Verifies username/password combo for a MyBB user, and checks if they are in a specific group.

MyBBAuth.php

<?php
require_once('./db.php'); // Your pdo sql datbase file
if(!isset($_GET['username']) || !isset($_GET['password']))
	die('null');

$user = $_GET['username'];
$pass = $_GET['password'];

// TABLENAME = Your mybb sql table name
$usr = $db->prepare("SELECT username FROM TABLENAME WHERE username=:u LIMIT 1");
$usr->execute(array(":u" => $user));

$result = $usr->fetch(PDO::FETCH_ASSOC);

if(count($result) == 0 || empty($result))
	die('Invalid user.');

$pw = $db->prepare("SELECT salt,password,usergroup FROM mybb_users WHERE username=:u LIMIT 1");
$pw->execute(array(":u" => $user));

$result = $pw->fetch(PDO::FETCH_ASSOC);

if(count($result) == 0 || empty($result))
	die('Invalid password.');

$salt = $result["salt"];
$dbPass = $result["password"];
$pass = md5(md5($salt).md5($pass));

if(!hash_equals($dbPass, $pass))
	die('Invalid password.');

// Check subscription
// Usergroup numbers may vary.
if($result['usergroup'] != 8 && $result['usergroup'] != 4) // subscriber or admin
	die('No subscription');

die('valid'); // valid mybb user with "subscription" or admin status
?>