Linking forum data to a non-forum related area.

[Yazar8]

I couldn't decide if this is a coding related question, but I'll just ask it. Move the topic If it's at the wrong place.

I have a script, for a computer game. And thats my community's gaming server, now I got my community forum, which is SMF.

To increase forum activity, I decided to come up with this idea: Whoever links their ingame account to their forum account, they'll be rewarded with score.

Now, I want to do something like:

- User decides to link their forum account to their ingame account.
- A prompt box appears, asking for their forum login username.
- Prooced, then there is a new prompt that asks for your forum password, you also fill this in.
- The user's forum account becomes linked to their ingame account.  (If successful)

Now I need to know a few things:

- Which table am I going to retrieve the username / password from? Which is the most effective to compare it.
- What is the SQL query I must execute to grab the username and password? (Basically, which table should I look for?)
- What is the hashing algorthym the forum uses? Since I will need to compare the hashed string input IG and the one at the forum DB.

What I have:

- SHA1, Whirlpool hashing plugins (used at the server side)
- MySQL knowledge
- Enough knowledge with the scripting language I use.

[margarett]

Howdy. In parts:

- Which table am I going to retrieve the username / password from? Which is the most effective to compare it.
- What is the SQL query I must execute to grab the username and password? (Basically, which table should I look for?)

You need to use SHA1 to hash username and password as SMF does it, as you can't compare the plain password (you don't have it available anywhere in SMF). So user enters username and password, you hash it and compare it with the password hash that you retrieve from SMF table.
So you need to fetch "member_name" and "passwd" fields from "smf_members" table (you might have a different prefix, be sure to check it )

- What is the hashing algorthym the forum uses? Since I will need to compare the hashed string input IG and the one at the forum DB.

SMF hashes the password with

Code Select Expand

sha1(strtolower($member_name) . $passwrd);

[Yazar8]

Howdy. In parts:

- Which table am I going to retrieve the username / password from? Which is the most effective to compare it.
- What is the SQL query I must execute to grab the username and password? (Basically, which table should I look for?)

You need to use SHA1 to hash username and password as SMF does it, as you can't compare the plain password (you don't have it available anywhere in SMF). So user enters username and password, you hash it and compare it with the password hash that you retrieve from SMF table.
So you need to fetch "member_name" and "passwd" fields from "smf_members" table (you might have a different prefix, be sure to check it )

- What is the hashing algorthym the forum uses? Since I will need to compare the hashed string input IG and the one at the forum DB.

SMF hashes the password with

Code Select Expand

sha1(strtolower($member_name) . $passwrd);

I will try this, thank you!

[Yazar8]

Hey again, so I remembered that mysql had a SHA1 function aswell. I tried using it so I won't need an external SHA1 hashing plugin.

SELECT * FROM `forumdb_forummembers` WHERE `member_name` = 'username' AND `passwd` = SHA1('password')

It doesn't work.

When I execute this, it works though:

SELECT * FROM `forumdb_forummembers` WHERE `member_name` = 'username'

Any ideas why? Now I noticed the SHA1 function at SMF turns the password to lowercase, maybe the SHA1 function mysql uses is upper case, that's why. But I'm not sure.

Does anybody know how can I get it working this way?

[Kindred]

that is because the password is not just SHA1

Code Select Expand


sha1(strtolower($member_name) . $passwrd);


it is HASHED and THEN encoded

which you can not do in a SQL query...