MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Web Development and Administration > [SOLVED] Using the login Details via App
Full Version: [SOLVED] Using the login Details via App
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7

deve48

2012-01-24, 09:01 PM
I am creating a application that will use the username and password from mybb forum . I used it before with SMF forum and the line was looking like this : 

$query = "SELECT * FROM smf_members WHERE member_name = '" . $username . "' AND password = '" . sha1(strtolower($username.$password)) . "'";
that worked , how do I change this in mybb to get it to work .

Thanks

Tom K.

2012-01-24, 09:24 PM
Firstly you need the salt from the MyBB Table, turn the inputted password into a salted hash, and then check that against the actual hash Smile
Something like this Smile
//get the user info
$query = "SELECT * FROM mybb_users WHERE LOWER(username) = {$username};";
//make it into a mysql_assoc_array
$salt = $result['salt'];
$hash = md5(md5($password.$salt).$salt);

//check your hash against the one in the table
if ($result['hash'] == $hash)
{
//login success
} else {
//login fail
}

Hope this helped Smile

Paul H.

2012-01-24, 09:29 PM
There's a much easier way Tom Smile

require_once("mybb_path/inc/functions_user.php");
$user = validate_password_from_username($username,$password)
if(!$user)
{
//invalid password or username
}

Tom K.

2012-01-24, 09:33 PM
(2012-01-24, 09:29 PM)Paul H. Wrote: [ -> ]There's a much easier way Tom Smile

require_once("mybb_path/inc/functions_user.php");
$user = validate_password_from_username($username,$password)
if(!$user)
{
//invalid password or username
}

When he said app, I assumed he meant he was using it from some other site Smile Both ways will work Smile

deve48

2012-01-24, 09:35 PM
(2012-01-24, 09:29 PM)Paul H. Wrote: [ -> ]There's a much easier way Tom Smile

require_once("mybb_path/inc/functions_user.php");
$user = validate_password_from_username($username,$password)
if(!$user)
{
//invalid password or username
}
Thanks for the reply , I will paste my own made login page that the app is connecting to check mysql .

 <?php

error_reporting(0);

// Database settings
$host      = 'localhost';         
$user      = '';         
$password  = '';         
$database  = '';   

$conn = mysql_connect($host,$user,$password) or die ('Error connecting to MySQL database.');
$conn = mysql_select_db($database) or die ('Error selecting database.');

$hwid = mysql_real_escape_string($_GET['hwid']);
if ($hwid == '') {$hwid='?';}
$author = mysql_real_escape_string($_GET['author']);
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$query = "SELECT * FROM mybb_users WHERE username = '" . $username . "' AND password = '" . sha1(strtolower($username.$password)) . "'";
$result = mysql_query($query);

if (mysql_num_rows($result) == 1){
	// Check membername and HWID 
	$query = "SELECT member, hwid FROM loginlist WHERE member = '$username'";
	$result = mysql_query($query);
	if ($result && mysql_num_rows($result)) {
		$row = mysql_fetch_array($result);
		if ($row[hwid]!=$hwid) {
			echo "INVALID LOGIN";
			exit;
		}
	}
	// Update loginlist
	$ip = $_SERVER['REMOTE_ADDR'];
	$lastday = $firstday = time();
	$cntr = 1;
   $author = $author;
	$query = "SELECT member, ip, author, cntr FROM loginlist WHERE member = '$username' AND ip = '$ip'";
	$result = mysql_query($query);
	if ($result && mysql_num_rows($result)) {
		$row = mysql_fetch_array($result);
		$row[cntr] += 1;
		$lastday = time();
		$row[author] = $author;
		$query = "UPDATE loginlist SET lastday = '$lastday', cntr = '$row[cntr], author = '$row[author]' WHERE member = '$username' AND ip = '$ip'";
		$result=mysql_query($query);
	} else {
		$query="INSERT INTO loginlist (member, hwid, ip, lastday, firstday, cntr, block) VALUES ('$username', '$hwid', '$ip', '$lastday', '$firstday', '$cntr', '$author', '0')";
		$result=mysql_query($query);			
	}	
	// Check if IP address is blocked
	$query = "SELECT * FROM loginlist WHERE ip = '$ip'";
	$result = mysql_query($query);
	if ($result && mysql_num_rows($result) == 1) {
		$row = mysql_fetch_array($result);
		if ($row[block] == 1) {
			echo "INVALID LOGIN";	
			exit;
		}
	}
	echo "VALID LOGIN";
} else {
	echo "INVALID LOGIN";
}

?>

it has also a loginlist where it shows the logged in users true this form .

I guess the change must be done in here :

$query = "SELECT * FROM mybb_users WHERE username = '" . $username . "' AND password = '" . sha1(strtolower($username.$password)) . "'";

and how exactly ?

Thanks

Paul H.

2012-01-24, 09:39 PM
If you are doing it solely via MySQL you should use Tom's version.

deve48

2012-01-24, 09:41 PM
I did try to change this line like that : $query = "SELECT * FROM mybb_users WHERE username = '" . $username . "' AND password = '" . validate_password_from_username($username,$password) . "'";

but didnt work

Paul H.

2012-01-24, 09:48 PM
No, ignore what I said completely and do what Tom said Smile

deve48

2012-01-24, 09:51 PM
(2012-01-24, 09:48 PM)Paul H. Wrote: [ -> ]No, ignore what I said completely and do what Tom said Smile

Well I am trying to do it but cant figure out . can you point me on what is wrong on my line in my post before of my login page .

Tom K.

2012-01-24, 10:08 PM
If you use the code I posted. You need to obviously execute the queries I posted Smile

That code will work fine Smile
Pages: 1 2 3 4 5 6 7
MyBB Community Forums > Community > General Discussion > Web Development and Administration > [SOLVED] Using the login Details via App