMIT 1";
$_qt = dbQuery($req,'SINGLE');
if (isset($_qt['quota_id']) && is_numeric($_qt['quota_id']) && $_qt['quota_id'] != '0') {
$quota_check = false;
}
}
}
if (isset($quota_check) && $quota_check === true) {
if (is_numeric($_post['quota_id']) && $_post['quota_id'] != 0) {
it looks like we got an incoming quota_id - let's make sure this is a valid quota in this system
$req = "SELECT quota_id
FROM {$jamroom_db['quota']}
WHERE quota_id = '{$_post['quota_id']}'
AND quota_signups = 'yes'
LIMIT 1";
$_qt = dbQuery($req,'SINGLE');
OK this quota does not allow signing up.. let's
check if it is misconfigured
if ($_post['quota_id'] != $config['new_artist_quota'] && $_post['quota_id'] != $config['new_member_quota']) {
invalid quota
jmLogger(0,'MAJ',"Invalid quota_id received: {$_post['quota_id']} - verify signup template configuration");
addToForm('e_text',$language['misc'][112],'signup');
$_post['ERROR_CODE'] = 'INVALID_SIGNUP_QUOTA';
jrResultResponse($_post,$url);
}
log that they have not configured the quota correctly
jmLogger(0,'MAJ',"Invalid quota_id received for signup - quota_id {$_post['quota_id']} is set as default for signup, but Allow Signup is set to no in the Quota");
}
}
else {
invalid quota
jmLogger(0,'MAJ',"Invalid quota_id received: {$_post['quota_id']} - verify signup template configuration");
addToForm('e_text',$language['misc'][112],'signup');
$_post['ERROR_CODE'] = 'INVALID_SIGNUP_QUOTA';
jrResultResponse($_post,$url);
}
}
------------------------------------
CREATE ARTIST ACCOUNT
------------------------------------
$_post['band_quota'] = $_post['quota_id'];
$_post['band_active'] = 0;
$_post['band_theme'] = jrGetThemeId($_post['quota_id']);
$_post['band_server'] = jrGetDefaultServer();
Now that we know our server_id, if it is NOT 0, we need to get the cluster URL
if (checkType($_post['band_server'],'number_nz')) {
$req = "SELECT server_url
FROM {$jamroom_db['servers']}
WHERE server_id = '{$_post['band_server']}'
LIMIT 1";
$_rt = dbQuery($req,'SINGLE');
if (isset($_rt['server_url']) && strlen($_rt['server_url']) > 0) {
$_post['band_server_url'] = $_rt['server_url'];
}
}
$_post['user_band_id'] = setData('new','band_info',$_post);
jmLogger(0,'CRI',"Error creating new artist {$_post['band_name']} in the database - verify database connection");
addToForm('e_text',$language['misc'][112],'signup');
$_post['ERROR_CODE'] = 'DATABASE_ERROR';
jrResultResponse($_post,$url);
}
Update our custom form fields
jrCustomFieldSql('band',$_post,'band_id',$_post['user_band_id']);
------------------------------------
CREATE USER ACCOUNT
------------------------------------
$_post['user_group_id'] = $_post['user_band_id'];
$_post['user_style'] = $config['default_style'];
}
if (isset($_qt['quota_language']) && strlen($_qt['quota_language']) > 0) {
$_post['user_language'] = $_qt['quota_language'];
}
else {
$_post['user_language'] = $config['default_language'];
}
}
Check for defaults
if (!isset($_post['user_note_notify'])) {
$_post['user_note_notify'] = '1';
}
if (!isset($_post['user_show_favs'])) {
$_post['user_show_favs'] = '1';
}
Next - we want to get ALL of the available fields from
the jamroom_user table, and allow any of them to be set. If
we get a user_ variable from the form that is NOT one of
the fields in our user table, then we want to store that
field/value combo in the user_data field as a serialized
array.
$req = "DESCRIBE {$jamroom_db['user']}";
$_rt = dbQuery($req,'Field');
if (isset($_rt) && is_array($_rt)) {
Okay - we got the column information we need from the user table
Next - we need to get the next available user_id from out database
$_post['user_id'] = dbNextOrder(0,'user');
$_post['user_deleted'] = 'new';
$_post['user_created'] = time();
$_post['user_updated'] = $_post['user_created'];
$_post['user_ip'] = $jamroom['ip_address'];
User cannot sign up as a content editor
$_post['user_editor'] = '0';
if (checkType($_post['user_id'],'number_nz')) {
Create our query
$one = "INSERT INTO {$jamroom_db['user']} (";
$two = " VALUES (";
Get our user custom form fields
$req = "SELECT *
FROM {$jamroom_db['custom_form']}
WHERE form_name LIKE 'user%'";
$_custom = dbQuery($req,'form_name');
foreach ($_post as $key => $val) {
We don't want to insert admin-only custom form fields, so check for them here
if (array_key_exists($key,$_custom) && isset($_custom[$key]['form_admin']) && $_custom[$key]['form_admin'] == '1') {
unset($_post[$key]);
continue;
}
if (isset($_rt[$key]) && strlen($val) > 0) {
$one .= "{$key},";
$two .= "'". dbEscapeString($val) ."',";
}
}
$one = substr($one,0,strlen($one) - 1);
$two = substr($two,0,strlen($two) - 1);
$req = $one .') '. $two .')';
unset($one,$two);
$cnt = dbQuery($req,'COUNT');
remove our user_id here as the insert did not work - this will fall
through so the band can be removed below
unset($_post['user_id']);
}
}
}
$_post['user_id'] = (int) $_post['user_id'];
Make sure we came through that well..
jmLogger(0,'CRI',"Error adding new user {$_post['user_nickname']} to the database - verify database connection");
looks like our signup failed - we need to "cleanup" and remove the artist account
$req = "DELETE FROM {$jamroom_db['band_info']}
WHERE band_id = '{$_post['user_band_id']}'
LIMIT 1";
$cnt = dbQuery($req,'COUNT');
jmLogger(0,'CRI',"Unable to remove bad Artist Account {$_post['band_name']} from {$jamroom_db['band_info']} table - verify database connection");
}
addToForm('e_text',$language['misc'][112],'signup');
$_post['ERROR_CODE'] = 'DATABASE_ERROR';
jrResultResponse($_post,$url);
}
Lastly - check for images
if (isset($_post['band_image']['size']) && $_post['band_image']['size'] > 0) {
$_ret = getMediaFile($_post['user_band_id'],'band_image',$_post['user_band_id'],$_post);
}
if (isset($_post['user_image']['size']) && $_post['user_image']['size'] > 0) {
$_ret = getMediaFile($_post['user_band_id'],'user_image',$_user['post_id'],$_post);
}
passed all tests - reset form
resetForm('signup');
--------------------
EMAIL
--------------------
$_rp = array_change_key_case($_post,CASE_UPPER);
We need to send out our validation email here if the MEMBER or ADMIN is validating themselves
$v_type will be set to "yes" if ADMIN VALIDATION for that quota is turned on, so we want to
send the user an email only if $v_type (validation type) is set to "no".
Here is where we store the Unique Code for this artist account
$code = encString($_post['user_band_id'] .'|'. $_post['quota_id']);
if (isset($v_type) && $v_type == 'no' && !isset($_SESSION['JR_INVITE_CODE'])) {
send out e-mail
$_rp['USER_IP'] = $jamroom['ip_address'];
$_rp['VALIDATE_LINK'] = "{$jamroom['jm_htm']}/signup.php?mode=activate&id={$code}";
$_rp['SYSTEM_NAME'] = $config['system_name'];
$_rp['ADMIN_EMAIL'] = $config['admin_address'];
list($sub,$msg) = jrProcessEmail('jr_signup_user_verify',$_rp);
jrSendEmail($_post['user_emailadr'],$sub,$msg);
}
-------------------------------
Admin Email
-------------------------------
Send out Admin email if instructed to do so
$config['admin_emails'] == 'yev'))
// check for valid Sign
Mitglied: filippg
filippg 15.08.2009 um 21:32:27 Uhr
Goto Top
Hallo,

der von dir gepostete Code-Abschnitt enthält scheinbar nicht alle relevanten Schritte. Und ehrlich gesagt habe ich keine Lust, mich durch seitenweise Code zu ackern, um deine Probleme zu lösen.
Zwei Tips:
1. Füge als Joomla-Passwort mal 86160309721f82b0e39d40b456af33f8: ein - also das von dir gepostete Jamroom-Passwort, nur mit einem : angehängt. Vielleicht funktioniert das
2. Frage in einem speziellen Jamroom-Forum.

Gruß

Filipp
Mitglied: Mvisia
Mvisia 15.08.2009 um 21:39:16 Uhr
Goto Top
Ok Danke trotzdem für dein mühe face-smile