phpBB Smith: Can you split phpBB's Database?

Author	Message
DarkScythe Member
Tue Sep 05, 2006 10:18 am Post subject: re: Can you split phpBB's Database?
Thanks I'm searching all over the place for where these functions are stored, and the EE team is awfully shut up about the inner workings of their scripts :/ As far as I can tell, those code snippets come directly from the EE registration PHP file. Code: $data['ip_address'] = $IN->IP; $data['unique_id'] = $FNS->random('encrypt'); $data['join_date'] = $LOC->now; $data['authcode'] = $FNS->random('alpha', 10); They seem to be globally declared variables I think.. They're declared in one line near the beginning with "global $IN $FNS ..." etc etc Isn't the random just a PHP function though?

Thoul Administrator
Tue Sep 05, 2006 10:31 am Post subject: re: Can you split phpBB's Database?
No, the random will be a custom function defined somewhere in the EE code. $IN, $FNS, and $LOC are objects (the -> is the giveaway for that), and random is a function defined in the class that is used to create the $FNS variable.

DarkScythe Member
Tue Sep 05, 2006 10:41 am Post subject: re: Can you split phpBB's Database?
Okay, I will scour all the files for any sign of those functions being explained. I'll post it when I find it Edit: Okay, that was fairly quick, I think I found the random. Code: // ------------------------------------------------- // Random number/password generator // ------------------------------------------------- function random($type = 'encrypt', $len = 8) { if ($this->seed == FALSE) { if (phpversion() >= 4.2) mt_srand(); else mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff); $this->seed = TRUE; } switch($type) { case 'basic' : return mt_rand(); break; case 'alpha' : case 'numeric' : case 'nozero' : switch ($type) { case 'alpha' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; break; case 'numeric' : $pool = '0123456789'; break; case 'nozero' : $pool = '123456789'; break; } $str = ''; for ($i=0; $i < $len; $i++) { $str .= substr($pool, mt_rand(0, strlen($pool) -1), 1); } return $str; break; case 'md5' : return md5(uniqid(mt_rand())); break; case 'encrypt' : return $this->hash(uniqid(mt_rand())); break; } } // END Seems like an awfully long code for random though..

Thoul Administrator
Tue Sep 05, 2006 12:43 pm Post subject: re: Can you split phpBB's Database?
Yeah, it looks like it does several different types of random features. The one used for the unique id also uses another EE specific function here, called hash(). We'll need that one to make the id, too. It should (hopefully) be in the same file where you found the random.

DarkScythe Member
Tue Sep 05, 2006 1:00 pm Post subject: re: Can you split phpBB's Database?
lol, I dunno how you caught that, I don't see anything referring to a hash.. But yes, the hash function was specified right above this random, actually. Here it is: Code: // ------------------------------------------------- // Convert a string into an encrypted hash // ------------------------------------------------- // SHA1 or MD5 is supported function hash($str) { global $PREFS; if ($PREFS->ini('encryption_type') == 'md5') { return md5($str); } if ( ! function_exists('sha1')) { if ( ! function_exists('mhash')) { if ( ! class_exists('SHA')) { require PATH_CORE.'core.sha1'.EXT; } $SH = new SHA; return $SH->encode_hash($str); } else { return bin2hex(mhash(MHASH_SHA1, $str)); } } else { return sha1($str); } } // END Thanks a ton again lol I'd be lost without all this help As far as all the random features, I'm not sure if it's called anywhere else, but I don't see any way to change which cases are called via the control panel. Still, it seems only alpha and encrypt are required for the ID and authcode.

Thoul Administrator
Tue Sep 05, 2006 2:26 pm Post subject: re: Can you split phpBB's Database?
Ok, hopefully that will be all we need. Using SHA, the random for the unique id breaks down to this: Code: $unique_id = sha1(uniqid(mt_rand())); And if you do need the authcode later, this should work for that: Code: $authcode = ''; $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; for ($i=0; $i < 10; $i++) { $authcode .= substr($pool, mt_rand(0, strlen($pool) -1), 1); }

DarkScythe Member
Tue Sep 05, 2006 8:52 pm Post subject: re: Can you split phpBB's Database?
All right! Thanks a huge bunch I'm surprised you could extract all that info from just a snippet of the function being called. I'll try to insert them into the code now, and look over any other fields that need to be updated. In the mean time, I have another quick question about databases, if you can answer it.. I noticed in phpMyAdmin, most of the fields have a "default value" (most are just 0). Does this mean I don't need to fill in these rows when I create a new user? Currently I've filled in everything manually and my code has like twenty 0's in it lol. I noticed this when I was looking at another table to fill in and the values was just a "\|" a pipe character, and I wondered if that would mess with the PHP. Edit: By the way, I'm not sure if $client_ip will work.. I was about to test it, but remembered the $ should mean it's a variable.. I searched all the phpBB files for client_ip but turned up no results, so I'm not sure if phpBB actually records the IP address anywhere or not. In any case, it was a relatively easy google, and I came up with this for a replacement: Code: $client_ip = $_SERVER['REMOTE_ADDR'];

Thoul Administrator
Tue Sep 05, 2006 10:20 pm Post subject: re: Can you split phpBB's Database?
phpBB should define $client_ip in common.php, but it essentially does the same thing as that line, so that should be fine. Quote: I noticed in phpMyAdmin, most of the fields have a "default value" (most are just 0). Does this mean I don't need to fill in these rows when I create a new user? Currently I've filled in everything manually and my code has like twenty 0's in it lol. Yeah, pretty much. If you don't specify those in the queries, the default values will be used.

DarkScythe Member
Tue Sep 05, 2006 10:52 pm Post subject: re: Can you split phpBB's Database?
Ah, excellent, that will make tings a lot easier lol. I can go ahead and delete those 20+ 0's now Is there any advantage over using phpBB's $client_ip over that one line? Thanks again!

Thoul Administrator
Tue Sep 05, 2006 11:45 pm Post subject: re: Can you split phpBB's Database?
Not really. phpBB checks a few different ways of accessing the REMOTE_ADDR that are available in different versions of phpBB. If that line you posted works for you, I'd go with that.

Tue Sep 05, 2006 10:18 am Post subject: re: Can you split phpBB's Database?

Thanks

I'm searching all over the place for where these functions are stored, and the EE team is awfully shut up about the inner workings of their scripts :/

As far as I can tell, those code snippets come directly from the EE registration PHP file.

Code:

$data['ip_address'] = $IN->IP;
$data['unique_id'] = $FNS->random('encrypt');
$data['join_date'] = $LOC->now;
$data['authcode'] = $FNS->random('alpha', 10);

They seem to be globally declared variables I think.. They're declared in one line near the beginning with "global $IN $FNS ..." etc etc

Isn't the random just a PHP function though?

Tue Sep 05, 2006 10:31 am Post subject: re: Can you split phpBB's Database?

No, the random will be a custom function defined somewhere in the EE code. $IN, $FNS, and $LOC are objects (the -> is the giveaway for that), and random is a function defined in the class that is used to create the $FNS variable.

Tue Sep 05, 2006 10:41 am Post subject: re: Can you split phpBB's Database?

Okay, I will scour all the files for any sign of those functions being explained.
I'll post it when I find it

Edit: Okay, that was fairly quick, I think I found the random.

Code:

// -------------------------------------------------
// Random number/password generator
// -------------------------------------------------

function random($type = 'encrypt', $len = 8)
{
if ($this->seed == FALSE)
{
if (phpversion() >= 4.2)
mt_srand();
else
mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);

$this->seed = TRUE;
}

switch($type)
{
case 'basic' : return mt_rand();
break;
case 'alpha' :
case 'numeric' :
case 'nozero' :

   switch ($type)
   {
      case 'alpha' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
         break;
      case 'numeric' : $pool = '0123456789';
         break;
      case 'nozero' : $pool = '123456789';
         break;
   }

            $str = '';

for ($i=0; $i < $len; $i++)
{
$str .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
}
return $str;
break;
case 'md5'    : return md5(uniqid(mt_rand()));
break;
case 'encrypt' : return $this->hash(uniqid(mt_rand()));
break;
}
}
// END

Seems like an awfully long code for random though..

Tue Sep 05, 2006 12:43 pm Post subject: re: Can you split phpBB's Database?

Yeah, it looks like it does several different types of random features. The one used for the unique id also uses another EE specific function here, called hash(). We'll need that one to make the id, too. It should (hopefully) be in the same file where you found the random.

Tue Sep 05, 2006 1:00 pm Post subject: re: Can you split phpBB's Database?

lol, I dunno how you caught that, I don't see anything referring to a hash.. But yes, the hash function was specified right above this random, actually.

Here it is:

Code:

// -------------------------------------------------
// Convert a string into an encrypted hash
// -------------------------------------------------

// SHA1 or MD5 is supported

function hash($str)
{
   global $PREFS;

   if ($PREFS->ini('encryption_type') == 'md5')
   {
      return md5($str);
   }

if ( ! function_exists('sha1'))
{
if ( ! function_exists('mhash'))
{
         if ( ! class_exists('SHA'))
         {
            require PATH_CORE.'core.sha1'.EXT;
         }

$SH = new SHA;

return $SH->encode_hash($str);
}
else
{
return bin2hex(mhash(MHASH_SHA1, $str));
}
}
else
{
return sha1($str);
}
}
// END

Thanks a ton again lol I'd be lost without all this help

As far as all the random features, I'm not sure if it's called anywhere else, but I don't see any way to change which cases are called via the control panel. Still, it seems only alpha and encrypt are required for the ID and authcode.

Tue Sep 05, 2006 2:26 pm Post subject: re: Can you split phpBB's Database?

Ok, hopefully that will be all we need. Using SHA, the random for the unique id breaks down to this:

Code:

$unique_id = sha1(uniqid(mt_rand()));

And if you do need the authcode later, this should work for that:

Code:

$authcode = '';
$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
for ($i=0; $i < 10; $i++)
{
$authcode .= substr($pool, mt_rand(0, strlen($pool) -1), 1);
}

Tue Sep 05, 2006 8:52 pm Post subject: re: Can you split phpBB's Database?

All right! Thanks a huge bunch Smile

I'm surprised you could extract all that info from just a snippet of the function being called. I'll try to insert them into the code now, and look over any other fields that need to be updated.

In the mean time, I have another quick question about databases, if you can answer it..
I noticed in phpMyAdmin, most of the fields have a "default value" (most are just 0). Does this mean I don't need to fill in these rows when I create a new user? Currently I've filled in everything manually and my code has like twenty 0's in it lol.
I noticed this when I was looking at another table to fill in and the values was just a "|" a pipe character, and I wondered if that would mess with the PHP.

Edit:
By the way, I'm not sure if $client_ip will work..
I was about to test it, but remembered the $ should mean it's a variable.. I searched all the phpBB files for *client_ip* but turned up no results, so I'm not sure if phpBB actually records the IP address anywhere or not.
In any case, it was a relatively easy google, and I came up with this for a replacement:

Code:

$client_ip = $_SERVER['REMOTE_ADDR'];

Tue Sep 05, 2006 10:20 pm Post subject: re: Can you split phpBB's Database?

phpBB should define $client_ip in common.php, but it essentially does the same thing as that line, so that should be fine.

Quote:

I noticed in phpMyAdmin, most of the fields have a "default value" (most are just 0). Does this mean I don't need to fill in these rows when I create a new user? Currently I've filled in everything manually and my code has like twenty 0's in it lol.

Yeah, pretty much. If you don't specify those in the queries, the default values will be used.

Tue Sep 05, 2006 10:52 pm Post subject: re: Can you split phpBB's Database?

Ah, excellent, that will make tings a lot easier lol.
I can go ahead and delete those 20+ 0's now Wink

Is there any advantage over using phpBB's $client_ip over that one line?

Thanks again!

Tue Sep 05, 2006 11:45 pm Post subject: re: Can you split phpBB's Database?

Not really. phpBB checks a few different ways of accessing the REMOTE_ADDR that are available in different versions of phpBB. If that line you posted works for you, I'd go with that.