Login and Authentication

[SnappedNet]

Basicly, I'm trying to have use my own login form to login to vbulletin, the only problem is I can't retrieve the password from the database because of different levels of encryption.. How I do decrypt the password?

This is my current string:

PHP Code:

$qry="SELECT * FROM sn_user WHERE username='$username' AND password='".md5($_POST['password'])."'"; 


What do I change in the password='".md5($_POST['password'])."' to retrieve the password from the database correctly?

OR

How do I edit the login page so I can make it look similar to this:

[kh99]

I believe you would want to compare the encrypted password from the database to:

Code:

md5(md5($_POST['password']) . salt)

but since salt is a column in the database, I'm not sure you can do it all in the query (but of course you can just read the record for that username, then check the password).

You can look at function verify_authentication() in includes/functions_login.php if you want to see how vb checks the password.

[SnappedNet]

You have an extra bracket in there, or a bracket is missing?
Would it just be easier to use the functions_login.php to verify the login? If so, how can I do that?

[kh99]

Sorry about the extra bracket, I fixed it above.

The form for the existing login/password field in the navbar looks like this:

Code:

<script type="text/javascript" src="clientscript/vbulletin_md5.js?v=415"></script>
<form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
	<fieldset id="logindetails" class="logindetails">
		<div>
			<div>
		<input type="text" class="textbox default-value" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="User Name" />
		<input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
		<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Password" style="display:none;" />
		<input type="submit" class="loginbutton" tabindex="104" value="Log in" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profile for yourself." accesskey="s" />
			</div>
		</div>
	</fieldset>
	<div id="remember" class="remember">
		<label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" id="cb_cookieuser_navbar" class="cb_cookieuser_navbar" accesskey="c" tabindex="103" /> Remember Me?</label>
	</div>
 
	<input type="hidden" name="s" value="" />
	<input type="hidden" name="do" value="login" />
	<input type="hidden" name="vb_login_md5password" />
	<input type="hidden" name="vb_login_md5password_utf" />
</form>

So if you model your form after that one (i.e. use the same <form> and <input> tags but change them to display like you want), I think it should work the same and the built-in login.

Note that the above was copied from the HTML page source and not the template, because I wasn't sure if you were using templates for your new login page. If you are, then it's better to go to the navbar template and find the template code for the above. In the above code I removed the "securitytoken" hidden field because there's no way to set that in a static page, but if you use templates you should include it.