2018-08-16, 12:47 AM
I am trying to use the user name and passwords from my MyBB for authentication with a game server.
The working code that does a basic Auth is
The current edited config is
Thanls!!
Juice
The working code that does a basic Auth is
<?php
include 'includes/db_connect.php';
function getUserByEmailAndPassword($username, $password) {
global $mysqli;
$result = $mysqli->query("SELECT * FROM user_account WHERE username = '$username'") or die(mysql_error());
$no_of_rows = $result->num_rows;
if ($no_of_rows > 0) {
$result = $result->fetch_array();
$salt = $result['salt'];
$stored_hash = $result['password'];
$hashtest = checkhashSSHA($salt, $password);
if ($hashtest == $stored_hash) {
return $result;
}
}
else {
return false;
}
}
function checkhashSSHA($salt, $password) {
$hash = base64_encode(sha1($password . $salt, true) . $salt);
return $hash;
}
$username = $mysqli->real_escape_string($_POST['user_name']);
$password = $mysqli->real_escape_string($_POST['user_password']);
$user = getUserByEmailAndPassword($username, $password);
if ($user != false) {
if($user['accesslevel'] == "banned") {
$response['message'] = "Account banned";
} else {
$response['message'] = "success";
}
}
else {
$response['message'] = "Account does not exist or password was incorrect";
}
echo json_encode($response);
?>
I am trying to adjust that code to read from MyBB's database. I have made the data connection with the db_connect.php but with my updated code I can't login. I believe it has to do with the salt/hash.The current edited config is
<?php
include 'includes/db_connect.php';
function getUserByEmailAndPassword($username, $password) {
global $mysqli;
$result = $mysqli->query("SELECT * FROM mybb_users WHERE username = '$username'") or die(mysql_error());
$no_of_rows = $result->num_rows;
if ($no_of_rows > 0) {
$result = $result->fetch_array();
$salt = $result['salt'];
$stored_hash = $result['password'];
$hashtest = checkhashSSHA($salt, $password);
if ($hashtest == $stored_hash) {
return $result;
}
}
else {
return false;
}
}
function checkhashSSHA($salt, $password) {
$hash = md5(md5($password . $salt, true) . $salt);
return $hash;
}
$username = $mysqli->real_escape_string($_POST['user_name']);
$password = $mysqli->real_escape_string($_POST['user_password']);
$user = getUserByEmailAndPassword($username, $password);
if ($user != false) {
if($user['accesslevel'] == "banned") {
$response['message'] = "Account banned";
} else {
$response['message'] = "success";
}
}
else {
$response['message'] = "Account does not exist or password was incorrect";
}
echo json_encode($response);
?>
I am pretty new at this and was hoping someone would know where I went wrong with the code.Thanls!!
Juice