vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Login form values (https://vborg.vbsupport.ru/showthread.php?t=137188)

JMH11788 01-22-2007 01:24 AM
Login form values
 
From what I can tell when you submit your password on the login form from vbulletin it will md5 the password value right in the html form, before it gets passed to the php scripts.

Is there anyway to access the pre-md5 so I can get the plaintext value in php?

For example, to get the username submitted by the form I can use:
PHP Code:
$vbulletin->GPC['vb_login_username']; 
So I tried
PHP Code:
$vbulletin->GPC['vb_login_password']; 
but it never returns anything :(


Is there a way to get the plaintext password submitted?

Thank you in advance,
Jordan

harmor19 01-22-2007 06:54 PM
You have to edit the form so it doesn't hash the password before it's sent.

JMH11788 01-22-2007 07:03 PM
Quote:
Originally Posted by harmor19 (Post 1165204)
You have to edit the form so it doesn't hash the password before it's sent.
That's kinda what I figured. What exactly do I change though?

HTML Code:
                <!-- login form -->
                <form action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])">
                <script type="text/javascript" src="clientscript/vbulletin_md5.js?v=$vboptions[simpleversion]"></script>
                <table cellpadding="0" cellspacing="$stylevar[formspacer]" border="0">
                <tr>
                        <td class="smallfont"><label for="navbar_username">$vbphrase[username]</label></td>
                        <td><input type="text" class="bginput" style="font-size: 11px" name="vb_login_username" id="navbar_username" size="10" accesskey="u" tabindex="101" value="$vbphrase[username]" onfocus="if (this.value == '$vbphrase[username]') this.value = '';" /></td>
                        <td class="smallfont" colspan="2" nowrap="nowrap"><label for="cb_cookieuser_navbar"><input type="checkbox" name="cookieuser" value="1" tabindex="103" id="cb_cookieuser_navbar" accesskey="c" />$vbphrase[remember_me]</label></td>
                </tr>
                <tr>
                        <td class="smallfont"><label for="navbar_password">$vbphrase[password]</label></td>
                        <td><input type="password" class="bginput" style="font-size: 11px" name="vb_login_password" id="navbar_password" size="10" tabindex="102" /></td>
                        <td><input type="submit" class="button" value="$vbphrase[log_in]" tabindex="104" title="$vbphrase[enter_username_to_login_or_register]" accesskey="s" /></td>
                </tr>
                </table>
                <input type="hidden" name="s" value="$session[sessionhash]" />
                <input type="hidden" name="do" value="login" />               
                <input type="hidden" name="vb_login_md5password" />
                <input type="hidden" name="vb_login_md5password_utf" />
                </form>
                <!-- / login form -->
Can I just change
HTML Code:
onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])"
to
HTML Code:
onsubmit="vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty]"
would that work?

harmor19 01-23-2007 02:03 AM
Change
HTML Code:
onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])"
To
HTML Code:
onsubmit="md5hash(vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])"

JMH11788 01-23-2007 03:02 AM
Quote:
Originally Posted by harmor19 (Post 1165454)
Change
HTML Code:
onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])"
To
HTML Code:
onsubmit="md5hash(vb_login_md5password, vb_login_md5password_utf, $show[nopasswordempty])"
Works perfect! Thanks!


All times are GMT. The time now is 04:26 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01597 seconds
  • Memory Usage 1,742KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_html_printable
  • (2)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete