MyBB Community Forums

Hello,

At first, I'm new here at this community and I'm not shure my topic is placed at the right section, I hope so

But I'm currently creating my own game. I'm now at the point that I would like to combine my forum with my game. So that when the game starts, the game ask the user for his username and password. With the data the user provided, I want to check the forum-databases if the user is registered and if he is, I want to return the UserID to the game to use the stored playerdata in the myBB and my onw databases.

My PHP and mySQL knowledge is quitte limited, and I have no idea how to use the protected passwords.

How I want to let it work:
I want to have a PHP file on my server. Using my game I sent information to this PHP page/script (using the "get" functions). At next, the PHP script should encrypt the password and check in the databases if the username and password are the same. If they are, the script should just return the UserID, if not, it should return -1, nothing more, because it is a script that is only entered by the game.

I hope that anyone can help me how to create such a PHP script.

Ronald

<?php
define("IN_MYBB", 1);
require_once dirname(__FILE__)."/global.php";
require_once dirname(__FILE__)."/inc/functions_user.php";
if($valid = validate_password_from_username($mybb->input['username'], $mybb->input['password']))
echo $valid['uid'];
else
echo '-1';
?>

Place that in the root mybb directory and access it through scriptname.php?username=user&password=pass.

That should work.

Regards,
Jammerx2

Thanks for your help, it's working fine!

But now I have a new question, is it also possible to sent an allready encrypted password to this page/script, because I don't think it's a very smart idea to sent an "open" password using a weak safety system?

It would be possible, but in order to do so your game would need to know the users salt. If you can retrieve it from the database then you can encrypt the password then check. Would you be able to acquire the salt through your game?

Edit:

Actually, if you only want to encrypt it part way try this:

<?php
define("IN_MYBB", 1);
require_once dirname(__FILE__)."/global.php";
require_once dirname(__FILE__)."/inc/functions_user.php";
$user = $db->query("SELECT * FROM ".TABLE_PREFIX."users WHERE username = '".$mybb->input['username']."';");
$user = $user->fetch_array();
if($user['password'] == salt_password($mybb->input['password'], $user['salt']))
echo $user['uid'];
else
echo -1;
?>

You can just submit the md5 encrypted password to the script, and it will salt it and check if it is right. It is more secure than the original way.

I think that should be possible, When my user wants to connect, I can sent the username to the php-code, from there I can retrieve the salt-code. I sent then the salt-code to my game and next I can try to encrypt the password using the salt-code insode my game. Then I sent the encrypted password back to the php-code which compares the password and the username. If they are the same the script returns me the ID.

Have I understanded this correctly?

Read the edit to my previous post, I think the way I mentioned would be simpler and still sending an encrypted password.