Scratch

GeonoTRON2000 · 2012-07-19 12:16:51

I (once again) have figured it out. As many of you know, phpBB3's hash function returns differently for the same result every time, however, there is a way to check passwords.

Code:

<?php
mysql_connect("localhost", "user", "password");
mysql_select_db("database");
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'common.' . $phpEx);
require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
$username = mysql_real_escape_string($_GET["username"]);
$password = $_GET["password"];
$q = mysql_query("SELECT * FROM `phpbb_users` WHERE `username` = '{$username}' LIMIT 1") or die("Error User 1: ".mysql_error());
$passhash = mysql_result($q, 0, "user_password");
unset($q);
if (phpbb_check_hash($password, $passhash)) {
  $usr_q = mysql_query("SELECT * FROM `phpbb_users` WHERE `username` = '{$username}'") or die("Error User 2: ".mysql_error());
  $usr = mysql_fetch_assoc($usr_q);
  $grp_id = $usr["group_id"];
  $grp_q = mysql_query("SELECT * FROM `phpbb_groups` WHERE `group_id` = {$grp_id}") or die("Error Group: ".mysql_error());
  $grp = mysql_fetch_assoc($grp_q);
  $grp_name = $grp["group_name"];
  die($grp_name);
}
else {
  die("false");
}
?>

Hope this helps! big_smile