I was trying to figure this out for the longest time, The code is not the best as I code in C# and took me hours to figure out what is probably VERY simple
So here it is
<?php
$min_seconds_between_refreshes = 3;
session_start();
if (array_key_exists('last_access', $_SESSION) && time() - $min_seconds_between_refreshes <= $_SESSION['last_access']) {
// The user has been here at least $min_seconds_between_refreshes seconds ago - block them
exit('You Are Trying To Use The API Too Fast, Please Try Again Later...');
}
// Record now as their last access time
$_SESSION['last_access'] = time();
$host = 'localhost';
$user = 'DB_Username';
$pass = 'DB_Password';
$db = 'DB_Name';
$mysqli = new mysqli($host, $user, $pass, $db);
$user = $_GET['username'];
$password = $_GET['password'];
$IPNPassword = $_GET['IPNPassword'];
$tables = "mybb_users";
$tables2 = "mybb_userfields";
$sql = "SELECT * FROM " . $tables . " WHERE username = '" . mysqli_real_escape_string($mysqli, $user) . "'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
// Outputting the rows
while ($row = $result->fetch_assoc()) {
$password = $row['password'];
$salt = $row['salt'];
$plain_pass = $_GET['password'];
$stored_pass = md5(md5($salt) . md5($plain_pass));
function Redirect($url, $permanent = false)
{
if (headers_sent() === false) {
header('Location: ' . $url, true, ($permanent === true) ? 301 : 302);
}
exit();
}
if ($stored_pass != $row['password']) {
echo "Password Incorrect<br>"; // Wrong pass, user exists
die();
} else {
$GetUserID = $row['uid'];
$sql2 = "SELECT * FROM " . $tables2 . " WHERE ufid = '" . mysqli_real_escape_string($mysqli, $GetUserID) . "'";
$result2 = $mysqli->query($sql2);
if ($result->num_rows > 0) {
while ($row2 = mysqli_fetch_assoc($result2)) {
$GetUserSalt = $row2['fid5'];
if (empty($GetUserSalt)) {
die("No Secret IPN Has Been Set");
}
if (empty($IPNPassword)) {
die("You Did Not Enter A Secret IPN Password!");
}
if ($IPNPassword != $GetUserSalt) {
die("Secret IPN Password Wrong!");
}
}
}
echo "Password Correct<br><br>"; // Correct pass
$MainGroups = $row['usergroup'];
$SecondaryGroups = $row['additionalgroups'];
$Registered = "2";
$Moderators = "6";
$SuperModerators = "3";
$Administrators = "4";
echo "Current Main Groups<br>";
if (strpos($MainGroups, $Registered) !== false) {
echo "Registered<br>";
}
if (strpos($MainGroups, $Moderators) !== false) {
echo "Moderators<br>";
}
if (strpos($MainGroups, $SuperModerators) !== false) {
echo "Super Moderators<br>";
}
if (strpos($MainGroups, $Administrators) !== false) {
echo "Administrators<br>";
}
echo "<br>";
echo "Current Secondary Groups<br>";
if (strpos($SecondaryGroups, $Registered) !== false) {
echo "Registered<br>";
}
if (strpos($SecondaryGroups, $Moderators) !== false) {
echo "Moderators<br>";
}
if (strpos($SecondaryGroups, $SuperModerators) !== false) {
echo "Super Moderators<br>";
}
if (strpos($SecondaryGroups, $Administrators) !== false) {
echo "Administrators<br>";
}
}
}
}
?>To Test This On Your Own Here Is the Paramaters You Would Pass To Your Browser
http://website.url/check.php?username=USERNAME&password=PASSWORD&IPNPassword=SECRETIPNPASSWORDYou will also want to go into your forum then go to custom user fields and then make a custom user field for the user to set the custom IPN password of there choice, Also if you look above in my code where it says
$GetUserSalt = $row2['fid5'];You will want to go into your PHPMYADMIN and check for the fildID and put the proper name there
Other then that I hope some of you find this somewhat useful