Ninth Dimension |
08-23-2006 03:49 PM |
Quote:
Originally Posted by Psionic Vision
Authentication Storage
The authentication data is stored in the following way (thank to Kirby for this info):
$_COOKIE:
{cookiepfx}userid - plain(userid)
{cookiepfx}password - md5(md5(md5('PlaintextPassword'), salt), 'LicenseNo').
TABLE user:
password - md5(md5('PlaintextPassword'), salt)
Note that for cookie, {cookiepfx} is your board's cookie prefix. It is configurable via admincp and is accessible via the COOKIE_PREFIX constant.
|
Hi, I believe you have an error in the above code, where you've put
Code:
md5(md5('PlaintextPassword'), salt)
I believe it should say
Code:
md5(md5('PlaintextPassword'). 'salt')
I.e. what the script does it takes the plain password, md5()s it, the adds the salt to the end, then md5()s it again. At least that is what i think it does in vB 3.6.0..
I'd be keen on getting some clarification on this, cheers :D
|