Skip to content

Instantly share code, notes, and snippets.

@ethan-gallant
Created February 26, 2019 04:51
Show Gist options
  • Save ethan-gallant/4bdfdee182574313fa9dc111cc4ccdee to your computer and use it in GitHub Desktop.
Save ethan-gallant/4bdfdee182574313fa9dc111cc4ccdee to your computer and use it in GitHub Desktop.
Xenforo Authentication Script to get user groups
<?php
$servername = "";
$username = "";
$password = "";
$database = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $database);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
function getUserGroup($id, $conn){
$stmt = $conn->prepare("select user_group_id from xf_user_group_relation where user_id = ? and is_primary = 1");
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->bind_result($groups);
$stmt->store_result();
$stmt->fetch();
$stmt->close();
return $groups;
}
function getUserPasswordHash($id, $conn)
{
$stmt = $conn->prepare("select data from xf_user_authenticate where user_id = ?");
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->bind_result($messhash);
$stmt->store_result();
$stmt->fetch();
$password = substr($messhash, 22, -3);
$stmt->close();
return $password;
}
function getUserID($username, $conn){
$stmt = $conn->prepare("select user_id from xf_user where username = ?");
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->bind_result($userid);
$stmt->store_result();
$stmt->fetch();
$stmt->close();
return $userid;
}
function checkUserPasswordHash($hash, $password){
if(strlen($hash) < 5){
die("This user has not setup a password");
}
return password_verify($password, $hash);
}
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
if(!$username || !$password){
die("All required parameters were not supplied");
}
$userid = getUserID($username, $conn);
$passwordHash = getUserPasswordHash($userid, $conn);
$correctPass = checkUserPasswordHash($passwordHash,$password);
if(!$correctPass){
die("Credentials enterd do not match our records.");
}
echo getUserGroup($userid, $conn);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment