UBB.threads PHP Forum Software Community Forums UBB.threads 6 Version 6 Support Verifying a user from a cgi script?

I'm tring to use a single registration system for UBBT and PhotoPost. I have all the code in place; however, at the last minute I figured out that UBBT encrupts the password in the MySQL database (using the PHP crypt command).

So, I was wondering: Is there a way to run a verify on the password entered and the encrypted password stored in the database from a cgi script?

PicPost can interface with vB; so, does UBBT use "MD5 encruption"?

From PicPost: "vBulletin uses MD5 encryption to encrypt passwords and generate a string of characters to store in the database. When a user logs in, the password they supply is encrypted and compared to the stored encrypted string that corresponds to that username. PhotoPost works with vB's encrypted strings because Perl comes with Digest::MD5, which can duplicate the process."

How does photo post want to receive it's authentication?

Regards,

Brett Harris
Infopop Corporation

That is a great question - let's ask Rick Baker to comment for us.

Regards,

Brett Harris
Infopop Corporation

My short amoutn of research says that UBBT uses DES encryption. vB uses MD5 which PP accesses using Digest::MD5

I found a Crypt::DES perl module; but I cant find any documentation on how to use it.

I posted a MD5 modification for UBBThreads at Threadsdev:
http://www.threadsdev.com/threads/php/showflat.php?Cat=&Board=phpcustomizing&Number=44451

However this modification is unofficial and not supported by Infopop.

Thank you.

I think I would prefer to do it the other way around; that is, figure out how to get the Perl script to execute a "crypt()" command to see if the password matches what is in the database.

This way I do not have issues with the 13,000+ registered users I already have.

Wow - good deal - thank you Philipp!

Regards,

Brett Harris
Infopop Corporation

You can do a compare on an encrypted password with something like this. $Password is the password the user typed in. $pass is the encrypted password retrieved in the database.

if (crypt($Password,$pass) != $pass) {
print "Bad Password";
}

-------------------
Rick Baker
UBBThreads developer

Except that the compare has to be done inside the Perl script; which doesnt have a "crypt" function to call (or did I miss something?). I tried using the Crypt::DES functions, but that didnt help.

However, I did get the system working. Since I had just moved my UBB members into the UBBT database; I simply modified the UBBIMPORT script to convert the passwords to MD5 format. That converted the 13,000+ users and only lost a couple people who had signed up in the little time the baord was active.

So, now the users can move freely between the two features without having to register for two accounts or login twice.

Thanks for your help!

I tried it out. crypt() seems to work fine in Perl as well.

</font><blockquote><font size="1" face="">code:</font><hr /><pre style="font-size:x-small; font-family: monospace;">if (crypt($Password,$pass) ne $pass) {
print "Bad Password";
}[/code]</blockquote><font size="" face="">

hmmm..... i'll try it again; although it's a bit late at this point.... but might be useful for anyone else wanting to integrate PicPost into UBBT.

Maybe I had the syntax a little messed up; but I thought for sure I tried it like that.