SunQuest
           PHP Installation
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Codewalkers ForumsPHP RelatedPHP Installation
Reload this Page

Cant acces phpauction XL 2 admin area

Discuss Cant acces phpauction XL 2 admin area in the PHP Installation forum on Codewalkers.
Cant acces phpauction XL 2 admin area For all your PHP installation needs and questions.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Codewalkers Forums Sponsor:
Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here
  #1  
Old January 28th, 2007, 03:36 AM
Anonymous Anonymous is offline
Registered User
Codewalkers God 35th Plane (22000 - 22499 posts)
  
Join Date: Apr 2007
Posts: 22,309 Anonymous User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 24
Cant acces phpauction XL 2 admin area
I,

I have setup the phpauction xl 2 but seem that i cant connect to the admin area of phpauction.

Basicaly Evrytime i go to the admin area it askme to create a admin username and password, i have tryied loads of times and always the same screen. I went to my database to check if its writting something in the proper admin table and seems nothing is being iserted there.

I tried even to manualy to input the username and admin password but agan nothing.. it seems that the phpaucting uses a security algorithm calle md5_prefix that i cant understand..

If someone knows abouth this problem that can give me some light i would appreciate. I leave you with the login.php from admin area...

php Code:
Original - php Code 
  1.  
  2. <?#//v.2.0.0
  3. #///////////////////////////////////////////////////////
  4. #// COPYRIGHT 2004 Phpauction.org ALL RIGHTS RESERVED//
  5. #///////////////////////////////////////////////////////
  6.  
  7. session_name("PHPAUCTIONADMIN");
  8.  
  10.  
  11.  
  12. require('../includes/messages.inc.php');
  13. require('../includes/config.inc.php');
  14.  
  15. if($HTTP_POST_VARS[action] == "insert" && basename($HTTP_REFERER) == basename($PHP_SELF))
  16. {
  17. #// Additional security check
  18. $RR = mysql_query("SELECT id from PHPAUCTIONXL_adminusers");
  19. if(mysql_num_rows($RR) > 0)
  20. {
  21. print "Fatal error: user cannot be inserted - one or more administrators are already present in 
  23. the database.<BR><A HREF=login.php>login page</A>";
  25. }
  26. $md5_pass=md5($MD5_PREFIX.$password);
  27. $query = "insert into PHPAUCTIONXL_adminusers values (10,'$username', '$md5_pass', 
  29. '20011224', '20020110093458', 1)";
  30. $result = @mysql_query($query);
  31. #// Redirect
  32. Header("Location: admin.php");
  34. }
  35. $query = "select MAX(id) from PHPAUCTIONXL_adminusers";
  36. $result = @mysql_query($query);
  37. while($row = mysql_fetch_row($result))
  38. {
  39. $id = $row[0] + 1;
  40. }
  41. if($id==1)
  42. {
  43. $id=0;
  44. require("./header.php"); ?>
  45. <TABLE BORDER=0 WIDTH=650 CELLPADDING=0 CELLSPACING=0 
  46.  
  47. BGCOLOR="#FFFFFF" ALIGN="CENTER">
  48. <TR>
  49. <TD><CENTER><FONT FACE="Verdana, Arial, Helvetica, 
  51. sans-serif" SIZE="4"><BR>
  52. <BR>
  53.  
  54. <FORM NAME=login ACTION=login2.php METHOD=POST>
  55. <TABLE WIDTH="410" BORDER="0" CELLSPACING="0" 
  56.  
  57. CELLPADDING="1" BGCOLOR="#336699">
  58. <TR>
  59. <TD>
  60. <TABLE WIDTH=100% CELLPADDING=3 
  61.  
  62. ALIGN="CENTER" CELLSPACING="0" BORDER="0" BGCOLOR="#FFFFFF">
  63. <TR BGCOLOR="#336699">
  64. <TD COLSPAN="2" 
  65.  
  66. ALIGN=CENTER><FONT FACE="Tahoma, Verdana" SIZE="2" COLOR="#FFFFFF"><B>
  67. :: Please create 
  68.  
  69. your username and password ::</B></FONT>
  70. <? print "$pw=$md5_pass"; ?> 
  71. </TD>
  72. </TR>
  73. <TR>
  74. <TD></TD>
  75. <TD> <FONT 
  76.  
  77. FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="2" COLOR=red>
  78.  
  79.  
  80.  
  81. <? print $ERR; ?>
  82. </FONT> 
  83.  
  84. </TD>
  85. </TR>
  86. <TR>
  87. <TD ALIGN=right> 
  88.  
  89. <FONT FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="2">
  90. <? print 
  91.  
  92. $MSG_003; ?>
  93. </FONT> 
  94.  
  95. </TD>
  96. <TD>
  97. <INPUT 
  98.  
  99. TYPE=TEXT NAME=username SIZE=20 >
  100. </TD>
  101. </TR>
  102. <TR>
  103. <TD ALIGN=right> 
  104.  
  105. <FONT FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="2">
  106. <? print 
  107.  
  108. $MSG_004; ?>
  109. </FONT> 
  110.  
  111. </TD>
  112. <TD>
  113. <INPUT 
  114.  
  115. TYPE=password NAME=password SIZE=20 >
  116. </TD>
  117. </TR>
  118. <TR>
  119. <TD></TD>
  120. <TD>
  121. <INPUT 
  122.  
  123. TYPE=submit NAME=action VALUE="insert">
  124. </TD>
  125. </TR>
  126. </TABLE>
  127. </TD>
  128. </TR>
  129. </TABLE>
  130. </FORM>
  131. </font>
  132. </CENTER>
  133. </TD>
  134. </TR>
  135. </TABLE>
  136.  
  137.  
  138. <?
  139.  
  140. }
  141. else { $id=1;
  142. #//
  143.  
  144. if($HTTP_POST_VARS[action] == "login")
  145.  
  146. {
  147.  
  148. if(strlen($HTTP_POST_VARS[username]) == 0 ||
  149.  
  150. strlen($HTTP_POST_VARS[password]) == 0
  151.  
  152. )
  153.  
  154. {
  155.  
  156. $ERR = $ERR_047;
  157.  
  158. }
  159.  
  160. else
  161.  
  162. {
  163.  
  164. $query = "select * from PHPAUCTIONXL_adminusers where 
  166. username='$HTTP_POST_VARS[username]' and 
  168. password='".md5($MD5_PREFIX.$HTTP_POST_VARS[password])."'";
  169.  
  170. $res = @mysql_query($query);
  171.  
  172. if(!$res)
  173.  
  174. {
  175.  
  176. print "Error: $query<BR>".mysql_error();
  177.  
  179.  
  180. }
  181.  
  182. if(mysql_num_rows($res) == 0)
  183.  
  184. {
  185.  
  186. $ERR = $ERR_048;
  187.  
  188. }
  189.  
  190. else
  191.  
  192. {
  193.  
  194. $admin = mysql_fetch_array($res);
  195.  
  196.  
  197.  
  198. #// Set sessions vars
  199.  
  200. $PHPAUCTION_ADMIN_LOGIN = $admin[id];
  201.  
  202. $PHPAUCTION_ADMIN_USER = $admin[username];
  203.  
  204. session_name("PHPAUCTIONADMIN");
  205.  
  206. session_register("PHPAUCTION_ADMIN_LOGIN","PHPAUCT ION_ADMIN_USER");
  207.  
  208.  
  209.  
  210. #// Update last login information for this user
  211.  
  212. $query = "update PHPAUCTIONXL_adminusers set 
  214. lastlogin='".date("YmdHis")."' where username='$admin[username]'";
  215.  
  216. $rr = mysql_query($query);
  217.  
  218. if(!$rr)
  219.  
  220. {
  221.  
  222. print "Error: $query<BR>".mysql_error();
  223.  
  225.  
  226. }
  227.  
  228.  
  229.  
  230. #// Redirect
  231.  
  232. Header("Location: admin.php");
  233.  
  235.  
  236. }
  237.  
  238. }
  239.  
  240. }
  241.  
  242.  
  243.  
  244. require("./header.php");
  245.  
  246.  
  247.  
  248. ?>
  249.  
  250.  
  251.  
  252. <TABLE BORDER=0 WIDTH=650 CELLPADDING=0 CELLSPACING=0 BGCOLOR="#FFFFFF" ALIGN="CENTER">
  253.  
  254. <TR>
  255.  
  256. <TD>
  257.  
  258. <CENTER>
  259.  
  260. <FONT FACE="Verdana, Arial, Helvetica, sans-serif" SIZE="4"><BR>
  261.  
  262. <BR>
  263.  
  264. <? if(!$action || ($action && $ERR)) : ?>
  265.  
  266. <FORM NAME=login ACTION=login.php METHOD=POST>
  267.  
  268. <TABLE WIDTH="415" BORDER="0" CELLSPACING="0" 
  269.  
  270. CELLPADDING="1" BGCOLOR="#336699">
  271.  
  272. <TR>
  273.  
  274. <TD>
  275.  
  276. <TABLE WIDTH=100% CELLPADDING=4 
  277.  
  278. ALIGN="CENTER" CELLSPACING="0" BORDER="0" BGCOLOR="#FFFFFF">
  279.  
  280. <TR BGCOLOR="#33CC33">
  281.  
  282. <TD COLSPAN="2" 
  283.  
  284. ALIGN=CENTER><FONT FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="1" 
  285.  
  286. COLOR="#FFFFFF"><B>:: PLEASE LOG IN WITH THE USERNAME & PASSWORD YOU CREATED ::</B></FONT></TD>
  287.  
  288. </TR>
  289.  
  290. <TR>
  291. <TD></TD>
  292. <TD> <FONT 
  293.  
  294. FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="2" COLOR=red>
  295. <? print "$md5_pass = md5($md5_prefix, password)"; ?> 
  296. <? print $ERR; ?>
  297. </FONT> 
  298.  
  299. </TD>
  300. </TR>
  301. <TR>
  302. <TD ALIGN=right> 
  303.  
  304. <FONT FACE="Verdana, Verdana, Arial, Helvetica, sans-serif" SIZE="2">
  305. <? print 
  306.  
  307. $MSG_003; ?>
  308. </FONT> 
  309.  
  310. </TD>
  311. <TD>
  312. <INPUT 
  313.  
  314. TYPE=TEXT NAME=username SIZE=20 >