Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page Making a separate login system
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-11-2009, 06:47 AM
THE UNCEN THE UNCEN is offline
 
Join Date: Aug 2006
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Making a separate login system
I'm making a separate login system. Can someone briefly explain to me how the vbulletin system checks passwords?
Reply With Quote
  #2  
Old 06-11-2009, 07:42 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Passwords in the database are hashed like so:
PHP Code:
$password md5(md5($plaintext) . $salt); 
Reply With Quote
  #3  
Old 06-12-2009, 04:28 AM
THE UNCEN THE UNCEN is offline
 
Join Date: Aug 2006
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
What is the $salt formula they use?
Reply With Quote
  #4  
Old 06-12-2009, 07:07 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It is the "salt" field in the database row for the user.
Reply With Quote
  #5  
Old 06-14-2009, 05:07 AM
THE UNCEN THE UNCEN is offline
 
Join Date: Aug 2006
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Thanks!

Next question... what does vbulletin use to create the password stored as the bbpassword cookie?
Reply With Quote
  #6  
Old 06-14-2009, 05:36 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It is the hashed password, along with the "cookie salt" (license number).
PHP Code:
$cookie md5($password COOKIE_SALT); 
Reply With Quote
  #7  
Old 06-14-2009, 11:47 PM
THE UNCEN THE UNCEN is offline
 
Join Date: Aug 2006
Posts: 10
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Ah, that gets me past that.

Next question... does vbulletin check the password in the DB every time it loads a page? I want to know the work flow vB uses to verify the user.
Reply With Quote
  #8  
Old 06-15-2009, 12:07 AM
ForumsMods ForumsMods is offline
 
Join Date: Aug 2007
Location: Argentina
Posts: 667
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
PHP Code:
function verify_authentication($username$password$md5password$md5password_utf$cookieuser$send_cookies)
{
    global $vbulletin;

    $username strip_blank_ascii($username' ');
    if ($vbulletin->userinfo $vbulletin->db->query_first("SELECT userid, usergroupid, membergroupids, infractiongroupids, username, password, salt FROM " TABLE_PREFIX "user WHERE username = '" $vbulletin->db->escape_string(htmlspecialchars_uni($username)) . "'"))
    {
        if (
            $vbulletin->userinfo['password'] != iif($password AND !$md5passwordmd5(md5($password) . $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5passwordmd5($md5password $vbulletin->userinfo['salt']), '') AND
            $vbulletin->userinfo['password'] != iif($md5password_utfmd5($md5password_utf $vbulletin->userinfo['salt']), '')
        )
        {
            $return_value false;
            ($hook vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }
        else if ($vbulletin->userinfo['password'] == '')
        {
            // sanity check, though there should never really be an empty string for a password
            $return_value false;
            ($hook vBulletinHook::fetch_hook('login_verify_failure_password')) ? eval($hook) : false;
            if (isset($return_value))
            {
                // unset $return_value if you want to run the $send_cookies stuff
                return $return_value;
            }
        }

        if ($send_cookies)
        {
            if ($cookieuser)
            {
                vbsetcookie('userid'$vbulletin->userinfo['userid'], truetruetrue);
                vbsetcookie('password'md5($vbulletin->userinfo['password'] . COOKIE_SALT), truetruetrue);
            }
            else if ($vbulletin->GPC[COOKIE_PREFIX 'userid'] AND $vbulletin->GPC[COOKIE_PREFIX 'userid'] != $vbulletin->userinfo['userid'])
            {
                // we have a cookie from a user and we're logging in as
                // a different user and we're not going to store a new cookie,
                // so let's unset the old one
                vbsetcookie('userid'''truetruetrue);
                vbsetcookie('password'''truetruetrue);
            }
        }
        $return_value true;
        ($hook vBulletinHook::fetch_hook('login_verify_success')) ? eval($hook) : false;
        return $return_value;
    }

    $return_value false;
    ($hook vBulletinHook::fetch_hook('login_verify_failure_username')) ? eval($hook) : false;
    return $return_value;
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 09:33 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04195 seconds
  • Memory Usage 2,268KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete