CODEWITHSUNDEEP
phpencryptionpasswordsmoodle
richard008
richard008

Reputation: 403

Logging in from an external script using moodle database

I'm not trying to create a plugin for moodle, I'm simply creating an external script that checks the credentials a user enters into a form against the user table in a moodle database.

Right now in the script, it the username matches, but the password doesn't. I've read some information about moodle using salting, but I'm still not getting any luck.

I'm using something like this to check the password.

$salt = 'random string of chars found in config file';
$password = md5($_POST['password'].$salt);
$query = "SELECT * FROM `user` WHERE password = '$password';";
...

Any suggestions would be greatly appreciated.

Upvotes: 1

Views: 2402

Answers (2)

iankit
iankit

Reputation: 9372

You should use moodle's Authentication API and its associated functions. auth_user_login ($username, $password)

Returns : true if the username and password work and false if they don't.

Upvotes: 1

Jitendra Gaur
Jitendra Gaur

Reputation: 778

I have tested the code its working fine for me there are some possibilities maybe which you are doing wrong -

  1. Make sure $salt string is same as in config.php($CFG->passwordsaltmain) file.
  2. Make sure password is not directly reset from mysql database without moodle code.
  3. Missing table prefix in your query.

My code - 

<?php
    if ($_POST['submit']) {

        //your host detail
        $link = mysql_connect('localhost', 'root', 'root') or die(mysql_error());

        //your dbname
        mysql_select_db('moodle_23') or die(mysql_error()); 

        $salt = 'MG.b.;w>0B)3c.^:OqDd#?^h'; //change with your salt
        $password = md5($_POST['password'] . $salt);

        $query = "SELECT * FROM mdl_user WHERE username = '{$_POST['username']}' AND password = '$password'";

        $result = mysql_query($query) or die(mysql_error());

        echo '<pre>';

        while ($row = mysql_fetch_assoc($result)) {
            print_r($row);
        }
    }
    ?>
    <form action='' method="post">
        <p>Username = <input type="text" name ="username"/></p>
        <p>Password = <input type="password" name ="password"/></p>
        <input type="submit" value="submit" name="submit"/>
    </form>

Thanks

Upvotes: 2

Related Questions