Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 04-30-2007, 12:20 PM
ricc ricc is offline
 
Join Date: Apr 2007
Location: Preston
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Login Verification Help

Hey, just a short problem and i was wondering if anyone had any info



I use vbulletin as part of a larger site which requires members to login to areas of the site to play games etc, i previously used phpbb2 and it was easy enough to verify members from the forum database for identification using the inbuilt dreamweaver login script and slightly adapting it to understand the hashed members passwords



Code:
 

if (isset($_POST['myusername'])) {

  $loginUsername=$_POST['myusername'];

  $password=md5($_POST['mypassword']);


Unfortunatly, as vb is significantly more complex this is not the case and it will not work



Am i missing something glaringly obvious, like the hash code is different, or can it simply not be done for security reasons?
Reply With Quote
  #2  
Old 04-30-2007, 12:21 PM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

md5(md5($password . $salt))
Reply With Quote
  #3  
Old 04-30-2007, 01:06 PM
ricc ricc is offline
 
Join Date: Apr 2007
Location: Preston
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What is the $salt bit at the end?
Reply With Quote
  #4  
Old 05-01-2007, 07:13 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

salt field in the user table. It is unique for each user.
Reply With Quote
  #5  
Old 05-01-2007, 03:19 PM
clarke_kent clarke_kent is offline
 
Join Date: Apr 2007
Posts: 9
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The $salt is a random 3 character string that is stored in the user table and is appended to the md5 hash of the password and then md5'd again.
Reply With Quote
  #6  
Old 05-03-2007, 05:18 AM
byon byon is offline
 
Join Date: Apr 2007
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dismounted View Post
md5(md5($password . $salt))
sorry to jump track abit.
1. does this immediately give us the hash that matches what the database has, if the password is correct?
2. where can we find implementations of cookies/sessions through out the whole website?
Reply With Quote
  #7  
Old 05-03-2007, 06:15 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)
Reply With Quote
  #8  
Old 05-03-2007, 08:03 AM
byon byon is offline
 
Join Date: Apr 2007
Posts: 23
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dismounted View Post
1./ Yes
2./ login.php (probably leads you to includes/functions_login.php)
ill search for existing implementations on the board, hopefully there is.
thanks
Reply With Quote
  #9  
Old 05-10-2007, 06:19 PM
ricc ricc is offline
 
Join Date: Apr 2007
Location: Preston
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Even after a week i am still having trouble with this problem, being a poor coder, i am using dreamweavers built in login wizard, it worked fine with phpbb2 but i am unable to get it to work with vbulletin. i have copied the code and highlighted the bits i have amended, but it still does not work, any help will be greatly appreciated

Code:
<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

  $_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['myusername'])) {

  $loginUsername=$_POST['myusername'];

  $password=md5(md5($_POST['mypassword'].'salt'));

  $MM_fldUserAuthorization = "";

  $MM_redirectLoginSuccess = "http://www.play4.net/login.php";

  $MM_redirectLoginFailed = "http://www.play4.net/forums";

  $MM_redirecttoReferrer = false;

  mysql_select_db($database_vb, $vb);



  $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s AND password=%s",

    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 



  $LoginRS = mysql_query($LoginRS__query, $vb) or die(mysql_error());

  $loginFoundUser = mysql_num_rows($LoginRS);

  if ($loginFoundUser) {

     $loginStrGroup = "";



    //declare two session variables and assign them

    $_SESSION['MM_Username'] = $loginUsername;

    $_SESSION['MM_UserGroup'] = $loginStrGroup;       

    if (isset($_SESSION['PrevUrl']) && false) {

      $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; 

    }

    header("Location: " . $MM_redirectLoginSuccess );

  }

  else {

    header("Location: ". $MM_redirectLoginFailed );

  }

}

?>
Reply With Quote
  #10  
Old 05-10-2007, 06:39 PM
Zero Tolerance's Avatar
Zero Tolerance Zero Tolerance is offline
 
Join Date: Feb 2004
Location: England
Posts: 813
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try this

PHP Code:
<?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

  
session_start();

}

$loginFormAction $_SERVER['PHP_SELF'];

if (isset(
$_GET['accesscheck'])) {

  
$_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset(
$_POST['myusername'])) {

  
$loginUsername=$_POST['myusername'];

  
$password=md5(md5($_POST['mypassword'].'salt'));

  
$MM_fldUserAuthorization "";

  
$MM_redirectLoginSuccess "http://www.play4.net/login.php";

  
$MM_redirectLoginFailed "http://www.play4.net/forums";

  
$MM_redirecttoReferrer false;

  
mysql_select_db($database_vb$vb);



  
$LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s",

    
GetSQLValueString($loginUsername"text")); 



  
$LoginRS mysql_query($LoginRS__query$vb) or die(mysql_error());

  
$loginFoundUser mysql_fetch_array($LoginRS);

  if (
$loginFoundUser && (md5(md5($_POST['mypassword']) . $loginFoundUser['salt']) == $loginFoundUser['password'])) {

     
$loginStrGroup "";



    
//declare two session variables and assign them

    
$_SESSION['MM_Username'] = $loginUsername;

    
$_SESSION['MM_UserGroup'] = $loginStrGroup;       

    if (isset(
$_SESSION['PrevUrl']) && false) {

      
$MM_redirectLoginSuccess $_SESSION['PrevUrl']; 

    }

    
header("Location: " $MM_redirectLoginSuccess );

  }

  else {

    
header("Location: "$MM_redirectLoginFailed );

  }

}

?>
- Zero Tolerance
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:55 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10234 seconds
  • Memory Usage 2,267KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete