Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 14 Feb 2014, 23:57
tsptom tsptom is offline
 
Join Date: Jan 2006
Checking VB Password Outside the Forum

I have another area of my website that requires a login and sometimes members use a different password for this login than the one they use in the forum. This is probably frustrating for them as they try to remember which PW goes where.

I would like to be able to have them log into this other area using the PW they set up OR their forum PW if it is different.

I'm not sure exactly how this would be done but maybe something along these lines?

SELECT *
FROM mytable m
where m.username= '". $_POST['username'] ."' and
(m.password='" . $_POST['Password'] . "' OR
'" . $_POST['Password'] . "' =
(SELECT md5(CONCAT(md5(v.password, salt)))
FROM user v
WHERE v.username = '". $_POST['username'] ."'))
I know it's wrong so whatever you can add would be appreciated.

Thanks

Last edited by tsptom; 15 Feb 2014 at 00:23.
Reply With Quote
  #2  
Old 15 Feb 2014, 14:19
kh99 kh99 is offline
 
Join Date: Aug 2009
Real name: Kevin
Well, to check if a username, password combination is valid in the vbulletin database, you'd do something like:

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


where $entered_password is the password that was entered, and $password and $salt are the fields from the vbulletin user table where the 'username' column equals the entered username. (I hope that makes sense).

I don't know how to write the code for you because I don't know the context of where you're trying to put it. But if I were doing it I'd probably do a couple 'SELECTS" to get the information I needed from the database, then write php to check (as opposed to doing it all in one sql statement, although that may be possible).

Also I wanted to mention that if you do write something like you posted above, don't use fields from $_POST[] directly in a query string because you don't know what they might contain. At the least, you should use mysql_real_escape_string() (or the equivalent if you're not using the mysql_* functions) to make sure any special characters are escaped.
Reply With Quote
  #3  
Old 15 Feb 2014, 17:15
tsptom tsptom is offline
 
Join Date: Jan 2006
Thanks, I will try that.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 22:16.

Layout Options | Width: Wide Color: