I found a bunch of md5 stuff in functions_login.php

Which one of those actually encrypt the password?
can't make sense of it :confused: (my php isn't that great)


This is the code:


<?PHP
include("sql.php");

$user = $_GET['user'];
$pass= $_GET['pass'];
$id= $_GET['id'];

$check_info = @mysql_query("SELECT * FROM `user` WHERE `username` = '$user'");
$user_info = mysql_fetch_assoc($check_info);
$check_info = @mysql_query("SELECT * FROM `user` WHERE `membergroupids` = '$id'");
$user_info = mysql_fetch_assoc($check_info);

if($user == $user_info['username'] && $pass == $user_info['password'] && $id == $user_info['membergroupids'])
{
echo 'true';
}
else
{
echo 'false';
}
?>


Where should I put the MD5 and SALT encrypt stuff? :(
Please help me <3

md5(md5($password).$salt); I believe - check login.php and see how its done there.

md5(md5($password).$salt); I believe - check login.php and see how its done there.

this did not work for me, thanks anyways.

this did not work for me, thanks anyways.
I couldn't find the exact line where it shows that the password is converted using two md5 hashes, but I did find this line:

if(strlen($vbulletin->GPC['password_md5']) == 32)


Which means that it does use md5 to hash the passwords. What are you trying to accomplish with this page? Are you trying to create vBulletin users? Or are you just trying to insert users in a database?

$encpass = md5(md5($pass).$user_info['salt']);