Hi guys. I have a little project I'm working on that requires my users to login using the same login info as my forum. Before I get started with the login form; are the passwords only md5 encrypted? I need to know what I need to code for. I already have everything created and it's all independent from the forum accept for the login.
Kind Regards.
// Assume MySQL connection is already set up
// Assume username entered is stored in $username and is already sanitized
// Assume password entered is stored in $password
$query = mysql_query("SELECT uid,password,salt FROM mybb_users WHERE username='$username' LIMIT 1");
$user = mysql_fetch_array($query);
if(!$user['uid'])
{
// no user exists
}
else
{
$check_pw = md5(md5($user['salt']).md5($password));
if($check_pw == $user['password'])
{
// correct password
}
else
{
// incorrect password
}
}
DennisTT Wrote:// Assume MySQL connection is already set up
// Assume username entered is stored in $username and is already sanitized
// Assume password entered is stored in $password
$query = mysql_query("SELECT uid,password,salt FROM mybb_users WHERE username='$username' LIMIT 1");
$user = mysql_fetch_array($query);
if(!$user['uid'])
{
// no user exists
}
else
{
$check_pw = md5(md5($user['salt']).md5($password));
if($check_pw == $user['password'])
{
// correct password
}
else
{
// incorrect password
}
}
Ah, the salt is what's needed as-well. Thanks DennisTT.
Kind Regards.
I'm having some troubles here. I put what you gave me within the code below that I have created. For some reason, it never logs in. Any Ideas?
Thanks. Btw, remember that the code below is when the user submits the login form.
<?php session_start();
require ('inc/config.php');
$check_pw = md5(md5($user['salt']).md5($password));
$time = time();
$check = ($_POST['setcookie']);
$query = mysql_query("SELECT uid,password,salt FROM mybb_users WHERE username='$username' LIMIT 1");
$user = mysql_fetch_array($query);
if(!$user['uid']) {
$_SESSION['loggedin'] = 1;
}
$check_pw = md5(md5($user['salt']).md5($password));
if($check_pw == $user['password']) {
setcookie("mybb[username]", $username, $time + 3600);
setcookie("mybb[password]", $password, $time + 3600);
header('Location: index.php');
}
else {
header('Location: index.php?inv=1');
exit();
}
EDIT: I think I can fix it. I'll edit in a few.
Another edit: nope, still doesn't work.
Probably need to fix your cookie settings
Tikitiki Wrote:Probably need to fix your cookie settings
That's exactly what I thought the problem is/was. I'll over look the code again from when it sets the cookie.
Regards.
I looked at it once again, re-built the cookie and still the same. This is what I have when the cookie is set:
I could have something wrong here that I'm not noticing.
session_start();
if(isset($_COOKIE['mybb'])) {
include 'inc/config.php';
$username = $_COOKIE['mybb']['username'];
$password = $_COOKIE['mybb']['password'];
$query = mysql_query("SELECT uid,password,salt FROM mybb_users WHERE username='$username' LIMIT 1");
$result = mysql_query($query, $db);
if(mysql_num_rows($result)) {
$_SESSION['loggedin'] = 1;
header('Location: home.php');
$_SESSION['valid_user'] = $username;
}
exit();
}
Well where is the "mybb" cookie set?
DennisTT Wrote:Well where is the "mybb" cookie set?
When the user clicks on the login button, it processes it using this:
<?php session_start();
require ('inc/config.php');
$check_pw = md5(md5($user['salt']).md5($password));
$time = time();
$check = ($_POST['setcookie']);
$query = mysql_query("SELECT uid,password,salt FROM mybb_users WHERE username='$username' LIMIT 1");
$user = mysql_fetch_array($query);
if(!$user['uid']) {
$_SESSION['loggedin'] = 1;
}
$check_pw = md5(md5($user['salt']).md5($password));
if($check_pw == $user['password']) {
setcookie("mybb[username]", $username, $time + 3600); ////HERE
setcookie("mybb[password]", $password, $time + 3600); ////HERE
header('Location: index.php');
}
else {
header('Location: index.php?inv=1');
exit();
}