The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Login Verification Help
Hey, just a short problem and i was wondering if anyone had any info
I use vbulletin as part of a larger site which requires members to login to areas of the site to play games etc, i previously used phpbb2 and it was easy enough to verify members from the forum database for identification using the inbuilt dreamweaver login script and slightly adapting it to understand the hashed members passwords Code:
if (isset($_POST['myusername'])) { $loginUsername=$_POST['myusername']; $password=md5($_POST['mypassword']); Unfortunatly, as vb is significantly more complex this is not the case and it will not work Am i missing something glaringly obvious, like the hash code is different, or can it simply not be done for security reasons? |
#2
|
||||
|
||||
md5(md5($password . $salt))
|
#3
|
|||
|
|||
What is the $salt bit at the end?
|
#4
|
||||
|
||||
salt field in the user table. It is unique for each user.
|
#5
|
|||
|
|||
The $salt is a random 3 character string that is stored in the user table and is appended to the md5 hash of the password and then md5'd again.
|
#6
|
|||
|
|||
sorry to jump track abit.
1. does this immediately give us the hash that matches what the database has, if the password is correct? 2. where can we find implementations of cookies/sessions through out the whole website? |
#7
|
||||
|
||||
1./ Yes
2./ login.php (probably leads you to includes/functions_login.php) |
#8
|
|||
|
|||
Quote:
thanks |
#9
|
|||
|
|||
Even after a week i am still having trouble with this problem, being a poor coder, i am using dreamweavers built in login wizard, it worked fine with phpbb2 but i am unable to get it to work with vbulletin. i have copied the code and highlighted the bits i have amended, but it still does not work, any help will be greatly appreciated
Code:
<?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['myusername'])) { $loginUsername=$_POST['myusername']; $password=md5(md5($_POST['mypassword'].'salt')); $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "http://www.play4.net/login.php"; $MM_redirectLoginFailed = "http://www.play4.net/forums"; $MM_redirecttoReferrer = false; mysql_select_db($database_vb, $vb); $LoginRS__query=sprintf("SELECT username, password, salt FROM `user` WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $vb) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = ""; //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> |
#10
|
||||
|
||||
Try this
PHP Code:
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|