I'm creating a general website with semi-CMS (admins of the forum will be able to do some changes in the general website). To avoid having the admins to remember different usernames/passwords for the forum and the general website, I would like to let them log in on the general website CMS with their forum login data.
The problem is with the password, at first I thought it was md5 encrypted, but after google searching I read MSF 1.1 uses sha1 encryption.
When I use the following code, it still doesn't work, my sha1($send_password) does not match the SMF password in the SMF database...
Anyone that can see what I'm doing wrong?
$send_username = $_POST['send_username'];
$send_password = $_POST['send_password'];
$sql = "SELECT passwd,ID_GROUP FROM smf_members WHERE memberName='$send_username'";
$query = mysql_query($sql);
if(mysql_num_rows($query)==0)
{
echo("<p class=\"error\">Error: {$send_username} doesn't exist...</p>\n");
$_SESSION['loggedin'] = false;
$_SESSION['admin'] = "0";
}
else
{
$record = mysql_fetch_assoc($query);
$password = sha1($send_password);
if($password == $record['passwd'])
{
echo("<p class=\"error\">{$login_succes}</p>\n");
$_SESSION['loggedin'] = true;
if($record['ID_GROUP']=="1")
{
$_SESSION['admin'] = "1";
}
else
{
$_SESSION['admin'] = "0";
}
}
else
{
echo("<p class=\"error\">Error: password for {$send_username} incorrect ...<p>\n");
$_SESSION['loggedin'] = false;
$_SESSION['admin'] = "0";
}
}
}
PS, I know it is possible by using ssi.php and stuff, but all I need to make work what I want (don't need all that other stuff) is how to make the given password from the form able to compare with the password of that user in the database...
sha1(strtolower($username) . $password)
found it, thx!