vb.org Archive
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   md5 password + salt (https://vborg.vbsupport.ru/showthread.php?t=150299)

MarkPW 06-27-2007 01:12 AM
It sounds as though you aren't escaping certain value(s) in your sql statement. Are you using mysql_escape_string() on your variables before you use them in your statement?

Norco 06-27-2007 01:34 AM
No? The source to the script I am using is located in the first post in this thread, I quoted it below.

Quote:
Originally Posted by Norco (Post 1273369)
Alright, I have a website with a user system, all the user passwords are stored in a mysql database and md5 encrypted. I am attempting to re-encrypt all those passwords with a salt so the same password will be used on my website, as the forum. I have come up with this..

http://www.teenagezone.org

I'm using functions straight from vBulletin to do it, and when I get it working right, changing it so it will loop through all the users in my database and update their password to work with a salt. Now.. it dosn't seem to be working right. The script works, but when I update that in the database for vbulletin, and try logging in, it will not work.

Here is the scripts..

index.php
PHP Code:
<?php
include "pwfunction.php";

if (!$_POST['submit']){
echo "<form method='POST' style='margin: 0px;'>
<b>Hash: </b>
<input type='password' name='pass'><br><br>
<input type='submit' name='submit' value='sumbmit'>
</form>";
}else{
$password $_POST['pass'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

echo ("$hash - $salt");

}
?>
pwfunction.php
PHP Code:
<?php

    function hash_password($password$salt)
    {
        if ($password == '')
        {
        }
        else if (verify_md5($password))
        {
            $password md5($password);
        }
        return md5($password $salt);
    }


function fetch_user_salt($length 3)
{
    $salt '';
    for ($i 0$i $length$i++)
    {
        $salt .= chr(rand(33126));
    }
    return $salt;
}

    function verify_md5(&$md5)
    {
        return (preg_match('#^[a-f0-9]{32}$#'$md5) ? true false);
    }
    
?>
Does anyone know the problem or can give me some advice of why it is not working.

MarkPW 06-27-2007 01:49 AM
AFAIK your problem is to do with your SQL statement. Your script above tells me nothing that will explain your SQL errors.

Norco 06-27-2007 01:51 AM
You asked if I was using mysql_escape_string()... which would be in the source if I was, right?

MarkPW 06-27-2007 01:59 AM
Where are your SQL errors generated from? You're giving me half the story - I haven't a clue what's happening in the "rest" of your script. The above script generated a password hash with salt. It has does nothing to do with your database. Your SQL errors are coming from somewhere...

Norco 06-27-2007 02:06 AM
Quote:
Originally Posted by MarkPW (Post 1277402)
Where are your SQL errors generated from? You're giving me half the story - I haven't a clue what's happening in the "rest" of your script. The above script generated a password hash with salt. It has does nothing to do with your database. Your SQL errors are coming from somewhere...
OH. Ok here:

PHP Code:
<?php
include "pwfunction.php";

 $dbh=mysql_connect ("localhost""user""password") or die ('I cannot connect to the database because: ' mysql_error());
mysql_select_db ("database");

$get mysql_query("SELECT * FROM users") or die('Error, query failed');
while($row mysql_fetch_array($get)){

$password $row['password']; 
$id $row['id'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

$update mysql_query("UPDATE users SET `password`='$hash', `salt`='$salt' WHERE `id`='$id'") or die(mysql_error());
}
?>
pwfunctions.php is the same. Sorry my bad, I forgot to add the updated script for running it.

MarkPW 06-27-2007 02:29 AM
Since you have a connection to your database, you can use mysql_real_escape_string() (which you should use anyway). This should solve your problem:

PHP Code:
$salt mysql_real_escape_string(fetch_user_salt());
$hash mysql_real_escape_string(hash_password($password$salt));

$update mysql_query("UPDATE users SET `password`='$hash', `salt`='$salt' WHERE `id`='$id'") or die(mysql_error()); 

Norco 06-27-2007 02:33 AM
Let me try this, just a second.

Ah! It worked! Thank you SO MUCH.


All times are GMT. The time now is 09:32 PM.
Page 2 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01120 seconds
  • Memory Usage 1,755KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete