News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

CerberusWeb login plugin

Started by StormFire, August 08, 2005, 01:36:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

StormFire

August 08, 2005, 01:36:55 PM
Hi I've modified a login plugin to a help center called CerberusWeb, but for some reason it doesnt want to login.. I think its to do with the bit where it pulls the database information, Im using the 1.1 beta 3 and I don't know if the encryption bit is right or if it is pulling the right things... can anyone see what they think?

Code Select
<?php

require_once(FILESYSTEM_PATH "cerberus-api/login/cer_LoginPlugin.class.php");

define("CER_PLUGIN_NAME","SimpleMachines Forums");
define("CER_PLUGIN_TYPE","login");
define("CER_PLUGIN_AUTHOR","***");
define("CER_PLUGIN_CLASS","plugin_loginsmf"); // [JAS]: The function to act as main()

class plugin_loginsmf extends cer_LoginPlugin {
var $remote_db null;
var $login_string "Forum Username";
var $password_string "Forum Password";

function plugin_loginPhpBB($plugin_id,&$params,&$db) {
$this->cer_LoginPlugin($plugin_id,$params,$db);
$this->_loadVars();

$this->remote_db = new cer_Database();

$db_server $this->getVar("db_server");
$db_name $this->getVar("db_name");
$db_user $this->getVar("db_user");
$db_pass $this->getVar("db_pass");

if(!$this->remote_db->connect($db_server,$db_name,$db_user,$db_pass)) {
$this->remote_db null;
return false;
}
}

// [JAS]: This method should return an array of cer_PluginSetting objects that can be configured
//by the helpdesk user/admin in the GUI.
function pluginConfigure() {
$plugin_settings = array();
$plugin_settings["db_server"] = new cer_PluginSetting("Database Server","db_server","T",array(64),"SMF DataBase Server");
$plugin_settings["db_name"] = new cer_PluginSetting("Database Name","db_name","T",array(32),"SMF DataBase Name");
$plugin_settings["db_user"] = new cer_PluginSetting("Database User","db_user","T",array(32),"SMFB DataBase User");
$plugin_settings["db_pass"] = new cer_PluginSetting("Database Password","db_pass","P",array(32),"SMF DataBase Password");
return $plugin_settings;
}

function getRemoteUserId() {

if(empty($this->remote_db))
return false;

$username $this->getParam("memberName");
$password $this->getParam("passwd");

$sql sprintf("SELECT u.ID_MEMBER ".
   "FROM smf_members u ".
   "WHERE u.memberName = %s AND u.passwd = sha1(%s) ",
   $this->remote_db->escape($username),
   $this->remote_db->escape($password)
);
$res $this->remote_db->query($sql);

if($this->remote_db->num_rows($res) &&
$row $this->remote_db->grab_first_row($res)) {
return $row["ID_MEMBER"];
}
else {
return false;  // invalid login
}
}

};
?>

[Unknown]

#1
August 08, 2005, 02:00:27 PM
It doesn't use a plain SHA-1 hash.  Check Load.php, Subs-Auth.php, and LogInOut.php for more details.

-[Unknown]

StormFire

#2
August 08, 2005, 05:45:33 PM
thanks unknown do you know how I can apply the following SMF encryption:
Code Select
sha1($user_settings['passwd'] . $user_settings['passwordSalt'])

into:

Code Select
$username = $this->getParam("username");
$password = $this->getParam("passwd");

        $sql = sprintf("SELECT u.ID_MEMBER, u.passwordSalt, u.passwd ".
"FROM smf_members AS u WHERE u.username = %s",
$this->remote_db->escape($username));
$res = $this->remote_db->query($sql);

if ($this->remote_db->num_rows($res) && ($row = $this->remote_db->grab_first_row($res)))
{
$hashed_password = md5(md5($password) . $row['salt']);
sha1($user_settings['passwd'] . $user_settings['passwordSalt']);
if ($row['passwd'] == $hashed_password)
{
return $row['ID_MEMBER'];
}
}

im using default smf tables...... (that there is a vbulletin salted encryption, (am not sure at all)

[Unknown]

#3
August 08, 2005, 05:51:18 PM
Code Select
$username = $this->getParam("username");
$password = $this->getParam("passwd");

        $sql = sprintf("SELECT u.ID_MEMBER, u.passwordSalt, u.passwd, u.memberName ".
"FROM smf_members AS u WHERE u.memberName = %s",
$this->remote_db->escape($username));
$res = $this->remote_db->query($sql);

if ($this->remote_db->num_rows($res) && ($row = $this->remote_db->grab_first_row($res)))
{
$hashed_password = sha1(strtolower($row['memberName']) . $password);
if ($row['passwd'] == $hashed_password)
{
return $row['ID_MEMBER'];
}
}

Something like that, I expect?  The passwordSalt is only used in cookies.

-[Unknown]

StormFire

#4
August 10, 2005, 06:39:03 PM
Code Select
<?php

require_once(FILESYSTEM_PATH "cerberus-api/login/cer_LoginPlugin.class.php");

define("CER_PLUGIN_NAME","SimpleMachines Forums");
define("CER_PLUGIN_TYPE","login");
define("CER_PLUGIN_AUTHOR","***");
define("CER_PLUGIN_CLASS","plugin_loginsmf"); // [JAS]: The function to act as main()

class plugin_loginsmf extends cer_LoginPlugin {
var $remote_db null;
var $login_string "Forum Username";
var $password_string "Forum Password";

function plugin_loginPhpBB($plugin_id,&$params,&$db) {
$this->cer_LoginPlugin($plugin_id,$params,$db);
$this->_loadVars();

$this->remote_db = new cer_Database();

$db_server $this->getVar("db_server");
$db_name $this->getVar("db_name");
$db_user $this->getVar("db_user");
$db_pass $this->getVar("db_pass");

if(!$this->remote_db->connect($db_server,$db_name,$db_user,$db_pass)) {
$this->remote_db null;
return false;
}
}

// [JAS]: This method should return an array of cer_PluginSetting objects that can be configured
//by the helpdesk user/admin in the GUI.
function pluginConfigure() {
$plugin_settings = array();
$plugin_settings["db_server"] = new cer_PluginSetting("Database Server","db_server","T",array(64),"SMF DataBase Server");
$plugin_settings["db_name"] = new cer_PluginSetting("Database Name","db_name","T",array(32),"SMF DataBase Name");
$plugin_settings["db_user"] = new cer_PluginSetting("Database User","db_user","T",array(32),"SMFB DataBase User");
$plugin_settings["db_pass"] = new cer_PluginSetting("Database Password","db_pass","P",array(32),"SMF DataBase Password");
return $plugin_settings;
}

function getRemoteUserId() {

if(empty($this->remote_db))
return false;

$username $this->getParam("username");
$password $this->getParam("passwd");

$sql sprintf("SELECT u.ID_MEMBER, u.passwordSalt, u.passwd, u.memberName "
"FROM smf_members AS u WHERE u.memberName = %s"
$this->remote_db->escape($username));
$res $this->remote_db->query($sql);

if ($this->remote_db->num_rows($res) && ($row $this->remote_db->grab_first_row($res)))
{
$hashed_password sha1(strtolower($row['memberName']) . $password);
if ($row['passwd'] == $hashed_password)
{
return $row['ID_MEMBER'];
}
}
else {
return false// invalid login
}
}

};
?>

thats what I have at the moment Unknown, still doesnt work properly, do you have any more thoughts on it?

[Unknown]

#5
August 10, 2005, 06:51:38 PM
You probably want this:

plugin_loginPhpBB

To be:

plugin_loginsmf

Or something, no?

What doesn't work about it?

-[Unknown]

StormFire

#6
August 11, 2005, 01:23:22 PM Last Edit: August 11, 2005, 01:28:18 PM by StormFire
Cerberus [Errno: 2]: Missing argument 3 for plugin_loginsmf() in /home/nemecom/public_html/support/cerberus-api/plugins/cer_plugin.login.smf.php at line 15.

is what pops up when I try to use it

[Unknown]

#7
August 25, 2005, 05:12:11 PM
I'm afraid I really don't know enough about CerberusWeb to be helpful - it might be better to ask them about that.

-[Unknown]

StormFire

#8
August 26, 2005, 12:58:28 PM
i have done so, they said they will ask a developer to look at it, and I gave them what you said, im hoping that they will have more luck than me
Print
Go Up Pages1
User actions
Advertisement: