[SELF RESOLVED] PHPBB3 login hack

Looking for a MOD? Have a MOD request? Post here for help. (Note: This forum is community supported; phpBB does not have official MOD authors)
Scam Warning
Locked
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

[SELF RESOLVED] PHPBB3 login hack

Post by elegos »

Hello there!

I'm wondering if it's possible to use the same username and password of the forum on another system. I've tried to figure out from the login screen (ucp.php), but I've never seen a code so complex, and I haven't gone far from this file...

My idea is to check (i.e. "login") if a user is the owner of an account, and then abilitate himself to view another page... so a simple user/password check.

Would it be possible directly linking an include and get a function? Which function? And what are the values needed?


Another thing would be registering an account from another website (accessing to the forum's DB and files)... I think I've found the function (user_add), but I don't know which variables I must put in the array $user.

Thanks :)

- elegos
Last edited by elegos on Tue Sep 30, 2008 7:58 pm, edited 1 time in total.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

This article: http://www.phpbb.com/kb/article/add-a-n ... -to-phpbb/ tells how to use the phpBB login on an extrenal php page.
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

Thank you for the link.

But I'm still confused...

The function should be:

Code: Select all

    if ($user->data['user_id'] == ANONYMOUS)
    {
        login_box('', $user->lang['LOGIN']);
    } 
Right? So I should first call up these lines:

Code: Select all

    <?php
    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);

    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();

    page_header('Title Here');

    $template->set_filenames(array(
        'body' => 'yourpage_body.html',
    ));

    make_jumpbox(append_sid("{$phpbb_root_path}viewforum.$phpEx"));
    page_footer();
    ?>
But isn't this just a phpBB3 page template? May I make a simplier page? I don't think I need, for example, the $template variable, as like as the page_header, make_jumpbox, page_footer functions, but I could be wrong.

Thanks
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

If all you want to do is check if the user is logged in, and then do the login box if they arent, all you have to do is the lines through the
$user->setup();
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

So till the $user->setup()?

And what about the include? It's particularly obscure to know what to put there...

Thanks
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

If you dont include the common, you will not have any of the phpbb code.
The "obscure" part is what to put at the end of the phpbb_root_path definition. That "./" should be replaced with the relative path from your new script to the forum's root path.
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

I've tried to do this simple code:

Code: Select all

<?php
    define('IN_PHPBB', true);
    $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : '/home/elegos/web/htdocs/forum/';
    $phpEx = substr(strrchr(__FILE__, '.'), 1);
    include($phpbb_root_path . 'common.' . $phpEx);

    // Start session management
    $user->session_begin();
    $auth->acl($user->data);
    $user->setup();

    page_header('Title Here');
	
	if ($user->data['user_id'] == ANONYMOUS)
	{
		login_box('', $user->lang['LOGIN']);
	} 
?>
well, the login page without template was generated, I've put a valid user and password and it sent me to (mysite)/home/elegos/web/htdocs/forum/ucp.php?mode=login&sid=c15a0ce0caaa80ed29165d773e5b4472

Now... I only want to create my own login form and check if it's a valid user or not, not linking to the forum... (also because the forum is on a different subdomain than the site).

Thanks
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

elegos wrote: it sent me to (mysite)/home/elegos/web/htdocs/forum/
Well.... that is what you put in the root path.
It is supposed to be a relative path, not an absolute one.
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

uhm... they're on two separated subdomains, the first one is www. , the second one is forum. ...

I don't want to log in into the forum...

Maybe you misunderstood me...
I want to create a simple form (which I want to make it by my own) sending username and password to a function of phpBB, which only have to validate the login... if username and password are right, it's all ok, otherwise not...

In other terms: which functions must I use to 'transform' the password sent via the form to a 'phpBB3-valid' one?

I see in the DB table there are just a username and password columns... well, I only want to compare the passwords, the one present in the database and the one sent and previously transformed.

Thanks :)
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

Your other "function" would have to be one the same Internet domain as your forum to use its login.
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

Can't I simply include the required function phpBB3 php files and use the same functions phpBB3 uses to convert the passwords? Site and forum are on the same machine, I don't know why you continue saying I must cooperate with the phpBB3 forum... can't you simply point me where, in the code, the password is encoded?

Thanks.
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: PHPBB3 login hack

Post by Brf »

The phpbb session is stored in a cookie. If you are not in the same domain as the forum, it will not store that cookie properly.
elegos
Registered User
Posts: 22
Joined: Mon Dec 24, 2007 12:34 pm

Re: PHPBB3 login hack

Post by elegos »

Again, you continue saying I MUST use the phpBB3 front-end to login. It is not necessary. I managed to create an external login php script, I've found the function I was searching for: phpbb_check_hash.

Here it is a very simple example:

Code: Select all

<?php
	define("IN_PHPBB",true);
	require_once("/PATH/TO/PHPBB/includes/functions.php");
	
	$mh = "localhost";	// MySQL Host
	$mu = "root";		// MySQL User
	$mp = "*********";	// MySQL Password
	$md = "my_forums";	// MySQL Database (phpBB3)
	$mpx = "phpbb";		// MySQL phpBB prefix


	$loginForm =  "<form action='?a=login' method='post'><br />\n";
	$loginForm .= "\t<input type='text' name='username' /><br />\n";
	$loginForm .= "\t<input type='password' name='password' /><br />\n";
	$loginForm .= "\t<input type='submit' value='Log in' /><br />\n";
	$loginForm .= "</form><br />\n";


	$action = $_GET['a'];
	
	if($action == null)
		echo $loginForm;
	if($action == "login")
	{		
		$mysql = mysql_connect($mh,$mu,$mp,true) or die(mysql_error());
		mysql_select_db($md) or die(mysql_error());

		$username = mysql_real_escape_string($_POST['username']);
		$password = mysql_real_escape_string($_POST['password']);
		
		if($username == "" || $password == "") die("Username or password where left blank!<br />".$loginForm);
		
		$query = "SELECT `user_password` FROM `".$mpx."_users` WHERE `username` = '$username' LIMIT 1";
		$sql = mysql_query($query,$mysql) or die(mysql_error());
		$num = mysql_affected_rows();
		if($num < 1) die("User not found!<br />".$loginForm);
		mysql_close($mysql);
		
		$row = mysql_fetch_array($sql) or die(mysql_error());
		
		if(phpbb_check_hash($password,$row['user_password'])) echo "Login success!";
		else echo "Login failure!";
	}
?>
Just replace these variables and lines:
require_once("/PATH/TO/PHPBB/includes/functions.php");
$mh, $mu, $mp, $md, $mpx
User avatar
Brf
Support Team Member
Support Team Member
Posts: 52171
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: [SELF RESOLVED] PHPBB3 login hack

Post by Brf »

I did not say you had to use the phpBB front-end.
You said you wanted to use login_box() and wanted to know what other code you needed for it.

There is also a difference between checking a username/password and checking whether someone is already logged in.
Heilong
Registered User
Posts: 5
Joined: Wed Sep 03, 2008 9:40 am

Re: [SELF RESOLVED] PHPBB3 login hack

Post by Heilong »

Hi,

I'd like to use your code to do quite the same thing.

I need to do something like if the user is not registered he cannot access nor see anything of the board, he needs to log in with a customised log in password form made by myself.
Then he's able to see the board, post, and write information ...

Is this code working good, and where I need to put it, in which file ? to do exactly what I need.

Thanks for your help,
Locked

Return to “[3.0.x] MOD Requests”