Hiya.
I'm currently developing my website, and are trying to integrate the login with the rest of the site. The other area of the site uses it's own unique login form, but reads from the SMF members table (or will anyway).
Basically, the script required I store a piece of information for each user upon login to the database. Looking at the members table, the field validation_code seems to be rarely used.
If I was to set this on login from other parts of the site, would this cause problems on the forum?
If so, am I able to add an extra field to the table without SMF flipping out? If it is possible to add it, what edits do I need to make to the SMF source code?
One more thing, how does one decode the users passwords in the database with an outside script because they're clearly encoded :)
Thanks. This really is quite vital.
Jayden.
PS: If anyone knows a better way to deal with authentication across my website, I'm all ears :) Do note that each part is at a different sub-domain.
Hi, I can't answer all questions but maybe get you pointed in the right direction. But a few questions first.
Which version of SMF?
Are you using any of the SMF integration hooks?
Some reading material if you haven't seen these yet
SSI Readme (http://docs.simplemachines.org/index.php?topic=400.0)
How to use the SMF user system outside of SMF (http://docs.simplemachines.org/index.php?topic=789.0)
How do I integrate SMF into my PHP coded website? (http://docs.simplemachines.org/index.php?topic=461.0)
validation_code is used when a member registers. Using it might/might not cause a problem. Adding an extra column would be the best solution. If it's required.
Quote
One more thing, how does one decode the users passwords in the database with an outside script because they're clearly encoded
You can't. SMF uses sha1 which is a one way encryption. What you'll need to do is to encrypt your login info (username and password) and compare it to what SMF has.
Quote
PS: If anyone knows a better way to deal with authentication across my website, I'm all ears :) Do note that each part is at a different sub-domain.
I've not tried using it across sub-domains but using SSI.php is the easiest method to integrate with SMF..
Specifically, if the supplied credentials are in $user and $pwd, the resultant hash is SHA1(strtolower($user) . $pwd).
Hi Kays and Arantor,
Thanks for your replies.
I shall try out the things you mentioned, Kays - I don't REALLY want to fiddle with the table because if I do I could do damage to my site and it's members already.
Arantor, I shouldn't need to use any SMF hooks etc. to do that right?
Thanks for you helps :)
Jayden
No hooks, though if you want to get into that, that's fine. They can do a lot of things that SSI.php alone cannot.
I would note that many mods do extend the members table by adding new columns, but depending on what you're trying to do, you could just create a new table solely for your code.
Quote from: Arantor on January 21, 2010, 06:53:10 PM
Specifically, if the supplied credentials are in $user and $pwd, the resultant hash is SHA1(strtolower($user) . $pwd).
This here worked perfectly after a bit of tinkering :) Thanks!
Arantor replied "Specifically, if the supplied credentials are in $user and $pwd, the resultant hash is SHA1(strtolower($user) . $pwd)."
Looking at the smf_members table, there is a Salt value (passwordSalt) there which makes me think that it needs to be included in the SHA1 parm. Is this correct or am I mistaken?
IOW: Is the actual call SHA1(strtolower($user) . $pwd . $passwordSalt) or some variant?
The salt is used for something else.
From LoginOut.php:
$sha_passwd = sha1(strtolower($user_settings['memberName']) . un_htmlspecialchars(stripslashes($_REQUEST['passwrd'])));
Specifically, the salt is concerned with generating the session hash that is sent to the users on a round trip, and also with hashing the password when it is submitted on login (because it's hashed client side and sent encrypted)
Thank you for the information on the Salt value and that it does not participate in the saved hashed password field in the MySQL database. I felt it was simpler to ask in lieu of trying to experiment. I have plans to integrate the register function of my RYO code to do the registration into SMF using the values supplied to my own logon database (ie: When Registered I will, under the covers, register the user for SMF) and this plus the working code in the E107 Bridge gives me the example code I need to use (although the E107 Bridge for some reason is using MD5 not SHA1 and is, I think, passing a different parm string).