Page 1 of 1

Integrating another php script to use phpbb's users

Posted: Thu Apr 24, 2008 11:58 pm
by ModemGuru
I am using a php script called WSNLinks that utilizes my username/password database from phpbb2. It is very easy to set up the integration, but I'm having difficulty integrating it with phpbb3. It is all done via the admin interface and as I don't really know php/mysql (can edit and fumble about, but not much further) I'm having some trouble.

When integrating I am presented with:

Code: Select all

Are passwords encoded in a manner other than the password encoding type you've selected in your settings?

If you answered yes to the above question, type the method for transforming an input of $userpassword into an encoded $password. This can be made complex if necessary, but here's a simple example:
$password = base64encode($userpassword);
Can anyone help me figure out what I would need to input in order to send the proper hash value to the login script in order to authenticate? (ie: How do I encode $userpassword into phpbb3's $password?)

Thank you for any assistance you can provide,
Brad

Re: Integrating another php script to use phpbb's users

Posted: Fri Apr 25, 2008 12:56 am
by Noxwizard
phpBB uses its own hashing function for this, phpbb_hash() from includes/functions.php.

Re: Integrating another php script to use phpbb's users

Posted: Fri Apr 25, 2008 1:59 pm
by ModemGuru
Noxwizard wrote:phpBB uses its own hashing function for this, phpbb_hash() from includes/functions.php.
Right, I see there is a phpbb_hash, phpbb_check_hash, _hash_gensalt_private, _hash_encode64, and _hash_crypt_private, but looking over that information I'm just not sure how to get from point A (user entered password $userpassword) to point B ($password to check against hashed value). It probably isn't terribly difficult for someone fluent in php, but unfortunately that I am not.

Re: Integrating another php script to use phpbb's users

Posted: Fri Apr 25, 2008 5:20 pm
by Noxwizard
Here's an example of checking an entered password:

Code: Select all

    define('IN_PHPBB', true);
    $phpbb_root_path = './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);

    //Look up the hashed password
    $sql = 'SELECT user_password
        FROM ' . USERS_TABLE . "
        WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'";
    $result = $db->sql_query($sql);
    $row = $db->sql_fetchrow($result);
    $db->sql_freeresult($result);
    
    //If we found the user and its password, compare the passwords
    if($row)
    {
        if(phpbb_check_hash($password, $row['user_password']))
        {
            echo "Password Match!";
        }
        else
        {
            echo "Password Mis-match!";
        }
    }
    else
    {
        echo "User not found!";
    }

}
 

Re: Integrating another php script to use phpbb's users

Posted: Mon Apr 28, 2008 2:31 pm
by ModemGuru
I've spoken with the script designer (for WSNLinks) and he said that there are too many conflicts to include the phpBB functions/script as a whole. He has asked me to ask if there is a way to transform the typed value into the database's user_password value without using phpBB.

Thanks,
Brad

Re: Integrating another php script to use phpbb's users

Posted: Mon Apr 28, 2008 3:56 pm
by T0ny
You could take the functions

phpbb_check_hash()
_hash_crypt_private()
_hash_encode64()

and copy them into their own php file. That way you wouldn't have to include all of functions.php in your script