vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Login Verification Help (https://vborg.vbsupport.ru/showthread.php?t=146089)

ricc 04-30-2007 12:20 PM
Login Verification Help
 
Hey, just a short problem and i was wondering if anyone had any info



I use vbulletin as part of a larger site which requires members to login to areas of the site to play games etc, i previously used phpbb2 and it was easy enough to verify members from the forum database for identification using the inbuilt dreamweaver login script and slightly adapting it to understand the hashed members passwords



Code:


if (isset($_POST['myusername'])) {

  $loginUsername=$_POST['myusername'];

  $password=md5($_POST['mypassword']);


Unfortunatly, as vb is significantly more complex this is not the case and it will not work



Am i missing something glaringly obvious, like the hash code is different, or can it simply not be done for security reasons?

Dismounted 04-30-2007 12:21 PM
md5(md5($password . $salt))

ricc 04-30-2007 01:06 PM
What is the $salt bit at the end?

Dismounted 05-01-2007 07:13 AM
salt field in the user table. It is unique for each user.

clarke_kent 05-01-2007 03:19 PM
The $salt is a random 3 character string that is stored in the user table and is appended to the md5 hash of the password and then md5'd again.

byon 05-03-2007 05:18 AM
Quote:
Originally Posted by Dismounted (Post 1238166)
md5(md5($password . $salt))
sorry to jump track abit.
1. does this immediately give us the hash that matches what the database has, if the password is correct?
2. where can we find implementations of cookies/sessions through out the whole website?

Dismounted 05-03-2007 06:15 AM
1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)

byon 05-03-2007 08:03 AM
Quote:
Originally Posted by Dismounted (Post 1240398)
1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)
ill search for existing implementations on the board, hopefully there is.
thanks :)

ricc 05-10-2007 06:19 PM
Even after a week i am still having trouble with this problem, being a poor coder, i am using dreamweavers built in login wizard, it worked fine with phpbb2 but i am unable to get it to work with vbulletin. i have copied the code and highlighted the bits i have amended, but it still does not work, any help will be greatly appreciated

Code:

<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['myusername'])) {

  $loginUsername=$_POST['myusername'];

  $password=md5(md5($_POST['mypassword'].'salt'));

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "http://www.play4.net/login.php";

  $MM_redirectLoginFailed = "http://www.play4.net/forums";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_vb, $vb);



  $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s AND password=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));



  $LoginRS = mysql_query($LoginRS__query, $vb) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

    $loginStrGroup = "";



    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;     

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

?>

Zero Tolerance 05-10-2007 06:39 PM
Try this :)

PHP Code:
<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

$loginFormAction $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['myusername'])) {

  $loginUsername=$_POST['myusername'];

  $password=md5(md5($_POST['mypassword'].'salt'));

  $MM_fldUserAuthorization "";

  $MM_redirectLoginSuccess "http://www.play4.net/login.php";

  $MM_redirectLoginFailed "http://www.play4.net/forums";

  $MM_redirecttoReferrer false;

  mysql_select_db($database_vb$vb);



  $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s",

    GetSQLValueString($loginUsername"text")); 



  $LoginRS mysql_query($LoginRS__query$vb) or die(mysql_error());

  $loginFoundUser mysql_fetch_array($LoginRS);

  if ($loginFoundUser && (md5(md5($_POST['mypassword']) . $loginFoundUser['salt']) == $loginFoundUser['password'])) {

     $loginStrGroup "";



    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;       

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess $_SESSION['PrevUrl']; 

    }

    header("Location: " $MM_redirectLoginSuccess );

  }

  else {

    header("Location: "$MM_redirectLoginFailed );

  }

}

?>
- Zero Tolerance

ricc 05-12-2007 05:15 PM
You sir are a legend!

Worked perfectly

wcm 07-04-2007 02:46 PM
hmm, I can't this to work.
The script directs to the login.php page but the login.php seems to redirect straight away to the index page. I do not get logged in.

Any ideas?

nvm, this seem to be the reverse of what I want to do.
I want to be able to login from another page directly into VB with a click on a link.


https://vborg.vbsupport.ru/showthread.php?t=109372
The solution in the thread I posted used to work but not any more for some reason.

vbeval 07-20-2007 01:14 PM
Hi,

Did you manage to find a solution for this? I am still facing the same problem as well. Any help will be greatly appreciated.

Thank you


All times are GMT. The time now is 01:10 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04960 seconds
  • Memory Usage 1,755KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (13)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete