SMF Login with custom code?

chrisonline · November 17, 2006, 08:03:56 AM

I've tried it.. no success...

this is the 1.0.9 code:


// Actually set the login cookie...
function setLoginCookie($cookie_length, $id, $password = '')
{
	global $cookiename;

	// Get the data and path to set it on.
	$data = serialize(empty($id) ? array(0, '', 0) : array($id, md5_hmac($password, 'ys'), time() + $cookie_length));
	$cookie_url = url_parts();

	// Set the cookie, $_COOKIE, and session variable.
	setcookie($cookiename, $data, time() + $cookie_length, $cookie_url[1], $cookie_url[0], 0);

And thats my script:

Code Select

<?php 
define("SMF", null);

require('SSI.php');
require('Sources/Subs-Auth.php');
include("Sources/Load.php");
include("Sources/Subs.php");
include("Sources/LogInOut.php");
$pass = "chrisonline";
$pwd = "xxx";
$pwd_sal = "";
setLoginCookie(3153600, 2, '8946c007f7194ae1a8970fa1bba6df4b');
//setLoginCookie(60 * 3153600, 2, sha1($pwd . $pwd_salt));
?>
<a href="index.php">SMF</a>

Petr1fied · November 17, 2006, 08:35:49 AM

Yes because you need to hash your plain text password first like this:

Code Select

$id=2;
$username="chrisonline"
$password ="chrisonline";
$converged_pass=md5_hmac($password, strtolower($username));

setLoginCookie(3153600, $id, $converged_pass);

This is something I've been playing with, it should work without any requires:

Code Select

<?php

$id=2; // users member ID
$pass="testing"; // Plain text Password
$user="SomeUser"; // Username in both upper & lower case
$cookie_length=189216000; // 6 years

// Create the hashed password with the plain text password
// and the lower case Username.
$password=md5_hmac($pass, strtolower($user));

// Call the set cookie function
set_test_cookie($id, $password, $user, $cookie_length);


// Function to take our test data above and add into a cookie called 'TestCookie'
function set_test_cookie($id="", $password, $user, $cookie_length) {

$data = serialize(empty($id) ? array(0, '', 0) : array($id, md5_hmac($password, 'ys'), time() + $cookie_length));

// Set the cookie
setcookie('TestCookie', $data, time()+$cookie_length, '/');

}

// md5_hmac Password hashing function from SMF
function md5_hmac($data, $key)
    {
        if (strlen($key) > 64)
            $key = pack('H*', md5($key));
        $key  = str_pad($key, 64, chr(0x00));

        $k_ipad = $key ^ str_repeat(chr(0x36), 64);
        $k_opad = $key ^ str_repeat(chr(0x5c), 64);

        return md5($k_opad . pack('H*', md5($k_ipad . $data)));
    }

?>

Petr1fied · November 17, 2006, 09:38:34 AM

I've been trying to do the same thing with SMF 1.1 RC3 as I'd like to use the most current version, after playing about for a bit I've finally cracked it and I can now create SMF accounts at signup time via the other software using the plain text password in the $_POST and then when they log in I can also set a cookie to log them into SMF too.

Here is my test code if anyone wants to use it:

Code Select

<?php

require_once('settings.php');
require_once('SSI.php');
require_once('Sources/Subs-Auth.php');

$id=1;
$username="SomeUsername";
$plainpass="s0mepa55w0rd";
$sha_passwd = sha1(strtolower($username) . $plainpass);
$salt="5al7";
$converged_pass=sha1($sha_passwd . $salt);

setLoginCookie(60 * 3153600, $id, $converged_pass);

echo "Cookie set for $username";

?>

I'll be getting the data from $_POST and db queries from here on out but maybe someone will find this useful.

chrisonline · November 17, 2006, 10:08:39 AM

Thanks the script is running :-)

I have 1.0.9 and the code:

Code Select


<?php 
define("SMF", null);

require('SSI.php');
require('Settings.php');
require('Sources/Subs-Auth.php');
include("Sources/Load.php");
setLoginCookie(3153600, 2, '8946c007f7194ae1a8970fa1bba6df4b');
?>
<a href="index.php">SMF</a>

News:

SMF Login with custom code?

chrisonline

Petr1fied

Petr1fied

chrisonline