PDA

View Full Version : Reverse Authentication


iwpg
01-24-2010, 06:20 PM
Hello!

I am having a very difficult time with authentication running on 2 platforms, Vbulletin, and DZOIC Handshakes.

Hoping that someone could come up with a MOD to use dzoic's login credentials (instead of Vbulletin's) based on cookies. Authentication would check dzoic's database, not vbulletin's for proper login.

Example pages:
http://www.financeglobe.com/SocialNet/forum/
http://www.financeglobe.com/SocialNet/

Many thanks,

Mike

--------------- Added 1264365448 at 1264365448 ---------------

I forgot to tell everyone how it is currently running:

The user will login to the dzoic script, and that stores a cookie for the credentials, and loads the login.php for the forum, and logs the user in for vbulletin.

The issue with this is that changing passwords has been a headache, as well as having 2 different login cookies makes it very difficult to manage. At times, the forum will log the user out because a session or cookie expired, while keeping the user logged into dzoic. This makes the user logged into one, but not the other.

iwpg
01-26-2010, 11:55 PM
This is what I have so far to log in to Vbulletin from an external script. The salt system is not working, not really sure how to put it together. Anyone please?

function vbulletin_login($values){

$email = $values["username"];
$password = $values["password"];

//Get the url parameters and then sql escape them to prevent sql injections
$userin = mysql_real_escape_string($email);
$passin = mysql_real_escape_string($password);

// Query to pull out the salt value for the given user
$fetchrows = mysql_query("select * from vbuser WHERE username ='$userin'");
$r = @mysql_fetch_array($fetchrows);
$userpass = $r["password"];
$userid = $r["userid"];
$substatus = $r["usergroupid"];
$salt = $r["salt"];
define('COOKIE_SALT', 'LICENSE KEY HERE');

$fetchrowss = mysql_query("select * from vbsession WHERE userid ='$userid'");
$s = @mysql_fetch_array($fetchrowss);
$sessionhash = $s["sessionhash"];

setcookie("fnfuserid", $userid, time()+(60*60*24*365), "/", ".financeglobe.com", 1);
setcookie("fnfpassword", md5($password . COOKIE_SALT), time()+(60*60*24*365), "/", ".financeglobe.com", 1);
setcookie("fnfsessionhash", $sessionhash, time()+(60*60*24*365), "/", ".financeglobe.com", 1);

}//vbulletin_login

iwpg
02-05-2010, 10:44 PM
Anybody please? :confused: