The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
md5 password authentication on non-vb pages.
I've got a contest in development on my site where members will vote on a winning. However, I require that they be members before that can upload entries and submit a vote (when the contest is in the voting stage).
I had this working before VB3.. with VB2.. however now it no longer works. Below is the code I used for VB2 and VB3 to compare the submitted password with the one stored in the database. I realize the password is encrypted in the database and can not be reversed. However I guess I need to encrypt the password the member inputs and then compare that to the one stored in the database. IF they match.. access granted.. if they don't.. end. Here's the VB2 Code: Code:
$query = "select password, userid from user where username='$username'"; $result = mysql_query($query) or die("Query failed"); $row=mysql_fetch_array($result); $userid = $row['userid']; if ($row['password'] == md5($password)) { print "Password correct<br><br>"; } else { die("password not correct!"); } Code:
$query = "SELECT password FROM user WHERE username='$username' AND password = MD5(CONCAT(MD5('$password'), salt))"; $result = mysql_query($query) or die("Query failed"); $row=mysql_fetch_array($result); $userid = $row['userid']; /* THIS IS WHERE THE PROBLEM IS */ if ($row['password'] == MD5(CONCAT(MD5('$password'), salt)) { print "Password correct!<br><br>"; } else { die("password not correct!"); } Aceman |
#2
|
||||
|
||||
Why not just use the vB login html from the navbar template?
|
#3
|
||||
|
||||
Anyone know how to properly encrypt a submitted password so it can be checked against the one in the VB database?
Aceman |
#4
|
||||
|
||||
Code:
echo $row['password']; print "<br>"; echo (md5($password). salt) ; |
#5
|
||||
|
||||
A friend of mine who's a PHP GOD.. helped me figure this one out. Daneel.. you da man!
You can use the following code to accept a username and password from a form and then compare it to what's stored in the VB3 Database. NOTE This takes into account the md5 and salt encryption. It works perfectly for me. Code:
// hostname or ip of server $servername='localhost'; // username and password to log onto db server $dbusername='?????????'; $dbpassword='?????????'; // name of database ($dbname2 is my VB3 database) $dbname='MY_contest'; $dbname2='MY_forum'; /* Connecting, selecting database */ $link = mysql_connect($servername, $dbusername, $dbpassword) or die("Could not connect"); print "Connected successfully<br><br>"; mysql_select_db($dbname2) or die("Could not select database"); /* Necessary fields filled? */ if (!$username || !$password || !$name || !$country || !$email || !$picture || !$stats) die("Fill in all necessary fields."); /* password correct? */ $query = "SELECT salt, password FROM user WHERE username='$username'"; $result = mysql_query($query) or die("The information you entered does not match our records."); $row=mysql_fetch_array($result); $dbpassword = $row['password']; $salt = $row['salt']; if ($dbpassword == md5(md5($password). $salt)) { print "Password correct<br><br>"; } else { die("password not correct!"); } I honestly have yet to find this code posted anywhere on VB.org and VB.com so I hope this helps someone! Aceman |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|