|
|
Joined: Sep 2003
Posts: 16
Newbie
|
|
Newbie
Joined: Sep 2003
Posts: 16 |
I am writing a couple database applications for my site, and I want to be able to check if a user is logged in and if so, what his username is. If not logged in, I want to deny access to my applications. Can anybody point me to a thread or document that explains how I can interact with UBB Threads cookies to do this sort of thing?
Thanks,
Trav
|
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
This is quite easy - you'll be interested in two cookies: w3t_myid and w3t_key. myid contains the user number. key contains an md5 hash of the user number + the password as stored in the database (i.e. md5("$user_number$password")) Some Perl, as my PHP is a little rusty...  use CGI::Cookie; <br />use Digest::MD5 qw(md5_hex); <br />my %jar = fetch CGI::Cookie; <br />my $this_user_number = $jar{"w3t_myid"} ? $jar{"w3t_myid"}->value() : 0; <br />if($this_user_number) { <br /> my $passwd = $dbh->selectrow_arrayref("select U_Password from w3t_Users where U_Number = ?", undef, $this_user_number); <br /> my $key = md5_hex("$this_user_number$passwd->[0]"); <br /> if($key ne $jar{"w3t_key"}->value()) { <br /> # User is logged in, but password doesn't match <br /> } else { <br /> # User is logged in, and password matches <br /> } # end if <br /> <br />} else { <br /> # User is not logged in <br />} # end if <br />If all your code is in PHP, you might want to look at including the Threads libraries directly, then using the internal calls to authenticate the user... though this may be difficult if your application is on the complex side. Things might conflict a bit.  Anyway. Once you've authenticated the user, then you can just pull the rest of the user info out of the database based on his number.
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
|
Joined: Sep 2003
Posts: 16
Newbie
|
|
Newbie
Joined: Sep 2003
Posts: 16 |
Thanks for the help, Charles!
One problem I have is that I notice that the w3t_key cookie only exists if the user chooses the 'remember me on each visit' option. Is the key stored in the session if the user does not choose to be remembered? And if so, is there a way for me to access it? I guess I don't understand how a user could be logged in with the wrong password, so maybe this really doesn't matter. I just need to be sure they are logged in.
Thanks,
Trav
|
|
|
|
|
Joined: Dec 2000
Posts: 1,471
Addict
|
|
Addict
Joined: Dec 2000
Posts: 1,471 |
Have a look at the authenticate function in ubbt.inc.php
You should be able to use most of it's code in your external application.
|
|
|
|
|
Joined: Oct 2003
Posts: 2,305
Old Hand
|
|
Old Hand
Joined: Oct 2003
Posts: 2,305 |
yup thats what I usualy use
|
|
|
|
|
Joined: Jan 2000
Posts: 5,073
Admin Emeritus
|
|
Admin Emeritus
Joined: Jan 2000
Posts: 5,073 |
[]Is the key stored in the session if the user does not choose to be remembered?[/]Mmm. Good question. It LOOKS like the session associated with the ID in w3t_mysess needs to match up with the user number in w3t_myid. (My code above is from an internal admin util I made for my moderators, and all of them log in w/ Remember Me... never really had think about that. Hmm.) []I guess I don't understand how a user could be logged in with the wrong password[/]Hackers - fear'em.
UBB.classic: Love it or hate it, it was mine.
|
|
|
|
|
Joined: Oct 2003
Posts: 2,305
Old Hand
|
|
Old Hand
Joined: Oct 2003
Posts: 2,305 |
the w3t_sessionid puts a value in the w3t_users table U_Session field and that is compared to the w3t_myid by doing a database query based on U_Number.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
|
Posts: 70
Joined: January 2007
|
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
| |
Most Online5,166
Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|
