Login Handler with External database

[Tobias Belling Christensen]

Hi.

I have been trying to figure out how to make the forum use my main site's login system, but I find it hard to guess how the things works... My main site has unique salts for every user, so it's not enough to just change/add a hash algorithm to the external file.

So what I am trying to ask is, how do I run a query for the salt in my external database?

What I have come up with until now is the in attached image file, but in short I have tried to modify the encryptPassword method a little. I am not quite sure the select statement should use these details...

[Ryan Ashbrook]

Are you passing a value to $login_auth? By default, that method does not have that parameter - it only accepts a password, and is sent through via authenticate().

		/* If the password doesn't match, throw an exception */
		if ( !\IPS\Login::compareHashes( $this->encryptedPassword( $values['password'] ), $result[ $this->settings['db_col_pass'] ] ) )

If you're adding a secondary parameter, make sure you're passing the correct value in here as well.

[Tobias Belling Christensen]

13 minutes ago, Ryan Ashbrook said:

Are you passing a value to $login_auth? By default, that method does not have that parameter - it only accepts a password, and is sent through via authenticate().

		/* If the password doesn't match, throw an exception */
		if ( !\IPS\Login::compareHashes( $this->encryptedPassword( $values['password'] ), $result[ $this->settings['db_col_pass'] ] ) )

If you're adding a secondary parameter, make sure you're passing the correct value in here as well.

No, I am trying to check if they filled out an email, and then uses the email to find the salt from the user they are trying to login as. The salts are unique on a per user basis, so I would need to find the user to encrypt the password correctly for the hash check to work.

So what I really want to know is, how do I run a select statement like:

SELECT salt FROM users WHERE email = ?

And after that I want to take the salt result from the statement.

[Tobias Belling Christensen]

On 4/5/2016 at 7:22 PM, Ryan Ashbrook said:

Are you passing a value to $login_auth? By default, that method does not have that parameter - it only accepts a password, and is sent through via authenticate().

		/* If the password doesn't match, throw an exception */
		if ( !\IPS\Login::compareHashes( $this->encryptedPassword( $values['password'] ), $result[ $this->settings['db_col_pass'] ] ) )

If you're adding a secondary parameter, make sure you're passing the correct value in here as well.

Sorry... Didn't read the last line you wrote...

I have made a small modification of that line, so it looks like it does on the picture. My primary problem is, that I don't know how to write a simple SQL statement (selecting the salt from the db) with your Framework.

[teraßyte]

You can use this:

\IPS\Db::i()->select( ... );

Look at the function phpdoc for more details

[Tobias Belling Christensen]

On 6/5/2016 at 3:03 PM, teraßyte said:

You can use this:

\IPS\Db::i()->select( ... );

Look at the function phpdoc for more details

Thanks for the suggestion, but I think I might just drop this, as it doesn't seem possible with the current amount of help available and time it would require to make this work, not even taking the inconvenience of updates into considerations, as they apparently check if the files have been modified manually and won't allow update if they have been.

[Aiwa]

Are you creating a login handler, or are you modifying core files?   You should never modify core files.  Use a hook or add a custom login handler.  

If the modification is done properly, upgrades shouldn't cause you any problems unless the upgrade changes something you're hooking into.