Announcement

Collapse
No announcement yet.

login page outside vbulletin - anyone done it in vb3?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • login page outside vbulletin - anyone done it in vb3?

    Has anyone knocked out a script yet that enables people to authenticate their accounts outside of vbulletin forums? See attachment for the PHP script I used on vb2 and my main website. I can't get my head around the changes in vb3 to fix this... and it's annoying the hell out of me.

    Anyone want to give it a shot?
    Attached Files

  • #2
    The password hashing changed, if you didnt know (i didnt look at the code very throughly),

    To work out the password to compare in the database, it would be

    PHP Code:
    $hashedpword md5(md5($password) . $salt); 

    Comment


    • #3
      Thanks for the reply but it still doesn't work.

      Comment


      • #4
        I made my own by redirecting the action to forumfolder/login.php

        and copied the HTML code from the forum index login box

        Comment


        • #5
          Originally posted by Junkyard Willy
          Thanks for the reply but it still doesn't work.
          You need to get the salt from the database, it is different for each user.. (just covering that base)

          Comment


          • #6
            The salt is in $bbuserinfo....

            You just need to copy the code from the forumhome or the navbar login box.

            Comment


            • #7
              Originally posted by squall14716
              The salt is in $bbuserinfo....

              You just need to copy the code from the forumhome or the navbar login box.
              Saying "You just need to copy the code..." sure SOUNDS easy enough, but I've just wasted two hours trying to do that without success. The module I'm trying to implement is a Perl program designed to integrate ImageFolio's membership registration and validation with a mySQL member database. It involves NO changes to vB at all -- only a special replacement MySQL login module in ImageFolio. It works fine with vB2 and it ALMOST works with vB3. It successfully logs into mySQL, finds the vB3 forums database and the user table and locates the individual member's record but fails because of this double-encryption and password salting scheme.

              The problem seems to be that I don't know QUITE enough about the crossover coding differences between PHP and Perl to figure out how to make the double-encryption and password salting work in ImageFolio's Perl module.

              I can supply a copy of the problematical Perl module AND point you to the test module they provide as well. Is anyone here willing to tackle this mod for me? I'm willing to listen to any reasonable proposal...
              Last edited by websissy; Sat 4 Oct '03, 11:34am.

              Comment


              • #8
                Originally posted by merk
                You need to get the salt from the database, it is different for each user.. (just covering that base)
                I still can't get the very basic authentication to work from that script I posted in the first thread. I'm sure I'm missing something dead easy. How much time do you think it would take someone to correct the code to work with vb3? I'm willing to pay.

                Comment


                • #9
                  To get vB support on these forums you first need to register for Priority Forum Support. To do this, please click HERE and enter your email address in one of the boxes. You'll need to have your customer number and password to access the page.

                  If you still have problems after doing this, send an email to [email protected]. Please include your user name, then email address you registered with and your customer number so we can fix the problem.
                  Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                  Change CKEditor Colors to Match Style (for 4.1.4 and above)

                  Steve Machol Photography


                  Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                  Comment


                  • #10
                    Sorry Steve, it's done now.

                    Hopefully someone will be able to reply to my last message and maybe help.

                    Comment


                    • #11
                      Thanks!
                      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
                      Change CKEditor Colors to Match Style (for 4.1.4 and above)

                      Steve Machol Photography


                      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


                      Comment


                      • #12
                        You have to modify the script:

                        It might not work, i havent tested it, and i normally use vBulletins db_site instead of creating my own connections so im rusty on connections using this method. You should look at re-writing it to use vBulletins functions!

                        PHP Code:
                        <?php 

                        $checkservername 
                        "localhost";   // hostname or ip of server

                        $dbcheckusername "";    // user name

                        $dbcheckpassword "";     // user password

                        $dbcheckbase     "";     // name of database

                        $encryptedpw   true;    // encrypted (md5) passwords on/off (true/false)

                         

                        $realm "This area is for registered members only!";

                        if (isset(
                        $username) && isset($password)) { 
                            
                        // Connect to MySQL 
                            
                        mysql_connect$checkservername$dbcheckusername$dbcheckpassword 
                                or die ( 
                        'Unable to connect to server.' ); 

                            
                        // Select database on MySQL server 
                            
                        mysql_select_db$dbcheckbase 
                                or die ( 
                        'Unable to select database.' ); 

                            
                        // Formulate the query 

                        # Vbulletin GROUP ID's 

                        # default setting = Admin & Jnr Admin
                        #
                        # 1  Unregistered / Not Logged In
                        # 2  Registered
                        # 3  Users Awaiting Email Confirmation
                        # 4  (COPPA) Users Awaiting Moderation
                        # 5  JNR Admin
                        # 6  Administrator
                        # 7  Moderators
                        # 8  Banned
                        # 9  Moderated
                        # 10 Gold Member
                        # 11 Platinum Member

                            // Formulate the query 

                            
                        $sql "SELECT * FROM user WHERE 
                                    username = '
                        $username' AND 
                                    (usergroupid = '6' or usergroupid = '2' or usergroupid = '7' or usergroupid = '5') "


                            
                        // Execute the query and put results in $result 

                            
                        $result mysql_query$sql 
                                or die ( 
                        'Unable to execute query.' ); 
                         
                        $res mysql_fetch_array($result);

                            if (
                        md5(md5($password) . $res['salt'])) { 

                            
                        // A matching row was found - the user is authenticated.
                            
                        $user_reg $username;
                            
                        session_register("user_reg");

                            print 
                        "You have logged in!";

                            } else {

                        print 
                        "Your password is not correct";

                        session_unregister("user_reg");

                        }

                        }

                        ?>

                        Comment


                        • #13
                          Originally posted by merk
                          You have to modify the script:

                          It might not work, i havent tested it, and i normally use vBulletins db_site instead of creating my own connections so im rusty on connections using this method. You should look at re-writing it to use vBulletins functions!
                          Thanks for trying but it doesn't work. Whatever username or password is entered, it grants them members access (whether the username is in the database or not)... I actually cannot see anywhere in the code where we're checking the password they entered against what's in the database.

                          Comment


                          • #14
                            PHP Code:

                                
                            if (md5(md5($password) . $res['salt'])) { 

                            Comment


                            • #15
                              Originally posted by merk
                              PHP Code:
                               
                                  
                              if (md5(md5($password) . $res['salt'])) { 
                              damn im stupid

                              replace that line with

                              PHP Code:
                                  if (md5(md5($password) . $res['salt']) == $res['password']) { 

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X