IanM
06-30-2006, 04:24 PM
Hi all
I'm trying to work out how to use the vBulletin members table to authenticate and then pass this data via a session.
I have a script which is completely seperate to vB, but it currently uses phpBB members to log in.
The code I use for this is:
if( FORUM_BOARD == 'PHPBB' )
{
$username = isset($_POST['username']) ? trim(htmlspecialchars($_POST['username'])) : '';
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$password = isset($_POST['password']) ? $_POST['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . PHPBB_USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
$result = $sys->ExecSQL( $sql );
if( $row = mysql_fetch_array($result) )
{
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$session->Put('userid',intval($row['user_id']));
$session->Put('logged',1);
$session->Put('username',$row['username']);
$session->Store();
}
else
$errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';
}
else
$errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';
}
What effectively happens is that when a user logs in, it takes the user_id key in both tables to allow the user to then perform another task in the seperate script.
This works fine.
However, I'm struggling doing this with vBulletin.
I currently have:
if( FORUM_BOARD == 'vB' )
{
$username = addslashes($_POST ['username']); // username
$password = addslashes($_POST ['password']); // password
// Convert the password entered into the fancy vBulletin code
$newpassword = md5(md5($password) . $userinfo['salt']);
$sql = "SELECT userid, username, password
FROM " . vB_USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
$result = $sys->ExecSQL( $sql );
if( $row = mysql_fetch_array($result) )
{
if( md5(password) == $row['newpassword'] )
{
$session->Put('userid',intval($row['user_id']));
$session->Put('logged',1);
$session->Put('username',$row['username']);
$session->Store();
}
else
$errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';
}
else
$errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';
}
Can anyone point me in the right direction.
The code listed here doesnt even authenticate, I'm struggling with the MD5 encryption I think.
Many thanks,
Ian
I'm trying to work out how to use the vBulletin members table to authenticate and then pass this data via a session.
I have a script which is completely seperate to vB, but it currently uses phpBB members to log in.
The code I use for this is:
if( FORUM_BOARD == 'PHPBB' )
{
$username = isset($_POST['username']) ? trim(htmlspecialchars($_POST['username'])) : '';
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$password = isset($_POST['password']) ? $_POST['password'] : '';
$sql = "SELECT user_id, username, user_password, user_active, user_level
FROM " . PHPBB_USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
$result = $sys->ExecSQL( $sql );
if( $row = mysql_fetch_array($result) )
{
if( md5($password) == $row['user_password'] && $row['user_active'] )
{
$session->Put('userid',intval($row['user_id']));
$session->Put('logged',1);
$session->Put('username',$row['username']);
$session->Store();
}
else
$errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';
}
else
$errors[] = 'You have specified an incorrect or inactive username, or an invalid password.';
}
What effectively happens is that when a user logs in, it takes the user_id key in both tables to allow the user to then perform another task in the seperate script.
This works fine.
However, I'm struggling doing this with vBulletin.
I currently have:
if( FORUM_BOARD == 'vB' )
{
$username = addslashes($_POST ['username']); // username
$password = addslashes($_POST ['password']); // password
// Convert the password entered into the fancy vBulletin code
$newpassword = md5(md5($password) . $userinfo['salt']);
$sql = "SELECT userid, username, password
FROM " . vB_USERS_TABLE . "
WHERE username = '" . str_replace("\\'", "''", $username) . "'";
$result = $sys->ExecSQL( $sql );
if( $row = mysql_fetch_array($result) )
{
if( md5(password) == $row['newpassword'] )
{
$session->Put('userid',intval($row['user_id']));
$session->Put('logged',1);
$session->Put('username',$row['username']);
$session->Store();
}
else
$errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';
}
else
$errors[] = 'You have specified an incorrect or inactive VB username, or an invalid password.';
}
Can anyone point me in the right direction.
The code listed here doesnt even authenticate, I'm struggling with the MD5 encryption I think.
Many thanks,
Ian