MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Web Development and Administration > Trying to integrate Mybb user's and passwords
Full Version: Trying to integrate Mybb user's and passwords
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

juice4z0

2018-08-16, 12:47 AM
I am trying to use the user name and passwords from my MyBB  for authentication with a game server.

The working code that does a basic Auth is 
<?php
include 'includes/db_connect.php';

function getUserByEmailAndPassword($username, $password) {
    global $mysqli;
    $result = $mysqli->query("SELECT * FROM user_account WHERE username = '$username'") or die(mysql_error());
    $no_of_rows = $result->num_rows;
    if ($no_of_rows > 0) {
        $result = $result->fetch_array();
        $salt = $result['salt'];
        $stored_hash = $result['password'];
        $hashtest = checkhashSSHA($salt, $password);
        if ($hashtest == $stored_hash) {
            return $result;
        }
    }
    else {
        return false;
    }
}

function checkhashSSHA($salt, $password) {
    $hash = base64_encode(sha1($password . $salt, true) . $salt);
    return $hash;
}

$username = $mysqli->real_escape_string($_POST['user_name']);
$password = $mysqli->real_escape_string($_POST['user_password']);
$user = getUserByEmailAndPassword($username, $password);
if ($user != false) {
    if($user['accesslevel'] == "banned") {
        $response['message'] = "Account banned";
    } else {
        $response['message'] = "success";
    }
}
else {
    $response['message'] = "Account does not exist or password was incorrect";
}
echo json_encode($response);
?>
I am trying to adjust that code to read from MyBB's database.  I have made the data connection with the db_connect.php but with my updated code I can't login.  I believe it has to do with the salt/hash.
The current edited config is
<?php
include 'includes/db_connect.php';

function getUserByEmailAndPassword($username, $password) {
    global $mysqli;
    $result = $mysqli->query("SELECT * FROM mybb_users WHERE username = '$username'") or die(mysql_error());
    $no_of_rows = $result->num_rows;
    if ($no_of_rows > 0) {
        $result = $result->fetch_array();
        $salt = $result['salt'];
        $stored_hash = $result['password'];
        $hashtest = checkhashSSHA($salt, $password);
        if ($hashtest == $stored_hash) {
            return $result;
        }
    }
    else {
        return false;
    }
}

function checkhashSSHA($salt, $password) {
    $hash = md5(md5($password . $salt, true) . $salt);
    return $hash;
}

$username = $mysqli->real_escape_string($_POST['user_name']);
$password = $mysqli->real_escape_string($_POST['user_password']);
$user = getUserByEmailAndPassword($username, $password);
if ($user != false) {
    if($user['accesslevel'] == "banned") {
        $response['message'] = "Account banned";
    } else {
        $response['message'] = "success";
    }
}
else {
    $response['message'] = "Account does not exist or password was incorrect";
}
echo json_encode($response);
?>
I am pretty new at this and was hoping someone would know where I went wrong with the code.
Thanls!!
Juice

Azah

2018-08-18, 01:03 PM
I would recommend using prepared statements there.

https://github.com/mybb/mybb/blob/f584ea...s_user.php
Also, you might want to use that as a reference for the hashes.

juice4z0

2018-08-18, 06:54 PM
Thank you!!!!!

With the information you gave me I was able to get it working!!

You rock!
MyBB Community Forums > Community > General Discussion > Web Development and Administration > Trying to integrate Mybb user's and passwords