eq1987 wrote:Point taken. Although, I still want to try to integrate the forum to my user system, otherwise i have to pay someone to use IPB(which suxors).
People usually do the opposite, i.e. integrate their site with the user system in PunBB :)
eq1987 wrote:This is probably the most confusing part, because i dont deal with cookies often.
$cookie['password_hash'])
What exactly is password_hash?
A hash is the result of a checksum function such as MD5 or SHA1. When someone registers, they enter a password. Lets say I just registered and I entered 'mypassword' as my password. What then happens is that PunBB checks to see if it has access to the sha1() function (PHP 4.3.0+). If it does, it uses it. Otherwise, it uses md5(). In our case, lets say the sha1() function doesn't exist, so we'll use md5(). PunBB will call md5() with the parameter 'mypassword' and it will return a hash of that password. It will return 34819d7beeabb9260a5c854bc85b3e44. This hash is then stored in the database as my password hash. The real password is never stored. Then, when I try to login, PunBB will run md5() on the password I enter in the login form and compare the hash it gets with the hash that is stored in the database. If they match, I entered the correct password. Finally, the password hash is stored together with my username in a cookie so that I don't have to login every time I visit the forums.
eq1987 wrote:When a user logins in at login.php, does he/she send a cookie to his/her computer, which password_hash as their password? Which i believe is correct.
That sentence is weird. When someone logs in via login.php, the script calls setcookie() that outputs the appropriate headers to set a cookie on the client computer.
eq1987 wrote:The thing is, i dont understand *where* the code is that is sending the cookie with all the information.
You've got it all backwards. That is done automatically via the HTTP protocol. You don't have to ask a clients browser to send the cookie information, it's sent regardless.
"Programming is like sex: one mistake and you have to support it for the rest of your life."