Announcement

Collapse
No announcement yet.

Authenticate against VBulletin database?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticate against VBulletin database?

    Can a third party application (written in ColdFusion) authenticate user logins against the VBulletin database? I assume passwords are encrypted - is the hashing algorithm available so that another app can authenticate?

    Also, is it conceivable to have an outside app create the VBulletin user? Would it be a fairly simple matter of doing a SQL insert, then have VBulletin send an email and confirm the signup?

  • #2
    Yep you can authenticate against it, I'm doing it right now on Ramprage.com
    The passwords are MD5 encrypted.

    Just do an insert to the users table to create a new user.
    WebHostGear.com - Server Tutorials, Web Server Guides, Hosting Tutorials
    As seen in Ping Zine Magazine
    Preventing Brute Force Attacks | APF Firewall Install Guide |Cpanel FTP Backup Script Now Available!

    Comment


    • #3
      Originally posted by ramprage
      Yep you can authenticate against it, I'm doing it right now on Ramprage.com
      The passwords are MD5 encrypted.

      Just do an insert to the users table to create a new user.
      Thanks. I'm wondering if I can take it a step further...

      Not only would I like our site and forum users to have a single username & password, I'd also like to have a single login such that if someone logs into, say, the "reviews" application that I've written, then they'd also be logged into the VBulleten forums. And vice versa - if they log into VBulletin, then I'd like them logged in across our entire site.

      I believe VBulletin's authentication is cookie based. Could I just access the cookie from another application? Does this sound doable?

      Comment


      • #4
        Its very doable, actually I'm working on setting this up on my site right now.
        Currently I have it so the admin section logs in via sessions against the forums database but you CAN use vbulletins built in authentication management. There are some posts around about this for logging into vb on a non vb page.
        WebHostGear.com - Server Tutorials, Web Server Guides, Hosting Tutorials
        As seen in Ping Zine Magazine
        Preventing Brute Force Attacks | APF Firewall Install Guide |Cpanel FTP Backup Script Now Available!

        Comment


        • #5
          I use the vbulletin user database for everything I do, for some things I just do a simple cookie check, if not show them the a log in - which you just have redirect back to that page after log in.

          You can also set up a registration form that is off the forums, and as simple as you can create a webpage with a form in it that has nothing to do with vB, have a registration screen that goes into the vB database, but for all the world looks like it is not - same with the log in - no rule says that you need to redirect them to the forums to log in - just show the two fields and the rest of what is needed (get from the actual log in page) in any look - and if need be just copy the the login.php to signin.php and change the templates it calls for the redirect back (or just put in a generic one all together)

          Most think of it all as vBulletin - dont. The user table in mysql is just another table in another database on your server - obviously you dont want to modify data in it or other tables with out knowing what you are doing - but to grab info could never possibly hurt anything - I actually use the extra fields all the time for stuff unrelated to vb - just because its a simple place to store info for my users, and it would be dumb as hell to create a completely new usertable structure.

          Comment


          • #6
            I'm having real trouble with this... when I check the MD5 of my password against the password field in the user table they don't match! What's going on!?

            Comment


            • #7
              That's because the information provided is only partially correct.

              vB2 -> uses MD5 or

              PHP Code:
              md5($password); 

              vB3 -> Uses double MD5 with a salt hash. or

              PHP Code:
              md5(md5($password)), $salt
              ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
              Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

              Comment


              • #8
                I thought it was:
                PHP Code:
                md5(md5($password) . $salt

                Comment


                • #9
                  Originally posted by Sn2
                  I thought it was:
                  PHP Code:
                  md5(md5($password) . $salt
                  You might be right... not sure... I typed that based off the top of my head...
                  ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
                  Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

                  Comment


                  • #10
                    Originally posted by Sn2
                    I thought it was:
                    PHP Code:
                    md5(md5($password) . $salt
                    That's correct .

                    Edit: Ok, now you got me confused and I don't know if it's not md5(md5(password . salt)); .

                    Comment


                    • #11
                      it is
                      PHP Code:
                      md5(md5($password) . $salt); 
                      as stated above
                      Best Regards,
                      Andy Huang

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X