IPB VERY POOR SIMPLE API IN PHP


<?php

$user = $_GET['user'];
$pass = $_GET[' pass'];


$db['host']         = 'localhost'; #URL DO SERVIDOR MYSQL
$db['db']           = 'ipb_forum'; #NOME DA DB DO FORUM
$db['username']     = 'root';      #USUARIO DO MYSQL
$db['password']     = '';          #SENHA DO MYSQL


$ipb['auth']['table_name']      = 'members';            #NOME TABELA DE MEMBROS DO IPB
$ipb['auth']['username_column'] = 'name';               #NOME DA COLUNA DENTRO DA TABELA DE MEMBROS REFERENTE AO NOME DE USUARIO
$ipb['auth']['password_column'] = 'members_pass_hash';  #NOME DA COLUNA DENTRO DA TABELA DE MEMBROS REFERENTE A HASH DA SENHA
$ipb['auth']['salt_column']     = 'members_pass_salt';  #NOME DA COLUNA DENTRO DA TABELA DE MEMBROS REFERENTE AO SALT DA HASH DA SENHA


try{
    $pdo = new PDO("mysql:host={$db['host']};dbname={$db['db']}", $db['username'], $db['password']);
}catch(Exception $e) {
    die($e->getMessage());
}


$statment = 'SELECT * FROM ' . $ipb['auth']['table_name'] . ' WHERE ' . $ipb['auth']['username_column'] '=? LIMIT 1;';

$query = $pdo->prepare($statment);
$query->execute([
    $user
]);

$resp = [];

if($query->rowCount()) {
    $row = $query->fetch(PDO::FETCH_ASSOC);
    $storedHash = $row[$ipb['auth']['password_column']];
    $storedSalt = $row[$ipb['auth']['salt_column']];
    $hash = ipbHash($pass, $storedSalt);

    if($hash === $storedHash) {
        $resp = [
            'status' => 'authorized',
            'message' => 'user logged with success'
        ];
    }
    else {
        $resp = [
            'status' => 'unauthorized',
            'message' => 'invalid password'
        ];
    }
}
else {
    $resp = [
        'status' => 'denied',
        'message' => 'user not found in database'
    ];
}

echo json_encode($resp);
die();


function ipbHash($password, $salt) {
    if($password == null || $salt == null) return '';
    return md5(md5(salt) + md5(password));
}