Hi Guys,
I am using vBulletin forums, and I want to let only the registered people in my forum to access some separate pages, I did every thing but could not decode the password of users that stored in my batabase (mysql), so can any one help PLZ.
e.g; when the user enter his user name and password, in a page; I connect to the vBulletin forum database and check for that data, but the password is not as the user enter; becase it is encoded in the database!!
thanx
I don't know for sure, but most likely it is hashed either via the MySQL PASSWORD() function or one of the PHP hashing functions such as [man]md5/man. With a little trial and error you should be able to determine which. If it was done via MySQL, then your query would be something like:
$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = PASSWORD('$password')";
If done via PHP hashing, then:
$hashed = md5($password);
$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = '$hashed'";
NogDog wrote:If done via PHP hashing, then:
Heh.. MD5 isn't native to PHP only...
$sql = "SELECT COUNT(*) FROM `users` WHERE `id`= '$login' AND `password` = MD5('$password')";In fact, MySQL offers various encryption and compression functions.
Why would you need the user's password in the first place?
If they're logged in as a registered user then presumably vBulletin is using some mechanism to identify which http requests are coming from registered users (the bb* cookies). Use that mechanism.
Thanx guys,
I tried the php md5 but it doesn't work!!
I ended up doing something like Weedpacket suggested, basically
chdir('/var/www/www.yourwebsite.com/community');
require_once('./global.php'); // this is vB's code
if ($bbuserinfo['email'])
{
// user is logged in
}
else
{
// tell them to log in
}