2020-10-17, 03:41 AM
I was trying to figure this out for the longest time, The code is not the best as I code in C# and took me hours to figure out what is probably VERY simple
So here it is
<?php
//ENABLE THE BELOW IF YOU WANT TO LIMIT THE NUMBER OF TIMES IT CAN BE USED...
//$min_seconds_between_refreshes = 1;
//session_start();
//if (array_key_exists('last_access', $_SESSION) && time() - $min_seconds_between_refreshes <= $_SESSION['last_access']) {
// The user has been here at least $min_seconds_between_refreshes seconds ago - block them
//exit('You Are Trying To Use The API Too Fast, Please Try Again Later...');
//}
// Record now as their last access time
//$_SESSION['last_access'] = time();
$host = 'localhost';
$user = 'DB_User';
$pass = 'DB_Password';
$db = 'DB_Name';
$mysqli = new mysqli($host, $user, $pass, $db);
$user = $_GET['username'];
$password = $_GET['password'];
$IPNPassword = $_GET['IPNPassword'];
$tables = "mybb_users";
$tables2 = "mybb_userfields";
$ShowIPNInfo = $_GET['ShowIPN'];
$ShowPasswordCorrect = $_GET['ShowCorrectPassword'];
$ShowMain = $_GET['ShowMainGroups'];
$ShowSecondary = $_GET['ShowSecondaryGroups'];
$sql = "SELECT * FROM " . $tables . " WHERE username = '" . mysqli_real_escape_string($mysqli, $user) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// Outputting the rows
while ($row = $result->fetch_assoc()) {
$password = $row['password'];
$salt = $row['salt'];
$plain_pass = $_GET['password'];
$stored_pass = md5(md5($salt) . md5($plain_pass));
function Redirect($url, $permanent = false)
{
if (headers_sent() === false) {
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
if ($stored_pass != $row['password']) {
echo "Password Incorrect<br>"; // Wrong pass, user exists
die();
} else {
$GetUserID = $row['uid'];
$sql2 = "SELECT * FROM " . $tables2 . " WHERE ufid = '" . mysqli_real_escape_string($mysqli, $GetUserID) . "'";
$result2 = $mysqli->query($sql2);
if ($result->num_rows > 0) {
while ($row2 = mysqli_fetch_assoc($result2)) {
$GetUserSalt = $row2['fid5'];
if (empty($GetUserSalt)) {
die("No Secret IPN Has Been Set");
}
if (empty($IPNPassword)) {
die("You Did Not Enter A Secret IPN Password!");
}
if ($IPNPassword != $GetUserSalt) {
die("Secret IPN Password Wrong!");
}
if ($IPNPassword == $GetUserSalt && $ShowIPNInfo == "1") {
echo ("Secret IPN Password Correct!<br><br>");
}
}
}
if ($ShowPasswordCorrect == "1") {
echo "Password Correct<br><br>"; // Correct pass
}
$MainGroups = $row['usergroup'];
$SecondaryGroups = $row['additionalgroups'];
$Registered = "2";
$Moderators = "6";
$SuperModerators = "3";
$Administrators = "4";
if ($ShowMain == "1") {
echo "Current Main Groups<br>";
if (strpos($MainGroups, $Registered) !== false) {
echo "Registered<br>";
}
if (strpos($MainGroups, $Moderators) !== false) {
echo "Moderators<br>";
}
if (strpos($MainGroups, $SuperModerators) !== false) {
echo "Super Moderators<br>";
}
if (strpos($MainGroups, $Administrators) !== false) {
echo "Administrators<br>";
}
echo "<br>";
}
if ($ShowSecondary == "1") {
echo "Current Secondary Groups<br>";
if (strpos($SecondaryGroups, $Registered) !== false) {
echo "Registered<br>";
}
if (strpos($SecondaryGroups, $Moderators) !== false) {
echo "Moderators<br>";
}
if (strpos($SecondaryGroups, $SuperModerators) !== false) {
echo "Super Moderators<br>";
}
if (strpos($SecondaryGroups, $Administrators) !== false) {
echo "Administrators<br>";
}
}
}
}
}
?>
To Test This On Your Own Here Is the Paramaters You Would Pass To Your Browser
http://website.url/check.php?username=USERNAME&password=PASSWORD&IPNPassword=SECRETIPNPASSWORD
You will also want to go into your forum then go to custom user fields and then make a custom user field for the user to set the custom IPN password of there choice, Also if you look above in my code where it says
In Order To Get The Returned Info In section Just Do The Following...
Quote://Show IPN Correct Return
ShowIPN = 1
//Show Password Correct Return
ShowCorrectPassword = 1
//Show Main Groups Return
ShowMainGroups = 1
//Show Secondary Group Return
ShowSecondaryGroups = 1
Example Of this would be
http://Website.URL/check.php?username=US...ryGroups=1
This above will return and show ALL information
But say you want to only show the Main And Secondary Groups as a return, You would then just pass it this
http://Website.URL/check.php?username=USERNAME&password=PASSWORD&IPNPassword=IPNPASSWORD&ShowMainGroups=1&ShowSecondaryGroups=1
$GetUserSalt = $row2['fid5'];
You will want to go into your PHPMYADMIN and check for the fildID and put the proper name there
Other then that I hope some of you find this somewhat useful
Here is a quick example of how this would and could be used in C# applications
private static string LoginToForum(string Username, string Password, string IPNPassword, string ShowIPNCorrect, string ShowPassCorrect, string ShowMainGroups, string ShowSecondaryGroups)
{
using (HttpRequest httpRequest = new HttpRequest())
{
httpRequest.ClearAllHeaders();
httpRequest.KeepAlive = true;
httpRequest.IgnoreProtocolErrors = true;
httpRequest.ConnectTimeout = 25000;
httpRequest.AllowAutoRedirect = false;
string LoginFinal1 = httpRequest.Get("http://WEBSITE.URL/check.php?username=" + Username + "&password=" + Password + "&IPNPassword=" + IPNPassword + "&ShowIPN=" + ShowIPNCorrect + "&ShowCorrectPassword=" + ShowPassCorrect + "&ShowMainGroups=" + ShowMainGroups + "&ShowSecondaryGroups=" + ShowSecondaryGroups).ToString();
return LoginFinal1;
}
}
Then you would just call it like this
string GetUserInformationFull = LoginToForum("USERNAME", "PASSWORD", "IPNPASSWORD", "1", "1", "1", "1");