2012-10-23, 03:56 PM
Hi Team,
Ok here's my issue. I recently inherited a website. The login system could barely be called a login system and is prone to hacking. They also had a poor forum, which I want to replace. With the extensibility of MyBB, I figured it was my solution.
But, its never that simple, is it?
So first I worked with loginconvert. See, the user names and passwords are stored fine. the passwords are in a md5 hash, but no salt. So I took the loginconvert.php and added my own password function which only did md5. I enabled this plugin in mybb, and wrote my own importer to bring in the users and fill the appropriate spots. it worked perfectly. When people log in, it generated the proper password and cleared out the old fields. No worries.
Now that the forum was allowing my users to log in and converting the passwords on the fly, it was time for step 2. Using the same login sessions through the actual website as well.
No worries, a new include file (using mybbintegrator) grabbed the session information lickity split. So I went on, testing the ability to pull information, and then even adding the ability to login and logout from the front end.
Everything works splendidly, except when I tried a user whose password had not yet been converted. It seems when I call the login function for mybbintegrator, that it is ignoring the installed loginconvert plugin.
I know this is probably not something done every day, but I'm hoping someone out there can give me a shove in the right direction. As of now, I've got less than 12 hours of MyBB under my belt, but I need this to work if I'm going to keep mybb as my solution.
thanks!
Ok, I've had some luck just calling the loginconvert_login() function in place of the mybbintegrator. I'm having an issue now where the board says "You've been banned", even if you arent logged in. Trying to sort this one out. Deleted all cookies, etc.
Hmm. It seems like I am IP banned, but there are no bans listed in the back-end under config->banning.
Yes, my ip address is banned, though I cant find where. Another laptop on my network also gets the banned message, but my ipad on 3G can use the forum just fine.
Ok I got this.
If you want to login from outside the forums, but still use the loginconvert plugin for migrated users, then here is what you do.
1) in the form, be sure to use the fields "username" and "password" to capture the login in. Be sure to include "action=do_login" and "url=" to redirect to the desired page once the login works.
2) On your login page, be sure to include "inc/functions_user.php". The loginconvert uses functions in here, and since you arent REALLY in mybb, these functions cant be found unless you include the file.
3) Also in login page, instead of calling the $MyBBI->login() function, just call "loginconvert_convert()". Do not have ANY html on the page, because the loginconvert plugin will attempt to redirect you on either a success or a failure.
That's pretty much it. I was able to migrate my website users into the mybb database, modify the loginconvert plugin to handle my specific password functionality, and then get the logins from the website to use the loginconvert functionality.
Well, this has all been a test so far. The next step for me is now to ACTUALLY do the integration using the framework I created. So far I have just some test files in the website that I have been using to get all of this working.
I hope my work and research helps someone else who needs to go a little outside the box.
Ok here's my issue. I recently inherited a website. The login system could barely be called a login system and is prone to hacking. They also had a poor forum, which I want to replace. With the extensibility of MyBB, I figured it was my solution.
But, its never that simple, is it?
So first I worked with loginconvert. See, the user names and passwords are stored fine. the passwords are in a md5 hash, but no salt. So I took the loginconvert.php and added my own password function which only did md5. I enabled this plugin in mybb, and wrote my own importer to bring in the users and fill the appropriate spots. it worked perfectly. When people log in, it generated the proper password and cleared out the old fields. No worries.
Now that the forum was allowing my users to log in and converting the passwords on the fly, it was time for step 2. Using the same login sessions through the actual website as well.
No worries, a new include file (using mybbintegrator) grabbed the session information lickity split. So I went on, testing the ability to pull information, and then even adding the ability to login and logout from the front end.
Everything works splendidly, except when I tried a user whose password had not yet been converted. It seems when I call the login function for mybbintegrator, that it is ignoring the installed loginconvert plugin.
I know this is probably not something done every day, but I'm hoping someone out there can give me a shove in the right direction. As of now, I've got less than 12 hours of MyBB under my belt, but I need this to work if I'm going to keep mybb as my solution.
thanks!
Ok, I've had some luck just calling the loginconvert_login() function in place of the mybbintegrator. I'm having an issue now where the board says "You've been banned", even if you arent logged in. Trying to sort this one out. Deleted all cookies, etc.
Hmm. It seems like I am IP banned, but there are no bans listed in the back-end under config->banning.
Yes, my ip address is banned, though I cant find where. Another laptop on my network also gets the banned message, but my ipad on 3G can use the forum just fine.
Ok I got this.
If you want to login from outside the forums, but still use the loginconvert plugin for migrated users, then here is what you do.
1) in the form, be sure to use the fields "username" and "password" to capture the login in. Be sure to include "action=do_login" and "url=" to redirect to the desired page once the login works.
2) On your login page, be sure to include "inc/functions_user.php". The loginconvert uses functions in here, and since you arent REALLY in mybb, these functions cant be found unless you include the file.
3) Also in login page, instead of calling the $MyBBI->login() function, just call "loginconvert_convert()". Do not have ANY html on the page, because the loginconvert plugin will attempt to redirect you on either a success or a failure.
That's pretty much it. I was able to migrate my website users into the mybb database, modify the loginconvert plugin to handle my specific password functionality, and then get the logins from the website to use the loginconvert functionality.
Well, this has all been a test so far. The next step for me is now to ACTUALLY do the integration using the framework I created. So far I have just some test files in the website that I have been using to get all of this working.
I hope my work and research helps someone else who needs to go a little outside the box.