Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 07-01-2009, 03:29 PM
engineerisaac engineerisaac is offline
 
Join Date: Jan 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Checking user and pass externally.

Hello, i'm working on a system where a player in an online game (counterstrike) can link they're online game account to their forum account.

I can do everything else but the linking PHP code.

What I want to do is make an external PHP page that receives the queries from the game server. It receives the players input, their forum user name and password. In the external PHP page, I want to use the user name and password given and check it against the MySQL tables for vBulletin. I tried MD5 hashing the raw password from the query, but it is different from the MD5 in the database.

Is there some other type of hashing that vBulletin uses? A snippit of code would be great!

This is what I have now, And I always get 0 rows returned because the passwords are differet.... (I know I am entering the correct password )
PHP Code:
<?php
//Link.php - Grabs username+pass input from gameserver and checks it against the DB.
$mysql mysql_connect(******);
mysql_select_db(***);
$user $_GET['u'];
$pass $_GET['p'];
$steamid $_GET['s'];
$hashpass md5($pass);

$check mysql_query("SELECT * FROM user WHERE username='$user' AND password='$hashpass'");
if(
mysql_num_rows($check) == 0){
    die(
"notfound");
}else{
    
$row mysql_fetch_array($check);
    
mysql_query("UPDATE userfield SET steamid='$steamid' WHERE userid='$row[userid]'");
    echo 
"pass";
}
thank you for your help in advance!
Reply With Quote
  #2  
Old 07-01-2009, 04:21 PM
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Location: .:: Ireland ::.
Posts: 1,306
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You might want to remove your database info from the code

As for your error check this line of code.

PHP Code:
WHERE username='$user' AND password='$hashhpass'"); 
$hashhpass should be $hashpass
Reply With Quote
  #3  
Old 07-01-2009, 05:05 PM
engineerisaac engineerisaac is offline
 
Join Date: Jan 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EnIgMa1234 View Post
You might want to remove your database info from the code

As for your error check this line of code.

PHP Code:
WHERE username='$user' AND password='$hashhpass'"); 
$hashhpass should be $hashpass
Oops, i saw that but that is not the problem (That probally happened when i was rewriting the variables for that example) i think it's the way the PHP MD5's the raw password, when I do it manually, the Hashes are not the same. Is there some sort of algorithm?
Reply With Quote
  #4  
Old 07-01-2009, 05:18 PM
EnIgMa1234 EnIgMa1234 is offline
 
Join Date: Mar 2006
Location: .:: Ireland ::.
Posts: 1,306
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh,

vBulletin uses a salt value on top of their password.

I think passwords are encrypted like this (Don't quote me on this though).

md5($password.$salt);

The salt value is stored in the user table.
Reply With Quote
  #5  
Old 07-01-2009, 05:23 PM
engineerisaac engineerisaac is offline
 
Join Date: Jan 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by EnIgMa1234 View Post
Oh,

vBulletin uses a salt value on top of their password.

I think passwords are encrypted like this (Don't quote me on this though).

md5($password.$salt);

The salt value is stored in the user table.
That does not seem to be the case either... hmmm
Does anyone else happen to know?
It seems like vBulletin uses a Javascript code to hash it's passwords, but the code is very jumbled up and hard to read. I could be wrong though.
Reply With Quote
  #6  
Old 07-01-2009, 08:43 PM
jchamber2010 jchamber2010 is offline
 
Join Date: Mar 2009
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

that's how it's done...

Line 144 functions_login.php
Code:
md5($md5password . $vbulletin->userinfo['salt'])
are you sure that you are getting the salt from the database as well it's a field in the user table.
Reply With Quote
  #7  
Old 07-01-2009, 09:15 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try this (untested) ;
PHP Code:
$userid 0;
$user mysql_real_escape_string($user);
$check mysql_query("SELECT userid,password,salt FROM user WHERE username='$user'");
if(
mysql_num_rows($check) > 0)
{
    
$rec mysql_fetch_array($check);
    if(
$rec['password'] == md5(md5($password).$rec['salt']))
    {
        
$userid $rec['userid'];
    }
}

// if $userid > 0 then login was ok. 
Reply With Quote
  #8  
Old 07-02-2009, 03:45 PM
engineerisaac engineerisaac is offline
 
Join Date: Jan 2008
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M View Post
Try this (untested) ;
THANK YOU! This worked! Thank you for your help everyone!
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:26 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04973 seconds
  • Memory Usage 2,246KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (4)bbcode_php
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete