MyBB Community Forums

On a website I'm experimenting with (because this is my first time using PHP and also MySQL scripts), and probably I'll release it if this works...

I'm making a user authentication system on certain website, but I want to use the users and password stored on the forum's db, so if anyone wants to make a new account, they have to access the forum and create one.

I was reading some tutorials, scripts and books, I downloaded these scripts and edited with the correct settings... i think.... help?

Connect.php

<?php
$server = 'localhost';
$username = 'root';
$password = 'password';
$database_name = 'forum';
mysql_connect($server, $username, $password);
mysql_select_db($database_name);
?>

<?php
session_start();
require_once('connect.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Log In</title>
<style type="text/css">
.container {
   text-align: center;
   border: 1px solid #000000;
   width: 300px;
}
td {
   text-align: left;
}
</style>
</head>
<body>
<?php
if(isset($_POST['login'])) {
   $error = '';
   $username = $_POST['username'];
   $password = $_POST['password'];
   if(!isset($username) || !isset($password)) {
      $error .= 'A required field was left blank.<br />';
   }
   $password = md5($password);
   if(get_magic_quotes_gpc()) {
      $username = $username;
   }else{
      $username = addslashes($username);
   }
   $result = mysql_query('SELECT * FROM `mybb_users` WHERE `username`="'.$username.'" AND `password`="'.$password.'"');
   $valid_login = mysql_num_rows($result);
   if($valid_login == 0) {
      $error .= 'The supplied username and/or password was incorrect.<br />';
   }
   if($error == '') {
      $data = mysql_fetch_array($result);
      $_SESSION['username'] = $data['username'];
      mysql_query('UPDATE `users` SET `last_seen`="'.time().'" WHERE `username`="'.$username.'"');
      echo '<meta http-equiv="Refresh" Content="0; URL=index.php">';
      die();
   }else{
      echo 'The following errors were returned:<br />'.$error.'<br />';
   }
}
?>
<form action="login.php" method="post">
<table class="container" align="center" cellspacing="0" cellpadding="0">
   <tr>
      <td colspan="2" style="text-align:center;"><h1>Log In</h1></td>
   </tr>
   <tr>
      <td>Username:</td>
      <td><input type="text" name="username" maxlength="20" /></td>
   </tr>
   <tr>
      <td>Password:</td>
      <td><input type="password" name="password" /></td>
   </tr>
   <tr>
      <td colspan="2" style="text-align:center;"><input name="login" type="submit" value="Log In" /></td>
   </tr>
   <tr>
      <td colspan="2" style="text-align:center;"><a href="register.php">Register</a> | <a href="index.php">Index</a></td>
   </tr>
</table>
</form>
</body>
</html>

There is one problem I see with your script. It won't log in because you didn't query the database for the salt. The way to get the password in myBB is:

$dbpassword = md5(md5($salt).md5($password));

Now to explain this, the password in the database is the md5 encryption of the password that the user types in plain text combined with the md5 encryption of the salt which is in the database in the user table.

Still is not working... I replaced the code as you said

   $password = md5(md5($salt).md5($password));

Take a look into the file inc/functions_user.php. There you can find the fuctions you need.

yottabytewizard Wrote:Still is not working... I replaced the code as you said

Code:
�� $password = md5(md5($salt).md5($password));

Don't copy it word for word. You need to run a query on the database to get the data from the field name "salt" in the users table that corresponds with the user. That is what my "$salt" variable represents. The $password variable I used represents your $_POST['password'].

This is the code I used on my website for fetching the username.

	chdir('./forum/');
	require('./global.php');
	chdir('../');
	$username = $mybb->user['username'];

Also, $session->uid will be 0 if the user is not logged in (is a Guest)

Sergio Montoya

SnakEyez

Sergio Montoya

Michael S.

SnakEyez

laser