CMilne
02-21-2005, 04:14 AM
I'm not sure about other people, but I needed this for an integration script I was doing, and it took me three hours to work out. It's just a file that checks is the password a client has entered is their real one, good for member integrations, stick it up with sessions and cookies and you've got yourself a keeper.
It's so hard because it uses a very advanced md5 code and uses a per member encryption system, so password 'jonny' for one account, dosen't result in the same md5 code as th password 'jonny' for another account.
This code is free for all, just wanted to share my discovery.
<?
// connect to the database
@ $db = mysql_connect('dbhost', 'dbusername', 'dbpassword');
mysql_select_db('dbname');
// magical query #1
$sql = mysql_query("SELECT * FROM user WHERE userid='1'");
$userinfo = mysql_fetch_assoc($sql);
$username = $HTTP_POST_VARS['username']; // username
$password = $HTTP_POST_VARS['password']; // password
// magical query #2
$sql = mysql_query("SELECT * FROM user WHERE username='$username'");
$userinfo = mysql_fetch_assoc($sql);
$userrows = mysql_num_rows($sql);
// Convert the password entered into the fancy vBulletin code
$newpassword = md5(md5($password) . $userinfo['salt']);
$sql2 = mysql_query("SELECT * FROM user WHERE username='$username' and password='$newpassword'");
if (mysql_num_rows($sql2) > 0) {
echo "You're Registered!";
} else { // Credentials are wrong
if ($userrows > 0) {
echo "Wrong Password"; // They ARE Registered, but they entered the wrong password
} else {
echo "You aint registered here MATE!"; // They arent registered at your forums
}
?>
This is mainly useful because MD5 encryption is one way making it a million times harder to integrate :(
Confirmed works in PHP 4.3.10 & 5.0.3
It's so hard because it uses a very advanced md5 code and uses a per member encryption system, so password 'jonny' for one account, dosen't result in the same md5 code as th password 'jonny' for another account.
This code is free for all, just wanted to share my discovery.
<?
// connect to the database
@ $db = mysql_connect('dbhost', 'dbusername', 'dbpassword');
mysql_select_db('dbname');
// magical query #1
$sql = mysql_query("SELECT * FROM user WHERE userid='1'");
$userinfo = mysql_fetch_assoc($sql);
$username = $HTTP_POST_VARS['username']; // username
$password = $HTTP_POST_VARS['password']; // password
// magical query #2
$sql = mysql_query("SELECT * FROM user WHERE username='$username'");
$userinfo = mysql_fetch_assoc($sql);
$userrows = mysql_num_rows($sql);
// Convert the password entered into the fancy vBulletin code
$newpassword = md5(md5($password) . $userinfo['salt']);
$sql2 = mysql_query("SELECT * FROM user WHERE username='$username' and password='$newpassword'");
if (mysql_num_rows($sql2) > 0) {
echo "You're Registered!";
} else { // Credentials are wrong
if ($userrows > 0) {
echo "Wrong Password"; // They ARE Registered, but they entered the wrong password
} else {
echo "You aint registered here MATE!"; // They arent registered at your forums
}
?>
This is mainly useful because MD5 encryption is one way making it a million times harder to integrate :(
Confirmed works in PHP 4.3.10 & 5.0.3