vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Making a separate login system (https://vborg.vbsupport.ru/showthread.php?t=215896)

THE UNCEN 06-11-2009 06:47 AM
Making a separate login system
 
I'm making a separate login system. Can someone briefly explain to me how the vbulletin system checks passwords?

Dismounted 06-11-2009 07:42 AM
Passwords in the database are hashed like so:
PHP Code:
$password md5(md5($plaintext) . $salt); 

THE UNCEN 06-12-2009 04:28 AM
What is the $salt formula they use?

Dismounted 06-12-2009 07:07 AM
It is the "salt" field in the database row for the user.

THE UNCEN 06-14-2009 05:07 AM
Thanks!

Next question... what does vbulletin use to create the password stored as the bbpassword cookie?

Dismounted 06-14-2009 05:36 AM
It is the hashed password, along with the "cookie salt" (license number).
PHP Code:
$cookie md5($password COOKIE_SALT); 

THE UNCEN 06-14-2009 11:47 PM
Ah, that gets me past that.

Next question... does vbulletin check the password in the DB every time it loads a page? I want to know the work flow vB uses to verify the user.

ForumsMods 06-15-2009 12:07 AM
PHP Code:
function verify_authentication($username$password$md5password$md5password_utf$cookieuser$send_cookies)
{
    global $vbulletin;

    $username strip_blank_ascii($username' ');
    if ($vbulletin->userinfo $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " TABLE_PREFIX "user WHERE username = '" $vbulletin->db->escape_string(htmlspecialchars_uni($username)) . "'"))
    {
        if (
            $vbulletin->userinfo['password'] != iif($password AND !$md5passwordmd5(md5($password) . $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5passwordmd5($md5password $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5password_utfmd5($md5password_utf $vbulletin->userinfo['salt']), '')
        )
        {
            $return_value false;
            ($hook vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }
        else if ($vbulletin->userinfo['password'] == '')
        {
            // sanity check, though there should never really be an empty string for a password
            $return_value false;
            ($hook vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }

        if ($send_cookies)
        {
            if ($cookieuser)
            {
                vbsetcookie('userid'$vbulletin->userinfo['userid'], truetruetrue);
                vbsetcookie('password'md5($vbulletin->userinfo['password'] . COOKIE_SALT), truetruetrue);
            }
            else if ($vbulletin->GPC[COOKIE_PREFIX 'userid'] AND $vbulletin->GPC[COOKIE_PREFIX 'userid'] != $vbulletin->userinfo['userid'])
            {
                // we have a cookie from a user and we're logging in as
                // a different user and we're not going to store a new cookie,
                // so let's unset the old one
                vbsetcookie('userid'''truetruetrue);
                vbsetcookie('password'''truetruetrue);
            }
        }
        $return_value true;
        ($hook vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
        return $return_value;
    }

    $return_value false;
    ($hook vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
    return $return_value;


All times are GMT. The time now is 11:20 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01133 seconds
  • Memory Usage 1,760KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete