PDA

View Full Version : Checking user credentials


sebiv
04-28-2005, 04:14 AM
I'm currently using the Absolut Engine (www.absolutengine.com) script on my website for posting news stories. The script has a function to leave user comments, but it seems very insecure. I want to edit the script so it checks the user/pass provided against my vbulletin database, instead of letting any person post, but I have no idea how.

Right now the commenting works via a html form which sends info to a seperate PHP file (guestmodify.php) - guestmodify.php adds the information to the news database and returns the user to the story they were reading. What code do I need to add to get guestmodify to check the forum database for correct username/password? (my php skills are limited).

Something along the lines of: if the forum database returns a true for user verification, guestmodify.php proceeds as normal otherwise the user is redirected to the forum error page".


Other things I was looking at (but aren't necessary):
- having the database query also return the user ID, so I can provide a link to their forum profile page
- if the user is already logged in (and cookie active), have the html form for submitting comments automatically complete the user/pass fields (or not include them at all).
- having guestmodify check if the user is banned, and denying access if they are

Any assistance would be greatly appreciated!