I'm using Lonnie's draft utility over in the PFL and updated the PFL boards to the newest release of phpBB. Unfortunately, they changed the hash, so the MD5 doesn't work anymore and it broke the login for the utility... Anyone an expert in php and would mind helping me debug this? I'm on AIM (Grshpr 2001) if you'd like to help...

Here's the applicable code:


<?php
// These variables are usually passed back in a form, if they are not set they will be defined here.
// This keeps the httpd log from filling up with PHP UNDEFINED errors on the web server.
if (!isset($uid)) { $uid=""; }
if (!isset($pwd)) { $pwd=""; }
if (!isset($edittype)) { $edittype=""; }
// Set $draftstatus to live or standby
$draftstatus = "standby";
// If userid or password is blank offer the login screen
if (($uid == "") or ($pwd == "")) {
printf("<table width=300 border=0 cellspacing=1>");
printf("<tr>\n");
printf("<td width=80 class='ScheduleTableRow'>
<font face='Arial'>
<form action=$PHP_SELF method='post' enctype='multipart/form-data'>
<input type=hidden name='uid' value='$uid'>
<input type=hidden name='pwd' value='$pwd'>
<b>User:</b></font></td>\n");
printf("<td width=220 class='ScheduleTableRow' align=left>
<input type='text' name='uid' value='%s' size=15></td>\n", $uid);
printf("</tr>\n");
printf("<tr>\n");
printf("<td class='ScheduleTableRow'><font face='Arial'><b>Pass:</b></font></td>\n");
printf("<td class='ScheduleTableRow' align=left>
<input type='password' name='pwd' value='%s' size=15></td>\n", $pwd);
printf("</tr>\n");
printf("<tr><td colspan=2 class='ScheduleTableRow'><center>
<input type='submit' name='submit' value='Submit'></td></tr>\n");
printf("</form>\n");
printf("</table>");
} else {
$sql = "SELECT username, user_password from phpbb3_users where username = '$uid'";
$result = mysql_query($sql,$db)or die("Bad query: ".mysql_error());
// Check password, if it doesn't match another login screen appears with "TRY AGAIN"
if ($myrow = mysql_fetch_array($result)) {
if (md5($pwd) == $myrow[1]) {
switch($edittype) {

I'm here, but I don't know what changes they made to their password encryption. I just checked on phpBB's site and they say MD5 is still an option. So it may be buried in the phpBB settings somewhere. I'll look into it a little more and see if I can find a quick work around.

You could create a new table and populate it with MD5 passwords as a workaround for now. Just change the phpbb3_users to your other user/password table. Since this one is named phpbb3, do you still have the old tables there? They might work until I can get a better solution.

I still have the old tables, but unfortunately we have new users who aren't registered under those tables. I suppose I could create a couple entries for them. I'll look into doing that. Here's what I was able to find on the phpbb boards...

My request for help:
http://www.phpbb.com/community/viewtopic.php?f=46&t=690625&start=0&st=0&sk=t&sd=a

The dev talking about how to use new hash functions:
http://www.phpbb.com/community/viewtopic.php?f=71&t=585387&st=0&sk=t&sd=a&start=60

Lonnie, if you're around tomorrow (later today as I'm writing this), I'd appreciate it if you could help me debug this sucker. I'm a complete novice @ php, and when I try to implement some of their changes (like adding a line to include the new hash functions), I just get a blank screen and I'm not sure why. Thanks!!

I gave it some attempt at getting session integration working tonight but I'm still falling short. There seems to be a lot of confusion out there about it right now. I'll try the new hash function tomorrow.

Ok try this out for size.

Add the following lines to the very top of index.php even before the html tag, but change the '../phpBB3/' to the path of your forum directory. Mine is at the same level as /draft/ so I go up a level with .. and then into /phpBB3/.

<?php
define('IN_PHPBB', true);
$phpbb_root_path = '../phpBB3/';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($phpbb_root_path . 'common.' . $phpEx);
include($phpbb_root_path . 'includes/functions_user.php');
include($phpbb_root_path . 'includes/ucp/ucp_register.php');
?>

Then find this line:

if (md5($pwd) == $myrow[1]) {

and change it to this:

if (phpbb_check_hash($pwd, $myrow[1])) {

I installed phpBB3 and did a test run and it worked.

ok, I'll try this...

That didn't exactly work. Page looks really funky now. Ok, here's my test page:

http://primetime-football-league.com/draft/index-test.php

dola. I'm on AIM atm if you can IM me. Grshpr2001

Some additional changes made to get Nick's working. Just for documentation purposes in case someone can't reach me.

Do a find and replace of $PHP_SELF with $_SERVER[PHP_SELF]

Then to reinitialize all of the variables that phpBB steps on, place the following after the line $draftstatus = "live";

// transfer POST variables to local variables
$uid=$_POST[uid];
$pwd=$_POST[pwd];
$tid=$_POST[tid];
$edittype=$_POST[edittype];
$ptrade=$_POST[ptrade];
$tradeteam=$_POST[tradeteam];
$spick=$_POST[spick];
$sortopt=$_POST[sortopt];
$playerselection=$_POST[playerselection];
$pref=$_POST[pref];
$usage=$_POST[usage];

I think I have all the passed variables in that list. Further testing may prove otherwise and if so I will update this post.