vb.org Archive - Login Verification Help

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)

- - Login Verification Help (https://vborg.vbsupport.ru/showthread.php?t=146089)

Login Verification Help

Hey, just a short problem and i was wondering if anyone had any info

I use vbulletin as part of a larger site which requires members to login to areas of the site to play games etc, i previously used phpbb2 and it was easy enough to verify members from the forum database for identification using the inbuilt dreamweaver login script and slightly adapting it to understand the hashed members passwords

Code:

 



if (isset($_POST['myusername'])) {



  $loginUsername=$_POST['myusername'];



  $password=md5($_POST['mypassword']);

Unfortunatly, as vb is significantly more complex this is not the case and it will not work

Am i missing something glaringly obvious, like the hash code is different, or can it simply not be done for security reasons?

md5(md5($password . $salt))

What is the $salt bit at the end?

salt field in the user table. It is unique for each user.

The $salt is a random 3 character string that is stored in the user table and is appended to the md5 hash of the password and then md5'd again.

Quote:

Originally Posted by Dismounted (Post 1238166)

md5(md5($password . $salt))

sorry to jump track abit.
1. does this immediately give us the hash that matches what the database has, if the password is correct?
2. where can we find implementations of cookies/sessions through out the whole website?

1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)

Quote:

Originally Posted by Dismounted (Post 1240398)

1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)

ill search for existing implementations on the board, hopefully there is.
thanks :)

Even after a week i am still having trouble with this problem, being a poor coder, i am using dreamweavers built in login wizard, it worked fine with phpbb2 but i am unable to get it to work with vbulletin. i have copied the code and highlighted the bits i have amended, but it still does not work, any help will be greatly appreciated

Code:



<?php



// *** Validate request to login to this site.



if (!isset($_SESSION)) {



  session_start();



}



$loginFormAction = $_SERVER['PHP_SELF'];



if (isset($_GET['accesscheck'])) {



  $_SESSION['PrevUrl'] = $_GET['accesscheck'];



}



if (isset($_POST['myusername'])) {



  $loginUsername=$_POST['myusername'];



  $password=md5(md5($_POST['mypassword'].'salt'));



  $MM_fldUserAuthorization = "";



  $MM_redirectLoginSuccess = "http://www.play4.net/login.php";



  $MM_redirectLoginFailed = "http://www.play4.net/forums";



  $MM_redirecttoReferrer = false;



  mysql_select_db($database_vb, $vb);







  $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s AND password=%s",



    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 







  $LoginRS = mysql_query($LoginRS__query, $vb) or die(mysql_error());



  $loginFoundUser = mysql_num_rows($LoginRS);



  if ($loginFoundUser) {



     $loginStrGroup = "";







    //declare two session variables and assign them



    $_SESSION['MM_Username'] = $loginUsername;



    $_SESSION['MM_UserGroup'] = $loginStrGroup;       



    if (isset($_SESSION['PrevUrl']) && false) {



      $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 



    }



    header("Location: " . $MM_redirectLoginSuccess );



  }



  else {



    header("Location: ". $MM_redirectLoginFailed );



  }



}



?>

Try this :)

PHP Code:


		
			
<?php



// *** Validate request to login to this site.



if (!isset($_SESSION)) {



  session_start();



}



$loginFormAction = $_SERVER['PHP_SELF'];



if (isset($_GET['accesscheck'])) {



  $_SESSION['PrevUrl'] = $_GET['accesscheck'];



}



if (isset($_POST['myusername'])) {



  $loginUsername=$_POST['myusername'];



  $password=md5(md5($_POST['mypassword'].'salt'));



  $MM_fldUserAuthorization = "";



  $MM_redirectLoginSuccess = "http://www.play4.net/login.php";



  $MM_redirectLoginFailed = "http://www.play4.net/forums";



  $MM_redirecttoReferrer = false;



  mysql_select_db($database_vb, $vb);







  $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s",



    GetSQLValueString($loginUsername, "text")); 







  $LoginRS = mysql_query($LoginRS__query, $vb) or die(mysql_error());



  $loginFoundUser = mysql_fetch_array($LoginRS);



  if ($loginFoundUser && (md5(md5($_POST['mypassword']) . $loginFoundUser['salt']) == $loginFoundUser['password'])) {



     $loginStrGroup = "";







    //declare two session variables and assign them



    $_SESSION['MM_Username'] = $loginUsername;



    $_SESSION['MM_UserGroup'] = $loginStrGroup;       



    if (isset($_SESSION['PrevUrl']) && false) {



      $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 



    }



    header("Location: " . $MM_redirectLoginSuccess );



  }



  else {



    header("Location: ". $MM_redirectLoginFailed );



  }



}



?>

- Zero Tolerance

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (1)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01038 seconds Memory Usage 1,759KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (1)bbcode_php_printable (2)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: