.:HyPeX:. Posted December 31, 2014 Share Posted December 31, 2014 Hello everyone, i'm using IPB Forum as my main start for everyting wich is going to start in the server. My problem is the functions IPB uses - How do i call them? .php file: <?php require( "initdata.php"); require( "hypexmta/sdk/mta_sdk.php" ); require( "admin/sources/base/ipsRegistry.php" ); require( "admin/sources/loginauth/login_core.php" ); require( "admin/sources/loginauth/interface_login.php" ); ipsRegistry::init(); $table = mta::getInput(); $text = $table[1]; if(isset($text)){ $returning = authenticate(table[0], "", table[1]); mta::doReturn($returning); } My issue is, i dont know wich is the function for logging in a member - Checking their data,( as it was stated MTA cant de-hash all IPB's hashes placed on its Mysql database) setting a custom data and later on retriving it. I have zero knowledge on php, so its kind of hard for me to come up with anything at all pretty much. Thanks in advance. Link to comment
Gallardo9944 Posted December 31, 2014 Share Posted December 31, 2014 You don't really have to use PHP stuff to check if a user wrote the real password or not. You can get account name's salt and password hash and check it in Lua like this: function lowermd5(val) return string.lower(md5(val)) -- return the same md5 function, but with lowercase end local hash = lowermd5(lowermd5(salt)..lowermd5(password)) -- this is how IPB hashes passwords. salt is taken from IPB's database, password is taken from user input if hash == mysqlhash then -- if the hash from IPB's table matches our calculated one, then the user wrote the real password - auth successful else -- wrong password, m8 end string.lower is required because MTA's md5 hashing returns upper case values, but IPB hashes that in lower case. I've been using this method for a really long time, works perfectly and without exceptions. Make sure you escape possible SQL injections in name+password fields for security reasons. Link to comment
.:HyPeX:. Posted December 31, 2014 Author Share Posted December 31, 2014 You don't really have to use PHP stuff to check if a user wrote the real password or not. You can get account name's salt and password hash and check it in Lua like this: function lowermd5(val) return string.lower(md5(val)) -- return the same md5 function, but with lowercase end local hash = lowermd5(lowermd5(salt)..lowermd5(password)) -- this is how IPB hashes passwords. salt is taken from IPB's database, password is taken from user input if hash == mysqlhash then -- if the hash from IPB's table matches our calculated one, then the user wrote the real password - auth successful else -- wrong password, m8 end string.lower is required because MTA's md5 hashing returns upper case values, but IPB hashes that in lower case. I've been using this method for a really long time, works perfectly and without exceptions. Make sure you escape possible SQL injections in name+password fields for security reasons. Thats seems fine and i'll test it for logging in. - But what about adding/retriving data to their accounts? do i need to hash anything or i can just run data to their account like if it was a mysql common database? And also, when looping throught IPB mysql table - usernames are just saved without hashing and under wich value? Thanks! EDIT: How do i define salt? EDIT2: How is mysql database saved in IPB? Should i just connect to the webpage's IP on wich port? Link to comment
Gallardo9944 Posted December 31, 2014 Share Posted December 31, 2014 (edited) You should connect to your SQL database IPB is connected to. The table should be something like ipb_members. The example of getting password hash, salt, etc (use in your dbQuery): SELECT salt,password FROM ipb_members WHERE member_name='HyPeX' (I'm not saying that those are the real column names, cause I switched to SMF a year ago) Usernames are unhashed, of course, you use them to define what account you're checking. If you want to get data,you can simply save the account name when the user logs in, and use SQL queries to get required information: SELECT something FROM ipb_members WHERE member_name='HyPeX' (replace "HyPeX" with your saved account name) If you want to change some data, you can simply do it like this: UPDATE ipb_members SET something='anything' WHERE member_name='HyPeX' Edited December 31, 2014 by Guest Link to comment
.:HyPeX:. Posted December 31, 2014 Author Share Posted December 31, 2014 Okay so i think i got a pretty clear idea, now my last issue would be, How can i find IPB's mysql database details? (password, username, etc) Thanks a lot. Link to comment
Gallardo9944 Posted December 31, 2014 Share Posted December 31, 2014 Okay so i think i got a pretty clear idea, now my last issue would be, How can i find IPB's mysql database details? (password, username, etc) Thanks a lot. You defined it when you created your IPB forum. (MySQL login, password, database, prefix) As far as I remember, there should be a config.php in the folder of your site with all the required details. P.S. Happy new year Link to comment
.:HyPeX:. Posted December 31, 2014 Author Share Posted December 31, 2014 Okay so i think i got a pretty clear idea, now my last issue would be, How can i find IPB's mysql database details? (password, username, etc) Thanks a lot. You defined it when you created your IPB forum. (MySQL login, password, database, prefix) As far as I remember, there should be a config.php in the folder of your site with all the required details. P.S. Happy new year I didnt created the forum so i guess i'll search for the config.php file in the FTP... Happy new year aswell and thanks a lot! Link to comment
Catalyst Posted January 1, 2015 Share Posted January 1, 2015 conf_global.php should have those 4 variables near/at the beginning $INFO['sql_host'] $INFO['sql_database'] $INFO['sql_user'] $INFO['sql_pass'] That's pretty much you need to connect to the MySQL database which IPB uses, remember, if 'sql_host' is 'localhost' and you don't have your server on the same machine as the website, then you need to use your website's IP address, or hostname Ps: 2015 hit the UK right at the time of this post. Happy new year! Link to comment
.:HyPeX:. Posted January 1, 2015 Author Share Posted January 1, 2015 Pretty much it is giving the error "Could not connect". Thought i'm selecting the exact values.. (The forum is hosted in a separate VPS) (i replaced the user & pass with *) script: Database = dbConnect("mysql","dbname=d69588_forumm;host=wm61.wedos.net", "***","***","share=1") php: $INFO['sql_host'] = 'wm61.wedos.net'; $INFO['sql_database'] = 'd69588_forumm'; $INFO['sql_user'] = '***'; $INFO['sql_pass'] = '***'; Link to comment
Gallardo9944 Posted January 1, 2015 Share Posted January 1, 2015 Pretty much it is giving the error "Could not connect".Thought i'm selecting the exact values.. (The forum is hosted in a separate VPS) (i replaced the user & pass with *) script: Database = dbConnect("mysql","dbname=d69588_forumm;host=wm61.wedos.net", "***","***","share=1") php: $INFO['sql_host'] = 'wm61.wedos.net'; $INFO['sql_database'] = 'd69588_forumm'; $INFO['sql_user'] = '***'; $INFO['sql_pass'] = '***'; This always happens by default if mysql is installed on a VPS.The problem is that your mysql is bound only to localhost, meaning that you can't connect to the server from the outer world. You need to edit your mysql config file (should be /etc/my.cnf, correct me if I'm wrong - I'm typing this on my phone) and comment the line which is similar to bind_address = 127.0.0.1. Then restart your mysql server and you should be able to connect after that. Link to comment
.:HyPeX:. Posted January 3, 2015 Author Share Posted January 3, 2015 Sorry for the delay gallardo - im on vacations away till tomorrow. As ive just been told, the mysql is hosted in a custom mysql website - www.wedos.cz So, so far the forum details should work good? Link to comment
Gallardo9944 Posted January 3, 2015 Share Posted January 3, 2015 Sorry for the delay gallardo - im on vacations away till tomorrow. As ive just been told, the mysql is hosted in a custom mysql website - http://www.wedos.czSo, so far the forum details should work good? Details should work. But if it's a VPS, you have to follow the instructions i gave you above. Link to comment
.:HyPeX:. Posted January 9, 2015 Author Share Posted January 9, 2015 Hello, so far apparently hash is unsuccessful. Apparently there's also a "members_pass_hash" field (according to mysql database) function lowermd5(val) return string.lower(md5(val)) end salt = "" password = "" username = "user" local hash = "pass" Database = dbConnect("mysql","***;host=***", "***","***") addEventHandler('onResourceStart',resourceRoot,function() local query = dbQuery(Database, "SELECT members_pass_salt,member_login_key,members_pass_hash FROM members WHERE name='"..username.."'") --local query = dbQuery(Database, "SELECT `table_name` FROM `all_tables`") local result = dbPoll(query,-1) if result then --for i,v in ipairs(result) do --outputChatBox("Table Found! Name: "..v) --end for _,row in ipairs(result) do for column, value in pairs ( row ) do outputConsole(column.. " " ..value) if column == "members_pass_salt" then salt = value outputChatBox("Salt Retrived") elseif column == "member_login_key" then password = value elseif cloumn == "members_pass_hash" then mysqlhash = value end -- value = the value of that column in this certain row end end runHash() else outputChatBox("DB Query Failed") end end) function runHash() local hash = lowermd5(lowermd5(salt)..lowermd5(password)) if hash == mysqlhash then outputChatBox("Hash successful") else outputChatBox("Hash unsuccessful") end end members_pass_hash b8d93637ad8abd6e0201003678da0111 member_login_key c943cee0017aa8f1a1e8a9750904736f members_pass_salt G!iz! Salt Retrived Hash unsuccessful EDIT: Ran some tests.. function runHash() outputConsole(lowermd5(salt).." "..lowermd5(password)) outputConsole(lowermd5(lowermd5(salt)..lowermd5(password))) local hash = lowermd5(lowermd5(salt)..lowermd5(password)) outputConsole(hash.." == "..mysqlhash) if hash == mysqlhash then outputChatBox("Hash successful") else outputChatBox("Hash unsuccessful") end end bf4bfa3a257801dcb7ef8a2bba26bec6 d41d8cd98f00b204e9800998ecf8427e 3cbf7f5d17b17431099e2f5fabddc692 3cbf7f5d17b17431099e2f5fabddc692 == b8d93637ad8abd6e0201003678da0111 Hash unsuccessful Link to comment
.:HyPeX:. Posted January 9, 2015 Author Share Posted January 9, 2015 Hello, so far apparently hash is unsuccessful. Oh i'm an idiot, i didnt set the password field.. Link to comment
Syntrax# Posted December 22, 2015 Share Posted December 22, 2015 Hello, so far apparently hash is unsuccessful. Oh i'm an idiot, i didnt set the password field.. Attempt to concatenate global 'mysqlhash' (a nil value) Link to comment
Syntrax# Posted June 18, 2016 Share Posted June 18, 2016 Hello, so far apparently hash is unsuccessful. Oh i'm an idiot, i didnt set the password field.. Attempt to concatenate global 'mysqlhash' (a nil value) Bump, can anyone help me out please? Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now