The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Fast user authentification
For a vb 3.8.x programming project, I need a page to load very quickly.
Loading the whole forum with PHP Code:
So instead, I wanted to load the user's data (I only need the username!) using the cookie information. The query would look like this: Code:
SELECT u.username FROM vb_user as u, vb_session as s WHERE u.userid = '".mysql_real_escape_string($_COOKIE['vbuserid'])."' AND u.password = '".mysql_real_escape_string($_COOKIE['vbpassword'])."' AND s.sessionhash = '".mysql_real_escape_string($_COOKIE['vbsessionhash'])."' LIMIT 1 The hashed password in the cookie does not match the password that is stored in the database. I specifically checked it for my own account. The password in the cookie does not match the password in the vb_user table. Why don't they match? How else can I quickly authenticate a user without loading the whole forum? |
#2
|
|||
|
|||
The password value in the cookie has been put through md5() once more, after being concatenated with the value of COOKIE_SALT (defined in includes/functions.php). So you'd want to do something like:
PHP Code:
see function verify_authentication() includes/funtions_login.php. |
#3
|
|||
|
|||
Kh99, is correct. Haven't check how vb salts its passwords, but they do add a salt to the password.
|
#4
|
|||
|
|||
Thanks, Kh99. That was helpful.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|