News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Using memberName and passwd to login

Started by jossif, May 13, 2008, 04:11:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

jossif

May 13, 2008, 04:11:10 PM
I am sure this has been asked thousands of times, but I have been unable to find the answer by searching the forum.

I want to use the members table data to login my users to a different app on my site.

I have a simple form requesting username and password and want to check these credentials against the SMF database.

My form sends $user and $passwd via POST to a login script.

The problem I am having is that I do not know how the passwd field is encrypted by SMF. I though that it was sha1 using the user name as salt... but when I do this, it does not work:
Code Select

import_request_variables("PG");
$validate = "SELECT memberName, passwd FROM smf_members WHERE memberName like \"$user\" LIMIT 1";
if ($row = mysql_fetch_array($sql_result)){
# Get user data needed
$hash_pass = "$row[passwd]";
        //compare credentials
if ( sha1($passwd . $user) == $hash_pass) {
            // login OK
      } else {
           // login not OK - password does not match
      }
// login not OK - user not found
}


Any help will be appreciated.

-- Jossi

jossif

#1
May 13, 2008, 04:31:23 PM
OK... I see that it is possible to use SSI to display a login box and redirect to a specific section of my site:
Code Select
<?php ssi_login('http://mysite.net/dashboard/index.php'); ?>

Now, how do I check in http://mysite.net/dashboard/index.php that a user is indeed logged-in?

niko

#2
May 13, 2008, 04:39:26 PM
Quote from: jossif on May 13, 2008, 04:31:23 PM
OK... I see that it is possible to use SSI to display a login box and redirect to a specific section of my site:
Code Select
<?php ssi_login('http://mysite.net/dashboard/index.php'); ?>

Now, how do I check in http://mysite.net/dashboard/index.php that a user is indeed logged-in?


global $user_info;

if ($user_info['is_guest'])
{
// GUEST
}
else
{
// NOT GUEST
}


Quote from: jossif on May 13, 2008, 04:11:10 PM
The problem I am having is that I do not know how the passwd field is encrypted by SMF. I though that it was sha1 using the user name as salt... but when I do this, it does not work:

Passwords hashes are sha1(strtolower($username). $password);
Websites: Madjoki || (2 links retracted by team, links out of date and taken over.)
Mods: SMF Arcade, Related topics, SMF Project Tools, Post History

WIP Mods: Bittorrent Tracker || SMF Wiki

jossif

#3
May 13, 2008, 05:40:37 PM
 :D Thank you!

Moobi

#4
July 18, 2008, 03:44:36 PM
Quote from: Niko on May 13, 2008, 04:39:26 PM
Passwords hashes are sha1(strtolower($username). $password);

That's the ticket! Yeah! This is what I was looking for. I kept seeing references to using SSI.php, but that seemed like overkill for my needs. For the record, I ended up using it in my query string thusly:

Code Select
$query = "SELECT ID_MEMBER, is_activated FROM smf_members WHERE memberName='$memberName' AND passwd=sha1('".strtolower($memberName)."$passwd')";
Print
Go Up Pages1
User actions
Advertisement: