07-22-2014, 11:05 PM
Hi everyone,
what I am trying to do is this: I have a service for which people create accounts and I want to provide a forum in which they can ask questions and give feedback. Now I would like to make it so that they automatically get an account for the forum once they register for my service and I would also like to make it so that they can only manage their account from my service resulting in them always having the same login-credentials for both.
For now I am concerned with creating an account on a myBB forum from a PHP script.
Looking through the tables myBB creates I so far have a created a method that takes the hashes password I generate using password_hash in PHP and taken the salt and hashed value from it. I inserted that together with a username and email into the mybb_users table. With that however I could not log in. After copy pasting the salt and password-hash from another user already in the table I could login. So I am guessing that I am doing something wrong with converting my hash to the one needed for myBB.
The password is generated using password_hash("password string", PASSWORD_BCRYPT) and $fdb is a mysqli based connection to the database of the forum. $password may look like "$2y$10$H66rqcmjTxu.rOo3JgoXq.zegE1V.yDouAqXyPu5bB25tEKShNjxO" for "12" as a password.
"$2y$10$" is the algorithm and the cost used to generate the hash.
The next 22 characters should be the salt and the last the hash.
What could I be doing wrong here?
Also:
Can I have two users in myBB with the same username? As I would like to use the first name of a user for their username.
Thanks for reading through this and for helping
what I am trying to do is this: I have a service for which people create accounts and I want to provide a forum in which they can ask questions and give feedback. Now I would like to make it so that they automatically get an account for the forum once they register for my service and I would also like to make it so that they can only manage their account from my service resulting in them always having the same login-credentials for both.
For now I am concerned with creating an account on a myBB forum from a PHP script.
Looking through the tables myBB creates I so far have a created a method that takes the hashes password I generate using password_hash in PHP and taken the salt and hashed value from it. I inserted that together with a username and email into the mybb_users table. With that however I could not log in. After copy pasting the salt and password-hash from another user already in the table I could login. So I am guessing that I am doing something wrong with converting my hash to the one needed for myBB.
Code:
private function createForumAccount($firstName, $email, $password) {
//Prepare entries
$hash = substr($password, 29);
$salt = substr($password, 7, 22);
//Connect to forum Database
global $fdbName;
$fdb = new DatabaseConnector($fdbName);
//Insert information
$query = "INSERT INTO mybb_users (username, password, salt, email) VALUES ('$firstName', '$hash', '$salt', '$email')";
$fdb->query($query);
}The password is generated using password_hash("password string", PASSWORD_BCRYPT) and $fdb is a mysqli based connection to the database of the forum. $password may look like "$2y$10$H66rqcmjTxu.rOo3JgoXq.zegE1V.yDouAqXyPu5bB25tEKShNjxO" for "12" as a password.
"$2y$10$" is the algorithm and the cost used to generate the hash.
The next 22 characters should be the salt and the last the hash.
What could I be doing wrong here?
Also:
Can I have two users in myBB with the same username? As I would like to use the first name of a user for their username.
Thanks for reading through this and for helping
