Login Algorithm

[Xodus]

I'm currently trying to make a section of my site where people can leave comments, review files, and then flag if they are inappropriate or broken.

I'd like to make this where the user can login on my main page , leave comments, on the specific file, and then be able to user their forum username / password.

Only problem is, I can't figure out how users are getting logged into the forum, or what algorithm is being used. After I get it, I can easily code the rest as I know how.  

Okay, so where I am at. I looked at the index.php page logged out so the login form would come up. I take a look at it's source, and it shows the action for loggin in is "/index.php?action=login2" So I open up the index.php file in Dream Weaver, and search for login2, goes down to the array, and finds this: "      'login2' => array('LogInOut.php', 'Login2')," Alright,   I go there, and then I find this logging in code:

Code Select Expand

function Login2()
{
global $txt, $db_prefix, $scripturl, $user_info, $user_settings;
global $cookiename, $maintenance, $ID_MEMBER, $modSettings, $context, $sc;
global $sourcedir;

// Load cookie authentication stuff.
require_once($sourcedir . '/Subs-Auth.php');

if (isset($_GET['sa']) && $_GET['sa'] == 'salt' && !$user_info['is_guest'])
{
if (isset($_COOKIE[$cookiename]))
list (, , $timeout) = @unserialize($_COOKIE[$cookiename]);
elseif (isset($_SESSION['login_' . $cookiename]))
list (, , $timeout) = @unserialize(stripslashes($_SESSION['login_' . $cookiename]));
else
trigger_error('Login2(): Cannot be logged in without a session or cookie', E_USER_ERROR);

$user_settings['passwordSalt'] = substr(md5(rand()), 0, 4);
updateMemberData($ID_MEMBER, array('passwordSalt' => '\'' . $user_settings['passwordSalt'] . '\''));

setLoginCookie($timeout - time(), $ID_MEMBER, sha1($user_settings['passwd'] . $user_settings['passwordSalt']));

redirectexit('action=login2;sa=check;member=' . $ID_MEMBER, $context['server']['needs_login_fix']);
}


I pretty much get what is happening, but what I don't get is, where is it connecting to the database to check the authenticity of the login, what is being used to encrypt the pass, and that's pretty much it.

Any idea about how to incorporate a login on my homepage. All I need is to know how it changes the string to check in the DB.

[Petr1fied]

Maybe this will help you:

Code Select Expand

<?php

$path_to_smf="[YOUR PATH HERE]";
require_once($path_to_smf.'/Settings.php');
require_once($path_to_smf.'/SSI.php');
require_once($path_to_smf.'/Sources/Subs-Auth.php');

if($_POST["action"]) {

   (isset($_POST['username'])) ? $username = AddSlashes($_POST['username']) : $username = '';
   (isset($_POST['pwd'])) ? $pwd = AddSlashes($_POST['pwd']) : $pwd = '';

   if($username=='' || $pwd=='')
      die("Please ensure both boxes are filled in");

   $sql=mysql_fetch_assoc(mysql_query("SELECT ID_MEMBER, passwd, passwordSalt FROM {$db_prefix}members WHERE memberName='".StripSlashes($username)."'"));

   if(!$sql)
      die("User not found!");

   $hashpass=smf_passgen(StripSlashes($username), StripSlashes($pwd));

   if ($sql["passwd"]!=$hashpass[0])
      die("Password wrong!");
   else
      set_smf_cookie($sql["ID_MEMBER"], $hashpass[0], $sql["passwordSalt"]);
   die("Login cookie successfully set");
}

?>

<table><form method='post'>
<tr><td align=right>Username: <input type='text' name='username' size='30' maxlength='80'></td></tr>
<tr><td align=right>Password: <input type='password' name='pwd' size='30'></td></tr>
<tr><td align=center><input type='submit' value='Log In' name='action'></td></tr>
</form></table>

<?php
function smf_passgen($username, $pwd) {

$passhash = sha1(strtolower($username) . $pwd);
$salt=substr(md5(rand()), 0, 4);

return array($passhash,$salt);

}

function set_smf_cookie($id, $passhash, $salt) {

setLoginCookie(189216000, $id, sha1($passhash . $salt));

}

?>