Hi, im have a website, is: http://tinyurl.com/lu3bc8 The problem is, when a user try to change his password, change, but encrypt the password in other language not md5 hash, here the code: <?php if(!defined('DATALIFEENGINE')) { die("Hacking attempt!"); } include_once ENGINE_DIR.'/classes/parse.class.php'; //#################################################################################################################### // attmp3.com //#################################################################################################################### if($allow_userinfo AND $doaction == "adduserinfo"){ if ($_POST['dle_allow_hash'] == "" OR $_POST['dle_allow_hash'] != $dle_login_hash) { die("Hacking attempt! User ID not valid"); } $parse = new ParseFilter(); $parse->safe_mode = true; $parse->allow_url = $user_group[$member_id['user_group']]['allow_url']; $stop = false; $password1 = $db->safesql($parse->process($_POST['password1'])); $password2 = $db->safesql($parse->process($_POST['password2'])); $altpass = md5($_POST['altpass']); $info = $db->safesql($parse->BB_Parse($parse->process($_POST['info']), false)); $email = $db->safesql($parse->process($_POST['email'])); $fullname = $db->safesql($parse->process($_POST['fullname'])); $land = $db->safesql($parse->process($_POST['land'])); $icq = intval($_POST['icq']); if (!$icq) $icq = ""; $allowed_ip = str_replace("\r", "", trim($_POST['allowed_ip'])); $allowed_ip = str_replace("\n", "|", $allowed_ip); $allowed_ip = $db->safesql($parse->process($allowed_ip)); $row = $db->super_query("SELECT * FROM " . USERPREFIX . "_users WHERE name = '$user'"); $xfieldsid = stripslashes ($row['xfields']); if ($user_group[$row['user_group']]['allow_signature']) $signature = $db->safesql($parse->BB_Parse($parse->process($_POST['signature']), false)); else $signature = ""; $image = $_FILES['image']['tmp_name']; $image_name = $_FILES['image']['name']; $image_size = $_FILES['image']['size']; $img_name_arr = explode(".",$image_name); $type = end($img_name_arr); if($image_name != "") $image_name = totranslit(stripslashes($img_name_arr[0])).".".totranslit($type); if (!$is_logged OR !($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) { $stop = $lang['news_err_13'];} if (is_uploaded_file($image) AND !$stop) { if ($image_size < 100000) { $allowed_extensions = array("jpg", "png", "jpe", "jpeg", "gif"); if ((in_array($type, $allowed_extensions) or in_array(strtolower($type), $allowed_extensions)) and $image_name) { include_once ENGINE_DIR.'/inc/makethumb.php'; $res = @move_uploaded_file($image, ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type); if ($res) { @chmod(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, 0666); $thumb=new thumbnail(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type); if ($thumb->size_auto($user_group[$member_id['user_group']]['max_foto'])) { $thumb->jpeg_quality($config['jpeg_quality']); $thumb->save(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type); } else { @rename(ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type, ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type); } @chmod(ROOT_DIR."/uploads/fotos/foto_".$row['user_id'].".".$type, 0666); $foto_name = "foto_".$row['user_id'].".".$type; $db->query("UPDATE " . USERPREFIX . "_users set foto='$foto_name' where name='$user'"); } else $stop .= $lang['news_err_14']; } else $stop .= $lang['news_err_15']; } else $stop .= $lang['news_err_16']; @unlink (ROOT_DIR."/uploads/fotos/".$row['user_id'].".".$type); } if ($_POST['del_foto'] == "yes") { @unlink (ROOT_DIR."/uploads/fotos/".$row['foto']); $db->query("UPDATE " . USERPREFIX . "_users set foto='' WHERE name='$user'"); } if (strlen($password1)>0){ //$altpass = md5($altpass); if ($altpass!=$member_id['password']) { $stop .= $lang['news_err_17']; } if ($password1!=$password2) { $stop .= $lang['news_err_18']; } if (strlen($password1) < 6) { $stop .= $lang['news_err_19']; } } if ((!ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'.'[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.'.'[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $email)) or (empty($email))) { $stop .= $lang['news_err_21']; } if (strlen($info) > 1000) { $stop .= $lang['news_err_22']; } if (strlen($signature) > 1000) { $stop .= $lang['news_err_22']; } if (strlen($fullname) > 100) { $stop .= $lang['news_err_23']; } if (strlen($land) > 100) { $stop .= $lang['news_err_24']; } if (strlen($icq) > 20) { $stop .= $lang['news_err_25']; } $db->query ("SELECT name FROM " . USERPREFIX . "_users where email = '$email' AND name != '$user'"); if ($db->num_rows()) { $stop .= $lang['reg_err_8']; } $db->free(); if ($stop){ msgbox ($lang['all_err_1'], $stop);} else { if ($_POST['allow_mail']) {$allow_mail = 0;} else {$allow_mail = 1;} $xfieldsaction = "init"; $xfieldsadd = false; include(ENGINE_DIR.'/inc/userfields.php'); $filecontents = array (); if (!empty($postedxfields)) { foreach ($postedxfields as $xfielddataname => $xfielddatavalue) { if (!$xfielddatavalue) { continue;} $xfielddatavalue = $db->safesql($parse->BB_Parse($parse->process($xfielddatavalue), false)); $xfielddataname = $db->safesql($xfielddataname); $xfielddataname = str_replace("|", "|", $xfielddataname); $xfielddatavalue = str_replace("|", "|", $xfielddatavalue); $filecontents[] = "$xfielddataname|$xfielddatavalue"; } $filecontents = implode("||", $filecontents); } else $filecontents = ''; if (strlen($password1)>0) { $password1 = md5(md5($password1)); $sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', password='$password1', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'"; } else { $sql_user = "UPDATE " . USERPREFIX . "_users set fullname='$fullname', land='$land', icq='$icq', email='$email', info='$info', signature='$signature', allow_mail='$allow_mail', xfields='$filecontents', allowed_ip='$allowed_ip' where name='$user'"; } $db->query($sql_user); } } //#################################################################################################################### // Ãðîñìîòð ïðîôèëÿ ïîëüçîâà òåëÿ //#################################################################################################################### $parse = new ParseFilter(); $user_found = FALSE; $sql_result = $db->query("SELECT * FROM " . USERPREFIX . "_users where name = '$user'"); $tpl->load_template('userinfo.tpl'); while($row = $db->get_row($sql_result)){ $user_found = TRUE; if ($row['banned'] == 'yes') $user_group[$row['user_group']]['group_name'] = $lang['user_ban']; if ($row['allow_mail']){ $email = explode("@", $row['email'], 2); $tpl->set('{email}', "<a href=\"$PHP_SELF?do=feedback&user=$row[user_id]\">".$lang['news_mail']."</a>"); } else { $tpl->set('{email}', $lang['news_nomail'], $output); } $tpl->set('{pm}', "<a href=\"$PHP_SELF?do=pm&doaction=newpm&user=".$row['user_id']."\">".$lang['news_pmnew']."</a>"); if (!$row['allow_mail']) $mailbox = "checked"; else $mailbox = ""; if ($row['foto'] AND (file_exists(ROOT_DIR."/uploads/fotos/".$row['foto']))) $tpl->set('{foto}', $config['http_home_url']."uploads/fotos/".$row['foto']); else $tpl->set('{foto}', "{THEME}/images/noavatar.png"); $tpl->set('{hidemail}', "<input type=\"checkbox\" name=\"allow_mail\" value=\"1\" ".$mailbox."> ".$lang['news_noamail']); $tpl->set('{usertitle}', stripslashes($row['name'])); $tpl->set('{fullname}', stripslashes($row['fullname'])); $tpl->set('{icq}', stripslashes($row['icq'])); $tpl->set('{land}', stripslashes($row['land'])); $tpl->set('{info}', stripslashes($row['info'])); $tpl->set('{editmail}', stripslashes($row['email'])); $tpl->set('{comm_num}', $row['comm_num']); $tpl->set('{news_num}', $row['news_num']); $tpl->set('{song_num}', $row['song']); $tpl->set('{playlist_num}', $row['playlist']); $tpl->set('{blog_num}', $row['blog']); $tpl->set('{album_num}', $row['album']); $tpl->set('{status}', stripslashes($user_group[$row['user_group']]['group_name'])); $tpl->set('{rate}', userrating ($row['name'])); $tpl->set('{registration}', langdate("j F Y H:i", $row['reg_date'])); $tpl->set('{lastdate}', langdate("j F Y H:i", $row['lastdate'])); if($config['allow_alt_url'] == 'yes'){ $tpl->set('{usermusic}',$config['http_home_url'].stripslashes($row['name']).'/music/'); $tpl->set('{userplaylist}',$config['http_home_url'].stripslashes($row['name']).'/playlist/page/1'); }else { $tpl->set('{usermusic}',$config['http_home_url'].'?do=mp3search&load=membersong&user='.stripslashes($row['name'])); $tpl->set('{userplaylist}',$config['http_home_url'].'?do=mp3search&key=playlist&page=1&type=playlist&thuy='.stripslashes($row['name'])); } if ($user_group[$row['user_group']]['icon']) $tpl->set('{group-icon}', "<img src=\"".$user_group[$row['user_group']]['icon']."\" border=\"0\" />"); else $tpl->set('{group-icon}', ""); if ($is_logged AND $user_group[$row['user_group']]['time_limit'] AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] < 3)) { $tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si","\\1"); if ($row['time_limit']) { $tpl->set('{time_limit}', langdate("j F Y H:i", $row['time_limit'])); } else { $tpl->set('{time_limit}', $lang['no_limit']); } } else { $tpl->set_block("'\\[time_limit\\](.*?)\\[/time_limit\\]'si",""); } $_IP = $db->safesql($_SERVER['REMOTE_ADDR']); $tpl->set('{ip}', $_IP); $tpl->set('{allowed-ip}', stripslashes( str_replace("|", "\n", $row['allowed_ip']) ) ); $tpl->set('{editinfo}', $parse->decodeBBCodes($row['info'], false)); if ($user_group[$row['user_group']]['allow_signature']) $tpl->set('{editsignature}', $parse->decodeBBCodes($row['signature'], false)); else $tpl->set('{editsignature}', $lang['sig_not_allowed']); $tpl->set('{comments}', "<a href=\"$PHP_SELF?do=lastcomments&userid=".$row['user_id']."\">".$lang['last_comm']."</a>"); if ($config['allow_alt_url'] == "yes") { $tpl->set('{news}', "<a href=\"".$config['http_home_url']."user/".urlencode($row['name'])."/news/"."\">".$lang['all_user_news']."</a>"); } else { $tpl->set('{news}', "<a href=\"".$PHP_SELF."?subaction=allnews&user=".urlencode($row['name'])."\">".$lang['all_user_news']."</a>"); } if ($row['signature'] AND $user_group[$row['user_group']]['allow_signature']) { $tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si","\\1"); $tpl->set('{signature}', stripslashes($row['signature'])); } else { $tpl->set_block("'\\[signature\\](.*?)\\[/signature\\]'si",""); } $xfieldsaction = "list"; $xfieldsadd = false; $xfieldsid = $row['xfields']; include(ENGINE_DIR.'/inc/userfields.php'); $tpl->set('{xfields}',$output); // Îáðà áîòêà äîïîëÃèòåëüÃûõ ïîëåé $xfieldsdata = xfieldsdataload ($row['xfields']); foreach ($xfields as $value) { $preg_safe_name = preg_quote($value[0], "'"); if ($value[5] != 1 OR ($is_logged AND $member_id['user_group'] == 1) OR ($is_logged AND $member_id['user_id'] == $row['user_id'])) { if (empty($xfieldsdata[$value[0]])) { $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template); } else { $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "\\1", $tpl->copy_template); } $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", stripslashes($xfieldsdata[$value[0]]), $tpl->copy_template); } else { $tpl->copy_template = preg_replace("'\\[xfgiven_{$preg_safe_name}\\](.*?)\\[/xfgiven_{$preg_safe_name}\\]'is", "", $tpl->copy_template); $tpl->copy_template = preg_replace("'\\[xfvalue_{$preg_safe_name}\\]'i", "", $tpl->copy_template); } } // Îáðà áîòêà äîïîëÃèòåëüÃûõ ïîëåé if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) { $tpl->set('{edituser}',"[ <a href=\"javascript:ShowOrHide('options')\">".$lang['news_option']."</a> ]"); } else $tpl->set('{edituser}', ""); if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) { $tpl->set('[not-logged]',""); $tpl->set('[/not-logged]',""); } else $tpl->set_block("'\\[not-logged\\](.*?)\\[/not-logged\\]'si","<!-- profile -->"); if ($config['allow_alt_url'] == "yes") $link_profile = $config['http_home_url']."user/".urlencode($row['name'])."/"; else $link_profile = $PHP_SELF."?subaction=userinfo&user=".urlencode($row['name']); if ($is_logged AND ($member_id['user_id'] == $row['user_id'] OR $member_id['user_group'] == 1)) { $tpl->copy_template = "<form method=\"post\" name=\"userinfo\" id=\"userinfo\" enctype=\"multipart/form-data\" action=\"{$link_profile}\">".$tpl->copy_template." <input type=\"hidden\" name=\"doaction\" value=\"adduserinfo\" /> <input type=\"hidden\" name=\"dle_allow_hash\" value=\"{$dle_login_hash}\" /> </form>"; } $tpl->compile('content'); } $tpl->clear(); $db->free($sql_result); if ($user_found == FALSE) { $allow_active_news = false; msgbox ($lang['all_err_1'], $lang['news_err_26']); } ?> PHP: so how i can fix that? because when a user change his password, later they cant enter with the old, and with the new password, and the password in the db encript in other encryption language, i need encrypt in md5. thanks, i hope somebody can helpme
I'm not quite sure what you are asking but it appears that the passwords being stored in the database are not a pure md5 hash. That is probably because of this line: $password1 = md5(md5($password1)); PHP: Which occurs about in the middle of your code. This will md5 encrypt your password twice before it is stored in the database which is probably why your old password comparison is not working when the user tries to change their password.