MyBB Community Forums

How are the myBB authentication cookies set up?
I see the mybbuser and sid and would like to use them to somehow create authentication for a web app I'm working on which is off of myBB. Is the sid saved somewhere in the database and what's that string after the userid_ in the mybbuser cookie? I was thinking that I'd match them in the database but I can't seem to find them as any of the columns.

Thanks,
Sato

sid stored in mybb_sessions

(2011-12-30, 04:22 PM)ranjani Wrote: [ -> ]sid stored in mybb_sessions

And how do I match the user?
Do I just regex the user ID from that extra string? ex: mybbuser=50323_SomeString

^ you can do that - or get user id from the sessions table ; depends on how you develop required logic !

Dunno what to say about the sessions, it's better to make a new one on the forum too when you login in your app. I wrote you a snippet below.
If it's on the same host, just check if the username exists then fetch the salt and check the login, after that, you're done. I'll give you a snippet.

// check if username exists
if (mysql_num_rows(mysql_query("SELECT id FROM mybb_users WHERE username = '".$_POST['username']."' LIMIT 1"))) {
   $sql = mysql_fetch_assoc(mysql_query("SELECT id,password,salt FROM mybb_users WHERE username = '".$_POST['username']."' LIMIT 1")); 
   if ($sql['password'] == md5(md5($sql['salt']).md5($_POST['password']))) {
      // commands to be executed after succesfull login check on mybb.
   } else echo 'Invalid password !';
} else echo 'Username not found !';

Hope that helps you.