Integration with Vbulletin 3

[bdog]

Hello.

It seems VBulletin 3 changed the way passwords are stored. Rather then using straight MD5, they modified it to be more secure.

Because of this, I cant use the login integration.

Here is a thread discussing it:

http://www.vbulletin.com/forum/showthread.php?t=101778&

Any idea if this could be modified in the Chat software?

I already talked to vox, and he is working on it - but thought I would put some more information about it.

Edit: I found the algorithm used to store password

md5(md5($password) + $salt)

where

md5 is the function to hash text
$password = the clear text password
$salt = random set of chars stored in the database in a field called salt
+ is a string concatention operator

========================

Two things you can do:

#1) Add custom options for vbulletin
#2) Add custom options to allow you to edit the actual query from the database

IE. in the file mysql.xml

<!-- custom query
Query to return the user id. -->
<query>

SELECT * FROM user WHERE username=$user AND password = MD5(CONCAT(MD5($pass), salt))

</query>

In the above example:
$user = username sent to chat
$pass = password sent to chat


Finally, I hope this is possible - Vbulletin has a lot of users and large community. You can advertise you chat integration in their forums once you have good integratoin.

Http://www.vbulletin.org

Http://www.vbulletin.com

[imported_admin]

Thnaks for your infomation!

We'll add this custom query tag in our later version , I think it's very use for some special user system, like vbb.

In our new version 2.0, there is a way to integrate vbb database.

1) edit fcserver.xml, change
<integrated-other-database>URL</integrated-other-database>

2) create a php file with the below code, and upload to your vbb web dir, and fill the auth-url tag in fcserver.xml like this:<auth-url>http://your_vbb_url/yourscript.php?u...rd%/<auth-url>

php

Code:

<?php

include "./includes/config.php";

$LOGIN_SUCCESS = 0;
$LOGIN_PASSWD_ERROR = 1;
$LOGIN_NICK_EXIST = 2;
$LOGIN_ERROR = 3;
$LOGIN_ERROR_NOUSERID = 4;
$LOGIN_SUCCESS_ADMIN = 5;
$LOGIN_NOT_ALLOW_GUEST = 6;
$LOGIN_USER_BANED = 7;

$db = new sql_db($servername, $dbusername, $dbpassword, $dbname, false);

if(!$db->db_connect_id)
{
   echo $LOGIN_ERROR;
   exit;
}


$username = isset($HTTP_GET_VARS['username']) ? trim(htmlspecialchars($HTTP_GET_VARS['username'])) : '';
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$password = isset($HTTP_GET_VARS['password']) ? $HTTP_GET_VARS['password'] : '';

$sql = "SELECT salt, password FROM " . $tableprefix . "user WHERE username = '".$username."'";

//echo $sql;exit;

if ( !($result = $db->sql_query($sql)) )
{
echo $LOGIN_ERROR."dd";
exit;
}

if( $row = $db->sql_fetchrow($result) )
{
$db_password = $row['password'];

if ($password == $db_password)
{
echo $LOGIN_SUCCESS;
exit;
}
else if (md5((md5($password) . $row['salt'])) == $db_password)
{
echo $LOGIN_SUCCESS;
exit;
}
else
{
echo $LOGIN_PASSWD_ERROR;
exit;
}


}
else
{
echo $LOGIN_ERROR_NOUSERID;
exit;
}


class sql_db
{

var $db_connect_id;
var $query_result;
var $row = array();
var $rowset = array();
var $num_queries = 0;
var $in_transaction = 0;

//
// Constructor
//
function sql_db($sqlserver, $sqluser, $sqlpassword, $database, $persistency = true)
{
$this->persistency = $persistency;
$this->user = $sqluser;
$this->password = $sqlpassword;
$this->server = $sqlserver;
$this->dbname = $database;

$this->db_connect_id = ($this->persistency) ? mysql_pconnect($this->server, $this->user, $this->password) : mysql_connect($this->server, $this->user, $this->password);

if( $this->db_connect_id )
{
if( $database != "" )
{
$this->dbname = $database;
$dbselect = mysql_select_db($this->dbname);

if( !$dbselect )
{
mysql_close($this->db_connect_id);
$this->db_connect_id = $dbselect;
}
}

return $this->db_connect_id;
}
else
{
return false;
}
}

//
// Other base methods
//
function sql_close()
{
if( $this->db_connect_id )
{
//
// Commit any remaining transactions
//
if( $this->in_transaction )
{
mysql_query("COMMIT", $this->db_connect_id);
}

return mysql_close($this->db_connect_id);
}
else
{
return false;
}
}

//
// Base query method
//
function sql_query($query = "", $transaction = FALSE)
{
//
// Remove any pre-existing queries
//
unset($this->query_result);

if( $query != "" )
{
$this->num_queries++;
if( $transaction == BEGIN_TRANSACTION && !$this->in_transaction )
{
$result = mysql_query("BEGIN", $this->db_connect_id);
if(!$result)
{
return false;
}
$this->in_transaction = TRUE;
}

$this->query_result = mysql_query($query, $this->db_connect_id);
}
else
{
if( $transaction == END_TRANSACTION && $this->in_transaction )
{
$result = mysql_query("COMMIT", $this->db_connect_id);
}
}

if( $this->query_result )
{
unset($this->row[$this->query_result]);
unset($this->rowset[$this->query_result]);

if( $transaction == END_TRANSACTION && $this->in_transaction )
{
$this->in_transaction = FALSE;

if ( !mysql_query("COMMIT", $this->db_connect_id) )
{
mysql_query("ROLLBACK", $this->db_connect_id);
return false;
}
}

return $this->query_result;
}
else
{
if( $this->in_transaction )
{
mysql_query("ROLLBACK", $this->db_connect_id);
$this->in_transaction = FALSE;
}
return false;
}
}

//
// Other query methods
//
function sql_numrows($query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

return ( $query_id ) ? mysql_num_rows($query_id) : false;
}

function sql_affectedrows()
{
return ( $this->db_connect_id ) ? mysql_affected_rows($this->db_connect_id) : false;
}

function sql_numfields($query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

return ( $query_id ) ? mysql_num_fields($query_id) : false;
}

function sql_fieldname($offset, $query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

return ( $query_id ) ? mysql_field_name($query_id, $offset) : false;
}

function sql_fieldtype($offset, $query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

return ( $query_id ) ? mysql_field_type($query_id, $offset) : false;
}

function sql_fetchrow($query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

if( $query_id )
{
$this->row[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC);
return $this->row[$query_id];
}
else
{
return false;
}
}

function sql_fetchrowset($query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

if( $query_id )
{
unset($this->rowset[$query_id]);
unset($this->row[$query_id]);

while($this->rowset[$query_id] = mysql_fetch_array($query_id, MYSQL_ASSOC))
{
$result[] = $this->rowset[$query_id];
}

return $result;
}
else
{
return false;
}
}

function sql_fetchfield($field, $rownum = -1, $query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

if( $query_id )
{
if( $rownum > -1 )
{
$result = mysql_result($query_id, $rownum, $field);
}
else
{
if( empty($this->row[$query_id]) && empty($this->rowset[$query_id]) )
{
if( $this->sql_fetchrow() )
{
$result = $this->row[$query_id][$field];
}
}
else
{
if( $this->rowset[$query_id] )
{
$result = $this->rowset[$query_id][$field];
}
else if( $this->row[$query_id] )
{
$result = $this->row[$query_id][$field];
}
}
}

return $result;
}
else
{
return false;
}
}

function sql_rowseek($rownum, $query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

return ( $query_id ) ? mysql_data_seek($query_id, $rownum) : false;
}

function sql_nextid()
{
return ( $this->db_connect_id ) ? mysql_insert_id($this->db_connect_id) : false;
}

function sql_freeresult($query_id = 0)
{
if( !$query_id )
{
$query_id = $this->query_result;
}

if ( $query_id )
{
unset($this->row[$query_id]);
unset($this->rowset[$query_id]);

mysql_free_result($query_id);

return true;
}
else
{
return false;
}
}

function sql_error()
{
$result['message'] = mysql_error($this->db_connect_id);
$result['code'] = mysql_errno($this->db_connect_id);

return $result;
}

} // class sql_db

?>

[bdog]

Cool !!!

Thanks guys. Ill try this out. I was actually gonna try to play with the URL method of authorization next.

[NANO]

Daniel, your method dont work for me

please help.

I have vb 3.0.1

[NANO]

BUMP!

please help, i need integrate the chat with my vbulletin.

[imported_admin]

NANO , could you give some more detail ?

[NANO]

your connection php works ok, but when i try to login in the chat, this is the problem...




Help me please.

[imported_admin]

to NANO:

could you write your chat url and a test account of your vbulletin to support@123flashchat.com , I'll check for you.

[digicreations]

Im getting the same error also. Has any got past this error?

[Skaterscafe.com]

So, does 123Flash Chat work with vB 3.0?

I have vB running now and want to add chat, I really like the look of this software be will it work?

Ray