UPDATE: AuthPDO doesn't work against SMF's clever password encryption strategies, but I found
this AuthSMF20 plugin which seems to work fine.
Original post follows:
----
So I finally sat down and worked out how the AuthPDO module worked and went from a dead wiki, to the wrong columns being returned, to no errors in a short time. But it doesn't work. Verified user/pass credentials are refused every time.
Sorry, username or password was wrong.
If I make any changes to the SQL code, an error is generated (debug is on) and I get an SQL statement which, when corrected, returns the right results. So the simple answer is the user/pass just doesn't match. So... ¯\_(ツ)_/¯
Here's my SQL:
SELECT `id_member` AS `uid`, `member_name` as `user`, `real_name` as `name`, `passwd` as `hash`, `email_address` as `mail` FROM smf_members WHERE `member_name` = :user
And that generates these results:
123, NFG, NFG, <hash>, <email>
But it fails. I'm guessing it's the salt, but while I know where the salt is in the db, I can't find any code that deals with mysql and bcrypt so I don't know how to sort out the 'check pass' component of the authpdo module. Every example I can find is MD5 or SHA1 and that != bcrypt and I'm just way out of my depth here.
If anyone has some mysql to apply to the DB and match against the wiki user's password, or can point out where I've gone wrong in my thinking, I'd love to see it.