News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Using memberName and passwd to login

Started by jossif, May 13, 2008, 04:11:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

jossif

May 13, 2008, 04:11:10 PM
I am sure this has been asked thousands of times, but I have been unable to find the answer by searching the forum.

I want to use the members table data to login my users to a different app on my site.

I have a simple form requesting username and password and want to check these credentials against the SMF database.

My form sends $user and $passwd via POST to a login script.

The problem I am having is that I do not know how the passwd field is encrypted by SMF. I though that it was sha1 using the user name as salt... but when I do this, it does not work:
Code Select

import_request_variables("PG");
$validate = "SELECT memberName, passwd FROM smf_members WHERE memberName like \"$user\" LIMIT 1";
if ($row = mysql_fetch_array($sql_result)){
# Get user data needed
$hash_pass = "$row[passwd]";
        //compare credentials
if ( sha1($passwd . $user) == $hash_pass) {
            // login OK
      } else {
           // login not OK - password does not match
      }
// login not OK - user not found
}


Any help will be appreciated.

-- Jossi

jossif

#1
May 13, 2008, 04:31:23 PM
OK... I see that it is possible to use SSI to display a login box and redirect to a specific section of my site:
Code Select
<?php ssi_login('http://mysite.net/dashboard/index.php'); ?>

Now, how do I check in http://mysite.net/dashboard/index.php that a user is indeed logged-in?

niko

#2
May 13, 2008, 04:39:26 PM
Quote from: jossif on May 13, 2008, 04:31:23 PM
OK... I see that it is possible to use SSI to display a login box and redirect to a specific section of my site:
Code Select
<?php ssi_login('http://mysite.net/dashboard/index.php'); ?>

Now, how do I check in http://mysite.net/dashboard/index.php that a user is indeed logged-in?


global $user_info;

if ($user_info['is_guest'])
{
// GUEST
}
else
{
// NOT GUEST
}


Quote from: jossif on May 13, 2008, 04:11:10 PM
The problem I am having is that I do not know how the passwd field is encrypted by SMF. I though that it was sha1 using the user name as salt... but when I do this, it does not work:

Passwords hashes are sha1(strtolower($username). $password);
Websites: Madjoki || (2 links retracted by team, links out of date and taken over.)
Mods: SMF Arcade, Related topics, SMF Project Tools, Post History

WIP Mods: Bittorrent Tracker || SMF Wiki

jossif

#3
May 13, 2008, 05:40:37 PM
 :D Thank you!

Moobi

#4
July 18, 2008, 03:44:36 PM
Quote from: Niko on May 13, 2008, 04:39:26 PM
Passwords hashes are sha1(strtolower($username). $password);

That's the ticket! Yeah! This is what I was looking for. I kept seeing references to using SSI.php, but that seemed like overkill for my needs. For the record, I ended up using it in my query string thusly:

Code Select
$query = "SELECT ID_MEMBER, is_activated FROM smf_members WHERE memberName='$memberName' AND passwd=sha1('".strtolower($memberName)."$passwd')";
Print
Go Up Pages1
User actions
Advertisement: