login.php - Problem nach CTracker

Slytherin · Beitrag von **Slytherin** » 11.03.2006 20:50

Ich hab ein Problem mit einer login.php - und zwar erscheint die folgende Fehlermeldung, wenn ich die Datei aufrufe:

Parse error: parse error, unexpected '{' in /usr/export/www/vhosts/funnetwork/hosting/slytherin/Rollenspiel/login.php on line 158

Die betreffenden Zeilen:

//
// CBACK CrackerTracker Visual Login Confirmation
// visual confirmation code Generator taken from phpBB (c) phpBB Group
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
$mode = htmlspecialchars($mode);

if ( $mode == 'confirm' )
{
if ( $userdata['session_logged_in'] )
{
exit;
}
include($phpbb_root_path . 'ctracker/ct_confirm.'.$phpEx);
exit;
}
}

//
// Now we check if the User is trying to Log in if he already has used one attempt or not
// if not we disable the Visual Confirmation Code and with this we allow a normal login without any Confirmation
// if the User tried to log in once we just continue with the normal Script and then we show the Visible Code every time the user
// tries to log in before checking Password or anything.
// Well OK its more DB gaming but many users want comfort AND security so let's do it
//
if(!empty($HTTP_POST_VARS['username']) && $ctracker_config['loginfeature'] == 1)
{
$secure_username = '';
$secure_username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$sql = "SELECT ct_logintry FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\\'", "''", $secure_username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
if( $row = $db->sql_fetchrow($result) )
{
if($row['ct_logintry'] == 0)
{
$ctracker_config['loginfeature'] = 0;
}
}
}
else
{
$ctracker_config['loginfeature'] = 0;
}

if ( $ctracker_config['loginfeature'] == 1 && !$userdata['session_logged_in'] && !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code']))
{
$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']); if (!preg_match('/^[A-Za-z0-9]+$/', $confirm_id))
{
$confirm_id = '';
}

$sql = 'SELECT code
FROM ' . CTVISKEY . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!($result = $db->sql_query($sql)))
{
message_die(GENERAL_ERROR, 'Could not obtain confirmation code', __LINE__, __FILE__, $sql);
}

if ($row = $db->sql_fetchrow($result))
{
if ($row['code'] != $HTTP_POST_VARS['confirm_code'])
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']);
}
else
{
$sql = 'DELETE FROM ' . CTVISKEY . "
WHERE confirm_id = '$confirm_id'
AND session_id = '" . $userdata['session_id'] . "'";
if (!$db->sql_query($sql))
{
message_die(GENERAL_ERROR, 'Could not delete confirmation code', __LINE__, __FILE__, $sql);
}
}
}
else
{
message_die(GENERAL_MESSAGE, $lang['ct_forum_sl1']);
}
$db->sql_freeresult($result);
}

$vcheck_need = FALSE;
$vcheck_login = TRUE;
if($ctracker_config['loginfeature'] == 1 )
{
$vcheck_need = TRUE;
$vcheck_login = FALSE;
}

if (($vcheck_need = FALSE || $userdata['session_logged_in']) or (isset($HTTP_GET_VARS['logout']) || !empty($HTTP_POST_VARS['confirm_id']) && !empty($HTTP_POST_VARS['confirm_code'])))
{
$vcheck_login = TRUE;
}

if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
{
if( (( $vcheck_login == TRUE ) and ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && (!$userdata['session_logged_in'] || isset($HTTP_POST_VARS['admin'])) )
{
$username = isset($HTTP_POST_VARS['username']) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
$password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';

Rot = Betreffende Zeile

Beitrag von **cYbercOsmOnauT** » 12.03.2006 00:51

Da ist ne Klammer noch offen in der If-Anweisung eine Zeile darüber, deswegen kommt die Fehlermeldung.

Überprüf diese Zeile noch einmal. Welche Version vom Ctracker hast Du denn eingebaut? In der neuesten sehen die Zeilen anders aus.

Gruß,
Tekin

Slytherin · Beitrag von **Slytherin** » 12.03.2006 09:00

Inzwischen hab ich ein neues Problem, oben stehendes wurde gelöst.

Die Version, die ich einbaue, ist 4.1.1.
Das ist doch die neueste, oder?

Ausserdem geht mein Forum seit CTracker so langsam. Wenn ich das nicht bald gebacken kriege, deinstalliere ich das Zeug wieder...

Also, das neue Problem ...

Fehlermeldung:

Code: Alles auswählen

login.php

Betreffende Zeilen:

Code: Alles auswählen

		if( $row = $db->sql_fetchrow($result) )
		{
			if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
			{
				redirect(append_sid("index.$phpEx", true));
			}
			else
			{
				if( md5($password) == $row['user_password'] && $row['user_active'] )
				{
					$autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;

					$admin = (isset($HTTP_POST_VARS['admin'])) ? 1 : 0;
					$session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin, $admin);
					$db->sql_query('UPDATE ' . USERS_TABLE . ' SET ct_logintry = 0 WHERE user_id = ' . $row['user_id']);

					if( $session_id )
					{
						$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
						redirect(append_sid($url, true));
					}
					else
					{
						message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
					}
				}
				else
				{
					if ($row['user_id'] != ANONYMOUS)
					{
						$sql = 'UPDATE ' . USERS_TABLE . '
							SET ct_logintry = 1
							WHERE user_id = ' . $row['user_id'];
						$db->sql_query($sql);
					}
					$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : '';
					$redirect = str_replace('?', '&', $redirect);

					$template->assign_vars(array(
						'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
					);

					$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

					message_die(GENERAL_MESSAGE, $message);
				}
			}
		}
		else
		{
					if ($row['user_id'] != ANONYMOUS)
					{
						$sql = 'UPDATE ' . USERS_TABLE . '
							SET ct_logintry = 1
							WHERE user_id = ' . $row['user_id'];
						$db->sql_query($sql);
					}
			$redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "";
			$redirect = str_replace("?", "&", $redirect);

			if (strstr(urldecode($redirect), "\n") || strstr(urldecode($redirect), "\r"))
			{
				message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
			}

			$template->assign_vars(array(
				'META' => "<meta http-equiv=\"refresh\" content=\"3;url=login.$phpEx?redirect=$redirect\">")
			);

			$message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], "<a href=\"login.$phpEx?redirect=$redirect\">", '</a>') . '<br /><br />' .  sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');

			message_die(GENERAL_MESSAGE, $message);
		}
	}

Unterste Zeile ist die gesuchte Zeile 237 !