Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Solved: 9 Years, 11 Months, 3 Weeks ago When does the $plugins->run_hooks fire it's instance?
#5
Solved: 9 Years, 11 Months, 3 Weeks ago
(2012-07-07, 04:52 PM)pavemen Wrote: in your frontend code where you are forcing the reset and have the plain text password, just replicate the mybb password hash routine from the member.php do_login action and directly update the mybb database directly from your code.

this would be the same password hash routine you are using for SSO authentication

include the mybb config.php file so you have the credentials to the DB and then connect to it and update the user table. be sure to generate a new salt during the reset and update the user table with the new salt and the new password hash.

btw, what i am saying is that you dont need any hooks, just directly manipulate the DB

I have both systems on the same db, however, i am thinking about using the password function for mybb and then use a mysql insert statement to update the password once the external password reset function have generated the new password and the user has activated it through their retrieval mail.

How about using this function within my external password reset function file? (taken from functions_user.php in /inc/:

//If there are no mybb authentication
if (!$this->mybb->user['uid'] != 0){
  update_password();
}
else{
//If there is a mybb authentication
$userhandler = new UserDataHandler('update');
$data = array(
  'uid' => intval($user_id),
  'password' => $password
);
$userhandler->set_data($data);
 if (!$userhandler->validate_user()){
 $errors = $userhandler->get_friendly_errors();
  return ($inline_error === true) ? inline_error($errors) : $errors;
      }
  $userhandler->update_user();
   return true;
}

functions_user.php
 153  function update_password($uid, $password, $salt="")
 154  {
 155      global $db, $plugins;
 156  
 157      $newpassword = array();
 158  
 159      // If no salt was specified, check in database first, if still doesn't exist, create one
 160      if(!$salt)
 161      {
 162          $query = $db->simple_select("users", "salt", "uid='$uid'", array('limit' => 1));
 163          $user = $db->fetch_array($query);
 164          if($user['salt'])
 165          {
 166              $salt = $user['salt'];
 167          }
 168          else
 169          {
 170              $salt = generate_salt();
 171          }
 172          $newpassword['salt'] = $salt;
 173      }
 174  
 175      // Create new password based on salt
 176      $saltedpw = salt_password($password, $salt);
 177  
 178      // Generate new login key
 179      $loginkey = generate_loginkey();
 180  
 181      // Update password and login key in database
 182      $newpassword['password'] = $saltedpw;
 183      $newpassword['loginkey'] = $loginkey;
 184      $db->update_query("users", $newpassword, "uid='$uid'", 1);
 185  
 186      $plugins->run_hooks("password_changed");
 187  
 188      return $newpassword;
 189  }

Remember, i need to update the user's password when the user is not authenticated with mybb. To get the correct user id to be used within the mysql update statement i would need to use the external user id within it.


Messages In This Thread
RE: When does the $plugins->run_hooks fire it's instance? - by bowkilled - 2012-07-08, 01:20 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)