External login

[DaSpamer]

Hey guys,
I'm facing a problem, vBulletin5 is completly different from vBulletin4.
I'm trying to do an external login, but I do not know which file to include in my php script, since I get many Access Denied.

This what i was doing in vBulletin4.

PHP Code:

require_once('global.php');
// getting data ..
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = filter_var($_POST['password'], FILTER_SANITIZE_STRING);
$user = $vbulletin->db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE username ='".$username."'");
// doing some checks and getting some stuff
$pass = $user[password];
$vb_hash = md5($password . $user[salt]);
// return what I want. 


But in the new vBulletin, I'm just not sure what to perform in order to achieve the same results.
Any help?

[Gavo34]

Can someone help with this.


I had a look at the guys script, I cant find any documention to help, so its resorting to not loading VB core.

PHP Code:

db connect

    $username = filter_var($_GET['username'], FILTER_SANITIZE_STRING);
    $password = filter_var($_GET['password'], FILTER_SANITIZE_STRING);

    $value = mysql_fetch_array(mysql_query("SELECT * FROM vb_user WHERE username ='".$username."'"), 0);
    $pass = $value['password'];
    $vb_hash = md5($password . $value['salt']);

if ($vb_hash==$pass)
    {
check subscription.....
} 


The pass and hash dont match, whats the new method?


Thanks

[Code-Worker]

Hello,

in some versions of vBulletin, the passwort is md5-ed via Javascript before the form gets submitted.
If not, the password gets encrypted into md5 directly after the form was submitted via PHP.

However, if you do not encrypt your password before you submit the form, you should try this:

PHP Code:

$vb_hash = md5(md5($password) . $value['salt']); 


[DaSpamer]

The password that is sent, is after md5.