[HOW TO] Login to your forums with external applications such as C#, Python etc etc..
#1
I was trying to figure this out for the longest time, The code is not the best as I code in C# and took me hours to figure out what is probably VERY simple
So here it is

<?php

//ENABLE THE BELOW IF YOU WANT TO LIMIT THE NUMBER OF TIMES IT CAN BE USED...

//$min_seconds_between_refreshes = 1;

//session_start();

//if (array_key_exists('last_access', $_SESSION) && time() - $min_seconds_between_refreshes <= $_SESSION['last_access']) {
// The user has been here at least $min_seconds_between_refreshes seconds ago - block them
//exit('You Are Trying To Use The API Too Fast, Please Try Again Later...');
//}
// Record now as their last access time
//$_SESSION['last_access'] = time();



$host = 'localhost';
$user = 'DB_User';
$pass = 'DB_Password';
$db   = 'DB_Name';

$mysqli = new mysqli($host, $user, $pass, $db);

$user        = $_GET['username'];
$password    = $_GET['password'];
$IPNPassword = $_GET['IPNPassword'];
$tables      = "mybb_users";
$tables2     = "mybb_userfields";

$ShowIPNInfo         = $_GET['ShowIPN'];
$ShowPasswordCorrect = $_GET['ShowCorrectPassword'];
$ShowMain            = $_GET['ShowMainGroups'];
$ShowSecondary       = $_GET['ShowSecondaryGroups'];

$sql    = "SELECT * FROM " . $tables . " WHERE username = '" . mysqli_real_escape_string($mysqli, $user) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
    // Outputting the rows
    while ($row = $result->fetch_assoc()) {
        
        $password    = $row['password'];
        $salt        = $row['salt'];
        $plain_pass  = $_GET['password'];
        $stored_pass = md5(md5($salt) . md5($plain_pass));
        
        function Redirect($url, $permanent = false)
        {
            if (headers_sent() === false) {
                header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
            }
            exit();
        }
        
        if ($stored_pass != $row['password']) {
            echo "Password Incorrect<br>"; // Wrong pass, user exists
            die();
        } else {
            
            $GetUserID = $row['uid'];
            
            $sql2    = "SELECT * FROM " . $tables2 . " WHERE ufid = '" . mysqli_real_escape_string($mysqli, $GetUserID) . "'";
            $result2 = $mysqli->query($sql2);
            if ($result->num_rows > 0) {
                while ($row2 = mysqli_fetch_assoc($result2)) {
                    $GetUserSalt = $row2['fid5'];
                    
                    
                    if (empty($GetUserSalt)) {
                        die("No Secret IPN Has Been Set");
                    }
                    
                    if (empty($IPNPassword)) {
                        die("You Did Not Enter A Secret IPN Password!");
                    }
                    
                    if ($IPNPassword != $GetUserSalt) {
                        die("Secret IPN Password Wrong!");
                    }
                    if ($IPNPassword == $GetUserSalt && $ShowIPNInfo == "1") {
                        echo ("Secret IPN Password Correct!<br><br>");
                    }
                    
                }
            }
            
            
            if ($ShowPasswordCorrect == "1") {
                echo "Password Correct<br><br>"; // Correct pass
            }
            
            $MainGroups      = $row['usergroup'];
            $SecondaryGroups = $row['additionalgroups'];
            
            $Registered      = "2";
            $Moderators      = "6";
            $SuperModerators = "3";
            $Administrators  = "4";
            
            if ($ShowMain == "1") {
                echo "Current Main Groups<br>";
                if (strpos($MainGroups, $Registered) !== false) {
                    echo "Registered<br>";
                }
                if (strpos($MainGroups, $Moderators) !== false) {
                    echo "Moderators<br>";
                }
                if (strpos($MainGroups, $SuperModerators) !== false) {
                    echo "Super Moderators<br>";
                }
                if (strpos($MainGroups, $Administrators) !== false) {
                    echo "Administrators<br>";
                }
                echo "<br>";
            }
            
            if ($ShowSecondary == "1") {
                echo "Current Secondary Groups<br>";
                if (strpos($SecondaryGroups, $Registered) !== false) {
                    echo "Registered<br>";
                }
                if (strpos($SecondaryGroups, $Moderators) !== false) {
                    echo "Moderators<br>";
                }
                if (strpos($SecondaryGroups, $SuperModerators) !== false) {
                    echo "Super Moderators<br>";
                }
                if (strpos($SecondaryGroups, $Administrators) !== false) {
                    echo "Administrators<br>";
                }
            }
        }
    }
}
?>

To Test This On Your Own Here Is the Paramaters You Would Pass To Your Browser
http://website.url/check.php?username=USERNAME&password=PASSWORD&IPNPassword=SECRETIPNPASSWORD
You will also want to go into your forum then go to custom user fields and then make a custom user field for the user to set the custom IPN password of there choice, Also if you look above in my code where it says
In Order To Get The Returned Info In section Just Do The Following...
Quote://Show IPN Correct Return
ShowIPN = 1

//Show Password Correct Return
ShowCorrectPassword = 1

//Show Main Groups Return
ShowMainGroups = 1

//Show Secondary Group Return
ShowSecondaryGroups = 1

Example Of this would be


http://Website.URL/check.php?username=US...ryGroups=1

This above will return and show ALL information
But say you want to only show the Main And Secondary Groups as a return, You would then just pass it this

http://Website.URL/check.php?username=USERNAME&password=PASSWORD&IPNPassword=IPNPASSWORD&ShowMainGroups=1&ShowSecondaryGroups=1
$GetUserSalt = $row2['fid5'];
You will want to go into your PHPMYADMIN and check for the fildID and put the proper name there
Other then that I hope some of you find this somewhat useful
Here is a quick example of how this would and could be used in C# applications
private static string LoginToForum(string Username, string Password, string IPNPassword, string ShowIPNCorrect, string ShowPassCorrect, string ShowMainGroups, string ShowSecondaryGroups)
        {
            using (HttpRequest httpRequest = new HttpRequest())
            {
                httpRequest.ClearAllHeaders();
                httpRequest.KeepAlive = true;
                httpRequest.IgnoreProtocolErrors = true;
                httpRequest.ConnectTimeout = 25000;
                httpRequest.AllowAutoRedirect = false;
                string LoginFinal1 = httpRequest.Get("http://WEBSITE.URL/check.php?username=" + Username + "&password=" + Password + "&IPNPassword=" + IPNPassword + "&ShowIPN=" + ShowIPNCorrect + "&ShowCorrectPassword=" + ShowPassCorrect + "&ShowMainGroups=" + ShowMainGroups + "&ShowSecondaryGroups=" + ShowSecondaryGroups).ToString();
                return LoginFinal1;
            }
        }
Then you would just call it like this
            string GetUserInformationFull = LoginToForum("USERNAME", "PASSWORD", "IPNPASSWORD", "1", "1", "1", "1");
Reply
#2
Looks very interesting, thank you for sharing. Smile
Reply
#3
I am gonna work onto it more later tomorrow so you can return specific information you want instead of the messy display it has now
Reply
#4
Just updated the thread to only show certain information if you so please...
Reply
#5
I misunderstood your question about the way to login with C#. This is not a login to the forum, this is just a check that user uses good credentials, for a third party application.
I mean, in my mind "login to forum" was to allow the user to connect to the forum through your C# app, so he don't have to log another time when he goes on the forum itself.
[MyBB 1.8 mods] - Offer me a coffee
Do not ask me help through PM
Reply
#6
(2020-10-19, 04:48 AM)Crazycat Wrote: I misunderstood your question about the way to login with C#. This is not a login to the forum, this is just a check that user uses good credentials, for a third party application.
I mean, in my mind "login to forum" was to allow the user to connect to the forum through your C# app, so he don't have to log another time when he goes on the forum itself.

It's meant more for applications to allow you to say sell stuff on your forum and allow access to the C# application based on your rank inside of mybb itself. It gives a C# example. Meaning it logs you in checks the ranks and if rank contains what your tool requires then give them access if not then don't, make sense?
Reply
#7
Yes, it does. As I said, it was your initial demand that I didn't understood.

If I was you, I think I'll make a small modification: you're sending all your datas clearly, peharps you can encrypt username and password in a way you can decript them in your php file.
[MyBB 1.8 mods] - Offer me a coffee
Do not ask me help through PM
Reply
#8
(2020-10-19, 12:14 PM)Crazycat Wrote: Yes, it does. As I said, it was your initial demand that I didn't understood.

If I was you, I think I'll make a small modification: you're sending all your datas clearly, peharps you can encrypt username and password in a way you can decript them in your php file.


Yeah for sure, I could look into it when I get off work today? I haven't ever really messed with php so I'll have to research

(2020-10-19, 12:14 PM)Crazycat Wrote: Yes, it does. As I said, it was your initial demand that I didn't understood.

If I was you, I think I'll make a small modification: you're sending all your datas clearly, peharps you can encrypt username and password in a way you can decript them in your php file.


I would like to implement it's functionality in mybb itself but never made a mod before. Perhaps I'll attempt it lol
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)