PDA

View Full Version : Password integration

DrScion
08-09-2004, 11:38 PM
This is for verification of member status only and is not being used to integrate with VB, but simply to allow login to another part of the site based on their username and password.

Ive searched on google.com and here and learned that the password pattern is:


md5(md5('plain txt pwd' . salt))


Ive attempted to use this in numerous fasions, yet still wont match up with the password in the database, this coding is as follows,


mysql_select_db($database_connect, $connect);
$query_get_user = sprintf("SELECT * FROM vb_user WHERE username='%s'", $HTTP_POST_VARS['username']);
$get_user = mysql_query($query_get_user, $connect) or die(mysql_error());
$row_get_user = mysql_fetch_assoc($get_user);
$totalRows_get_user = mysql_num_rows($get_user);

$password = md5(md5($HTTP_POST_VARS['password'] . $row_get_user['salt']));

mysql_select_db($database_connect, $connect);
$query_get_password = sprintf("SELECT * FROM vb_user WHERE password='%s'", $password);
$get_password = mysql_query($query_get_password, $connect) or die(mysql_error());
$row_get_password = mysql_fetch_assoc($get_password);
$totalRows_get_password = mysql_num_rows($get_password);

if($totalRows_get_password == 0) {
die('Password Error');
}


Can someone help please?
DrScion
08-09-2004, 11:50 PM
My apologies, I miread one of the post I searched.

I have fixed my problem, and I will post the correct code for future reference...


mysql_select_db($database_connect, $connect);
$query_get_user = sprintf("SELECT * FROM vb_user WHERE username='%s'", $HTTP_POST_VARS['username']);
$get_user = mysql_query($query_get_user, $connect) or die(mysql_error());
$row_get_user = mysql_fetch_assoc($get_user);
$totalRows_get_user = mysql_num_rows($get_user);

$password = md5(md5($HTTP_POST_VARS['password']) $row_get_user['salt']);

mysql_select_db($database_connect, $connect);
$query_get_password = sprintf("SELECT * FROM vb_user WHERE password='%s'", $password);
$get_password = mysql_query($query_get_password, $connect) or die(mysql_error());
$row_get_password = mysql_fetch_assoc($get_password);
$totalRows_get_password = mysql_num_rows($get_password);

if($totalRows_get_password == 0) {
die('Password Error');
}