Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Sign In
Not a member yet? Click here to register.

[req] Simple auth script for other applications to access fusion's database

I need a simple authorization script for php fusion, that simply would check if the user exists under a password in the get thing on the url. For example the other application goes to http://php.jellybeangamer.com/auth.php?username=admin&password=secretpassword and then it wold output user exists or user does not exist.

I tried tracking down the regular login.php file, then came to maincore.php, which lead me to Authenticate.class.php, but I couldn't make out how to make a seperate script from there. Any ideas?
CodeDownload  
function userExistsAndValidPassword ($name, $password) {
$query = dbquery("SELECT user_algo, user_salt, user_password FROM ".DB_USERS." WHERE user_name='".$name."'");
if (dbrows($result)) {
$data = dbarray($result);
$hash = hash_hmac($data['user_algo'], $password, $data['user_salt']);
if ($hash == $data['user_password']) {
return true;
}
}
return false;
}



Sorry, it's just written in reply form... you can use this function... it returns true, when the user exists and the password is correct. Please check the $_GET vars for proper input first.

Quote

gh0st2k wrote:

CodeDownload  
function userExistsAndValidPassword ($name, $password) {
$query = dbquery("SELECT user_algo, user_salt, user_password FROM ".DB_USERS." WHERE user_name='".$name."'");
if (dbrows($result)) {
$data = dbarray($result);
$hash = hash_hmac($data['user_algo'], $password, $data['user_salt']);
if ($hash == $data['user_password']) {
return true;
}
}
return false;
}



Sorry, it's just written in reply form... you can use this function... it returns true, when the user exists and the password is correct. Please check the $_GET vars for proper input first.


thanks! I see what I can work from this to get what I would like!

Merged on Jul 20 2011 at 16:20:27:
I've got this sofar, but I can only get it to output valid:
[syntaxhighlighter brush=php,first-line=1,highlight=0,collapse=false,html-script=false]<?php
// auth script
$authname = $_GET['username'];
$authpassword = $_GET['password'];
require_once "maincore.php";
$query = dbquery("SELECT user_algo, user_salt, user_password FROM ".DB_USERS." WHERE user_name='".$authname."'");
if (dbrows($result)) {
$data = dbarray($result);
$hash = hash_hmac($data['user_algo'], $authpassword, $data['user_salt']);
if ($hash == $data['user_password']) {
echo "valid";
}
} else {
echo "invalid";
}
?>[/syntaxhighlighter]
CodeDownload  
<?php
require_once "maincore.php";
$authname = stripinput($_GET['username']);
$authpassword = stripinput($_GET['password']);
$return = "invalid";
$query = dbquery("SELECT user_algo, user_salt, user_password FROM ".DB_USERS." WHERE user_name='".$authname."'");
if (dbrows($query)) {
   $data = dbarray($query);
   $hash = hash_hmac($data['user_algo'], $authpassword, $data['user_salt']);
   if ($hash == $data['user_password']) {
      $return = "valid";
   }
}
echo $return;
?>

Thread Information
Author
Replies
4 posts
Views
1,964 times
Last Post
Last updated on 8 years ago
Related Threads
You can view all discussion threads in this forum.
You cannot set up a bounty in this discussion thread.
You can start a new discussion thread in this forum.
You cannot reply in this discussion thread.
You cannot start on a poll in this forum.
You cannot upload attachments in this forum.
You can download attachments in this forum.
You cannot up or down-vote on the post in this discussion thread.
Users who participated in discussion: gh0st2k, Jellybellys