vForums Support :: vForums :: Support :: API: Password Check - View Topic
 |  |
| Broken
Senior Member
![[Avatar]](http://i25.photobucket.com/albums/c51/dog199200/Dont%20removm/brokenavi.png)
Lost Resolve
Posts: 1,741
Status: Offline
Gender: Male
Age: 18
Joined:
pmskypemsnyahooaim | | API: Password Check (2nd Feb 10 at 12:45am EST) | Quote Reply | Ross,
I have been trying to do an account check in my store system to verify the user make the purchase is the person logged into the account, there is one big problem  I have no idea how to do a password check since you hashed the passwords this is what i am currently using:
 Code: - if($_POST['username'] != $user_info['user_name'] || $_POST['password'] != $user_info['password'] || !$_POST['username'] || !$_POST['password']){
Only think I can think of is hashing the $_POST['password], but i honestly have no idea if they would has exactly the same. I'm assuming your using md5.
So any idea on how to go about getting this done? | |
If you fall I’ll catch, if you love I’ll love, And so it goes, my dear, don’t be scared, you’ll be safe,
This I swear. If you only love me back.
 |
| Ross
Administrator
![[Avatar]](http://uploads.virtualforums.co.uk/forums/pokemon/vforums-qr1.png)
Posts: 3,429
Status: Offline
Age: 22
Joined:
Additional Groups:
Support Team
pmwwwmsngtalk vForum | | Re: API: Password Check (2nd Feb 10 at 4:40am EST) | Quote Reply | Unfortunately we cannot reveal how our passwords are hashed. And may even change how it's done at some point in the future to improve security.
The only way to validate the password a user provides is to run it through the login_user() function. That will post it to our server which will handle hashing it and comparing it to the password in the database. | |
|
| Broken
Senior Member
Lost Resolve
Posts: 1,741
Status: Offline
Gender: Male
Age: 18
Joined:
pmskypemsnyahooaim | | Re: API: Password Check (2nd Feb 10 at 5:08am EST) | Quote Reply | Ok i understand the security aspect, also i don't mind if it has to check the password on your end and not completely on mine which is why i tried using $user_info['password']. Anyways how would i go about running it through the login_user() function? Well the better question is, is the login_user() function an array? If it is i can can take it from there.
Edit: Ok i think i figured it out, i looked over the API again and seen how it was setup, and based on what i've been before, this should work, i hope:
$passval = $vf -> login_user($pass = 'pass');
Edit 2:
Clearly my PHP still still need work This is what I am using and its not working, and suggestions?
Code: PHP $username = $_POST['username'];- $password = $_POST['password'];
- $vf_pass = $vf -> login_user($pass = 'pass');
-
- if($username != $user_info['user_name'] || $password != $vf_pass || !$username || !$password){
the default username and email id's are set to user and pass so part should be fine
| |
If you fall I’ll catch, if you love I’ll love, And so it goes, my dear, don’t be scared, you’ll be safe,
This I swear. If you only love me back.
|
| |
 |  |
|
