vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Checking user and pass externally. (https://vborg.vbsupport.ru/showthread.php?t=217588)

engineerisaac 07-01-2009 03:29 PM
Checking user and pass externally.
 
Hello, i'm working on a system where a player in an online game (counterstrike) can link they're online game account to their forum account.

I can do everything else but the linking PHP code.

What I want to do is make an external PHP page that receives the queries from the game server. It receives the players input, their forum user name and password. In the external PHP page, I want to use the user name and password given and check it against the MySQL tables for vBulletin. I tried MD5 hashing the raw password from the query, but it is different from the MD5 in the database.

Is there some other type of hashing that vBulletin uses? A snippit of code would be great!

This is what I have now, And I always get 0 rows returned because the passwords are differet.... (I know I am entering the correct password ;))
PHP Code:
<?php
//Link.php - Grabs username+pass input from gameserver and checks it against the DB.
$mysql mysql_connect(******);
mysql_select_db(***);
$user $_GET['u'];
$pass $_GET['p'];
$steamid $_GET['s'];
$hashpass md5($pass);

$check mysql_query("SELECT * FROM user WHERE username='$user' AND password='$hashpass'");
if(mysql_num_rows($check) == 0){
    die("notfound");
}else{
    $row mysql_fetch_array($check);
    mysql_query("UPDATE userfield SET steamid='$steamid' WHERE userid='$row[userid]'");
    echo "pass";
}
thank you for your help in advance!

EnIgMa1234 07-01-2009 04:21 PM
You might want to remove your database info from the code :)

As for your error check this line of code.

PHP Code:
WHERE username='$user' AND password='$hashhpass'"); 
$hashhpass should be $hashpass

engineerisaac 07-01-2009 05:05 PM
Quote:
Originally Posted by EnIgMa1234 (Post 1840842)
You might want to remove your database info from the code :)

As for your error check this line of code.

PHP Code:
WHERE username='$user' AND password='$hashhpass'"); 
$hashhpass should be $hashpass
Oops, i saw that but that is not the problem (That probally happened when i was rewriting the variables for that example) i think it's the way the PHP MD5's the raw password, when I do it manually, the Hashes are not the same. Is there some sort of algorithm?

EnIgMa1234 07-01-2009 05:18 PM
Oh,

vBulletin uses a salt value on top of their password.

I think passwords are encrypted like this (Don't quote me on this though).

md5($password.$salt);

The salt value is stored in the user table.

engineerisaac 07-01-2009 05:23 PM
Quote:
Originally Posted by EnIgMa1234 (Post 1840875)
Oh,

vBulletin uses a salt value on top of their password.

I think passwords are encrypted like this (Don't quote me on this though).

md5($password.$salt);

The salt value is stored in the user table.
That does not seem to be the case either... hmmm
Does anyone else happen to know?
It seems like vBulletin uses a Javascript code to hash it's passwords, but the code is very jumbled up and hard to read. I could be wrong though.

jchamber2010 07-01-2009 08:43 PM
that's how it's done...

Line 144 functions_login.php
Code:
md5($md5password . $vbulletin->userinfo['salt'])
are you sure that you are getting the salt from the database as well it's a field in the user table.

Paul M 07-01-2009 09:15 PM
Try this (untested) ;
PHP Code:
$userid 0;
$user mysql_real_escape_string($user);
$check mysql_query("SELECT userid,password,salt FROM user WHERE username='$user'");
if(mysql_num_rows($check) > 0)
{
    $rec mysql_fetch_array($check);
    if($rec['password'] == md5(md5($password).$rec['salt']))
    {
        $userid $rec['userid'];
    }
}

// if $userid > 0 then login was ok. 

engineerisaac 07-02-2009 03:45 PM
Quote:
Originally Posted by Paul M (Post 1840993)
Try this (untested) ;
THANK YOU! This worked! Thank you for your help everyone!


All times are GMT. The time now is 08:50 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01219 seconds
  • Memory Usage 1,744KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_php_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete