• Registered: 2009-12-06
  • Posts: 3

Topic: Use the users DB in another website

Hello,

I'm making a little webchat on another website, and I would that users can log in with the same user and login as the forum.
I know that in the DB, there is a password hashed and a salt.
But I really don't know how to verify if the password that enter the user match to the password in the DB.

If anybody can help me, I'll be very happy tongue

Thanks, Ephelia

  • Slavok
  • PunBB Developer
  • Offline
  • From: Russia
  • Registered: 2008-06-11
  • Posts: 1,238

Re: Use the users DB in another website

Study the code of "cookie_login" function in the "<FORUM_ROOT>/include/functions.php" file.

Slavok's Website

  • Registered: 2009-12-06
  • Posts: 3

Re: Use the users DB in another website

I found this in the code :

sha1($forum_user['salt'].$forum_user['password'].forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))

I know that :

$forum_user['salt'] is the "salt" in the database
$forum_user['password'] is the password that enter the user when he's logging in

But this line is not very clear :

forum_hash(intval($cookie['expiration_time']), $forum_user['salt'])

I don't know why there is a cookie... I don't understand the utility of this...

  • From: Russia
  • Registered: 2009-11-17
  • Posts: 56

Re: Use the users DB in another website

Try redirecting the user to the forum login page, and after authentication redirect him to the chat page.

  • Registered: 2009-12-06
  • Posts: 3

Re: Use the users DB in another website

Yeah but I really don't want to use some php pages. I juste want to use the database.

I think to authentify the users, some informations are hashed with sha1 (or anything else) and then, we get a hashed string.
Finally, we just need to compare it to the hashed string in the "password" field of the DB.
If the hashed string match, the user is authentified, else, the user isn't authentified.

So my problem is, I don't know which value I need to hash to be able to compare it to the DB value.

I'm not sure to have explained correctly my problem '^^
So please, excuse me smile

  • From: Russia
  • Registered: 2009-11-17
  • Posts: 56

Re: Use the users DB in another website

Cookie consists of blocks: `user_id`, `password_hash`, `expiration_time`, `expire_hash` split `|`.

Cookie is encoded in MIME base64.

'expire_hash' is calculated as follows:

$cookie['expire_hash'] = sha1($forum_user['salt'].$forum_user['password'].forum_hash(intval($cookie['expiration_time']), $forum_user['salt'])));

The function 'forum_hash($str, $salt)' returns:

return sha1($salt.sha1($str));