vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Fast user authentification (https://vborg.vbsupport.ru/showthread.php?t=270882)

squishi 09-25-2011 09:33 AM
Fast user authentification
 
For a vb 3.8.x programming project, I need a page to load very quickly.
Loading the whole forum with
PHP Code:
require("./global.php"); 
takes way too long, especially if there is a high load on the server.

So instead, I wanted to load the user's data (I only need the username!) using the cookie information.
The query would look like this:
Code:
SELECT u.username FROM vb_user as u,
vb_session as s
WHERE u.userid = '".mysql_real_escape_string($_COOKIE['vbuserid'])."'
AND u.password = '".mysql_real_escape_string($_COOKIE['vbpassword'])."'
AND s.sessionhash = '".mysql_real_escape_string($_COOKIE['vbsessionhash'])."'
LIMIT 1
The problem:
The hashed password in the cookie does not match the password that is stored in the database. I specifically checked it for my own account. The password in the cookie does not match the password in the vb_user table.

Why don't they match?

How else can I quickly authenticate a user without loading the whole forum?

kh99 09-25-2011 12:53 PM
Quote:
Originally Posted by squishi (Post 2249846)
Why don't they match?
The password value in the cookie has been put through md5() once more, after being concatenated with the value of COOKIE_SALT (defined in includes/functions.php). So you'd want to do something like:

PHP Code:
if (md5($password_from_db COOKIE_SALT) == $password_from_cookie)
{
   // password match


see function verify_authentication() includes/funtions_login.php.

souperman 09-27-2011 11:00 PM
Kh99, is correct. Haven't check how vb salts its passwords, but they do add a salt to the password.

squishi 09-29-2011 06:11 PM
Thanks, Kh99. That was helpful.


All times are GMT. The time now is 12:31 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01036 seconds
  • Memory Usage 1,719KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (4)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete