Created
February 26, 2019 04:51
-
-
Save ethan-gallant/4bdfdee182574313fa9dc111cc4ccdee to your computer and use it in GitHub Desktop.
Xenforo Authentication Script to get user groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
$servername = ""; | |
$username = ""; | |
$password = ""; | |
$database = ""; | |
// Create connection | |
$conn = new mysqli($servername, $username, $password, $database); | |
// Check connection | |
if ($conn->connect_error) { | |
die("Connection failed: " . $conn->connect_error); | |
} | |
function getUserGroup($id, $conn){ | |
$stmt = $conn->prepare("select user_group_id from xf_user_group_relation where user_id = ? and is_primary = 1"); | |
$stmt->bind_param('i', $id); | |
$stmt->execute(); | |
$stmt->bind_result($groups); | |
$stmt->store_result(); | |
$stmt->fetch(); | |
$stmt->close(); | |
return $groups; | |
} | |
function getUserPasswordHash($id, $conn) | |
{ | |
$stmt = $conn->prepare("select data from xf_user_authenticate where user_id = ?"); | |
$stmt->bind_param('i', $id); | |
$stmt->execute(); | |
$stmt->bind_result($messhash); | |
$stmt->store_result(); | |
$stmt->fetch(); | |
$password = substr($messhash, 22, -3); | |
$stmt->close(); | |
return $password; | |
} | |
function getUserID($username, $conn){ | |
$stmt = $conn->prepare("select user_id from xf_user where username = ?"); | |
$stmt->bind_param('s', $username); | |
$stmt->execute(); | |
$stmt->bind_result($userid); | |
$stmt->store_result(); | |
$stmt->fetch(); | |
$stmt->close(); | |
return $userid; | |
} | |
function checkUserPasswordHash($hash, $password){ | |
if(strlen($hash) < 5){ | |
die("This user has not setup a password"); | |
} | |
return password_verify($password, $hash); | |
} | |
$username = $_REQUEST['username']; | |
$password = $_REQUEST['password']; | |
if(!$username || !$password){ | |
die("All required parameters were not supplied"); | |
} | |
$userid = getUserID($username, $conn); | |
$passwordHash = getUserPasswordHash($userid, $conn); | |
$correctPass = checkUserPasswordHash($passwordHash,$password); | |
if(!$correctPass){ | |
die("Credentials enterd do not match our records."); | |
} | |
echo getUserGroup($userid, $conn); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment