tam2000k2
09-14-2007, 06:59 PM
I posted the following on vBulletin.com and they suggested to post it here:
Hi Everyone,
I am somewhat new to vBulletin and Moveable Type technologies, but I have been involved with the web since 1994. So, I'm pretty good with catching on, but I need your assistance.
I hope someone can help me with my understanding of this function.
I am one of the administrators for forums.tvgasm.com and I also maintain tvgasm.com. As mentioned above, I am new to both types of web technologies.
In trying to use one of the tables of the database, namely the table tvgvbuser within the database forumdb, which holds usernames and passwords, among other information, but the passwords are encrypted.
Since we were having issues with typekey authentication systems and we have over 100,000 readers, we grew tired of the issues associated with that login system. Naturally we thought, we already have a log in system and our readers have accounts within our forums section, why not use what we have and, at the same time, not loose this huge audience.
I understand that the "md5" system of encrypting a word is being used for the passwords, but I do not know how to compare the password that the user types in, from the password in the table.
I have tried the following AJAX code:
var user = document.getElementById('navbar_username').value;
var pass = document.getElementById('navbar_password').value;
var vb_login_md5password = document.getElementById('vb_login_md5password').va lue;
var vb_login_md5password_utf = document.getElementById('vb_login_md5password_utf' ).value;
var s = document.getElementById('s').value;
// Open PHP script for requests -- phpscript2 is a pre-defined php file
http.open('post', phpscript2);
http.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
http.onreadystatechange = handleResponsePost;
http.send('username='+ user +'&password='+ md5hash(pass,vb_login_md5password, vb_login_md5password_utf, 0));
The username and password are sent to a php file which then executes a simple SQL string:
$query = mysql_query("SELECT * FROM tvgvbuser WHERE username='". $username ."' AND password='". $password ."'");
My php file simply determines if it was successful or not, followed by echoing a statement to that affect.
But I receive an error from the JavaScript Console of my browser that "s" is not defined.
I know that since I am not calling these functions from within the forums section and, instead from within tvgasm.com, that this would probably not work.
I do realize that there has been a great deal of effort in creating an entire system and that I am only trying to use a small portion of that system, outside it's natural environment.
So, my ultimate question is -- is there a simple way to query this table using the natural password that the user types in and there by allowing us to continue to use the resource that we have available.
Here is a link to an example of what my code is attempting to do -- http://beta.tvgasm.com/shows/login3.htm
When you enter a registered username and click within the password text field, it automatically checks to see if this username is legit and responds accordingly.
However, sending an SQL string for the password is another issue and that's what I need assistance with your expertise.
Thanks in advance,
Tarik (Kronus)
Hi Everyone,
I am somewhat new to vBulletin and Moveable Type technologies, but I have been involved with the web since 1994. So, I'm pretty good with catching on, but I need your assistance.
I hope someone can help me with my understanding of this function.
I am one of the administrators for forums.tvgasm.com and I also maintain tvgasm.com. As mentioned above, I am new to both types of web technologies.
In trying to use one of the tables of the database, namely the table tvgvbuser within the database forumdb, which holds usernames and passwords, among other information, but the passwords are encrypted.
Since we were having issues with typekey authentication systems and we have over 100,000 readers, we grew tired of the issues associated with that login system. Naturally we thought, we already have a log in system and our readers have accounts within our forums section, why not use what we have and, at the same time, not loose this huge audience.
I understand that the "md5" system of encrypting a word is being used for the passwords, but I do not know how to compare the password that the user types in, from the password in the table.
I have tried the following AJAX code:
var user = document.getElementById('navbar_username').value;
var pass = document.getElementById('navbar_password').value;
var vb_login_md5password = document.getElementById('vb_login_md5password').va lue;
var vb_login_md5password_utf = document.getElementById('vb_login_md5password_utf' ).value;
var s = document.getElementById('s').value;
// Open PHP script for requests -- phpscript2 is a pre-defined php file
http.open('post', phpscript2);
http.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
http.onreadystatechange = handleResponsePost;
http.send('username='+ user +'&password='+ md5hash(pass,vb_login_md5password, vb_login_md5password_utf, 0));
The username and password are sent to a php file which then executes a simple SQL string:
$query = mysql_query("SELECT * FROM tvgvbuser WHERE username='". $username ."' AND password='". $password ."'");
My php file simply determines if it was successful or not, followed by echoing a statement to that affect.
But I receive an error from the JavaScript Console of my browser that "s" is not defined.
I know that since I am not calling these functions from within the forums section and, instead from within tvgasm.com, that this would probably not work.
I do realize that there has been a great deal of effort in creating an entire system and that I am only trying to use a small portion of that system, outside it's natural environment.
So, my ultimate question is -- is there a simple way to query this table using the natural password that the user types in and there by allowing us to continue to use the resource that we have available.
Here is a link to an example of what my code is attempting to do -- http://beta.tvgasm.com/shows/login3.htm
When you enter a registered username and click within the password text field, it automatically checks to see if this username is legit and responds accordingly.
However, sending an SQL string for the password is another issue and that's what I need assistance with your expertise.
Thanks in advance,
Tarik (Kronus)