Hi everyone, I'm trying to integrate 123flashchat with joomla 1.0.13 and community builder however I'm running into an issue with the new way joomla handles password encryption.
123flash chat had an integration module based on 1.0.12 md5 encryption so it doesn't pull the correct password for a user with the new salted md5.
My question is if anyone here knows if I can change a little code somewhere in the chat xml or php script to get it to pull the salted password?
Here's what the login_chat.php looks like in it's current form:
<?php
include "configuration.php";
/**
* please modify the database configuration
*/
//$mosConfig_host = 'localhost';
//$mosConfig_db = 'mambo';
//$mosConfig_user = 'root';
//$mosConfig_password = '';
//
//$mosConfig_dbprefix = 'mos_';
$usertable = "users";
$username_field = "username";
$password_field = "password";
// dbms - database type
// support dbms: mysql , mysql4 , db2, msaccess, mssql-odbc, oracle, postgres7
$dbms = 'mysql4';
$phpEx = 'php';
$lib_path = '.';
/**
* Don't modify the code below unless you know what are you doing.
*/
// Define the output result
$LOGIN_SUCCESS = 0;
$LOGIN_PASSWD_ERROR = 1;
$LOGIN_NICK_EXIST = 2;
$LOGIN_ERROR = 3;
$LOGIN_ERROR_NOUSERID = 4;
$LOGIN_SUCCESS_ADMIN = 5;
$LOGIN_NOT_ALLOW_GUEST = 6;
$LOGIN_USER_BANED = 7;
switch($dbms)
{
case 'mysql':
include($lib_path . '/mysql.'.$phpEx);
break;
case 'mysql4':
include($lib_path . '/mysql4.'.$phpEx);
break;
case 'postgres':
include($lib_path . '/postgres7.'.$phpEx);
break;
case 'mssql':
include($lib_path . '/mssql.'.$phpEx);
break;
case 'oracle':
include($lib_path . '/oracle.'.$phpEx);
break;
case 'msaccess':
include($lib_path . '/msaccess.'.$phpEx);
break;
case 'mssql-odbc':
include($lib_path . '/mssql-odbc.'.$phpEx);
break;
default:
echo $LOGIN_ERROR;
exit;
}
// Make the database connection.
$db = new sql_db($mosConfig_host, $mosConfig_user, $mosConfig_password, $mosConfig_db, false);
if(!$db->db_connect_id)
{
echo $LOGIN_ERROR;
exit;
}
$username = isset($_GET) ? trim(htmlspecialchars($_GET)) : '';
$username = substr(str_replace("\\'", "'", $username), 0, 25);
$username = str_replace("'", "\\'", $username);
$password = isset($_GET) ? $_GET : '';
//$md5 = isset($_GET) ? ($_GET) : '';
$sql = "SELECT " . $username_field .",". $password_field . "
FROM " . $mosConfig_dbprefix . $usertable . "
WHERE ". $username_field . " = '" . str_replace("\\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
echo $LOGIN_ERROR;
exit;
}
if( $row = $db->sql_fetchrow($result) )
{
$db_user_password = $row[$password_field];
if (($password == $db_user_password) || (md5($password) == $db_user_password))
{
echo $LOGIN_SUCCESS;
exit;
}
else
{
echo $LOGIN_PASSWD_ERROR;
exit;
}
}
else
{
echo $LOGIN_ERROR_NOUSERID;
exit;
}
?>
Thanks!
Post edited by: sfraise, at: 2007/09/22 04:29