vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   md5 password + salt (https://vborg.vbsupport.ru/showthread.php?t=150299)

Norco 06-21-2007 05:48 PM
md5 password + salt
 
Alright, I have a website with a user system, all the user passwords are stored in a mysql database and md5 encrypted. I am attempting to re-encrypt all those passwords with a salt so the same password will be used on my website, as the forum. I have come up with this..

http://www.teenagezone.org

I'm using functions straight from vBulletin to do it, and when I get it working right, changing it so it will loop through all the users in my database and update their password to work with a salt. Now.. it dosn't seem to be working right. The script works, but when I update that in the database for vbulletin, and try logging in, it will not work.

Here is the scripts..

index.php
PHP Code:
<?php
include "pwfunction.php";

if (!$_POST['submit']){
echo "<form method='POST' style='margin: 0px;'>
<b>Hash: </b>
<input type='password' name='pass'><br><br>
<input type='submit' name='submit' value='sumbmit'>
</form>";
}else{
$password $_POST['pass'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

echo ("$hash - $salt");

}
?>
pwfunction.php
PHP Code:
<?php

    function hash_password($password$salt)
    {
        if ($password == '')
        {
        }
        else if (verify_md5($password))
        {
            $password md5($password);
        }
        return md5($password $salt);
    }


function fetch_user_salt($length 3)
{
    $salt '';
    for ($i 0$i $length$i++)
    {
        $salt .= chr(rand(33126));
    }
    return $salt;
}

    function verify_md5(&$md5)
    {
        return (preg_match('#^[a-f0-9]{32}$#'$md5) ? true false);
    }
    
?>
Does anyone know the problem or can give me some advice of why it is not working.

Dismounted 06-22-2007 06:22 AM
pwfunction.php, function 'hash_password'.
PHP Code:
else if (verify_md5($password)) 
Should be:
PHP Code:
else if (!verify_md5($password)) 

Norco 06-22-2007 11:08 AM
Wow, thanks! I would have never thought to do that and would be sitting there for days attempting to make it work.

Sorry for double posting, but I have something to add to this post. I currently have the script grabbing users from my website testing database, and it works! But.. it only does some, then errors. The reason being is to much work for the server doing this in a while loop for 4000 members (re encrypting plus producing a slat). Does anyone know how to limit how many it will do in a second/minute, or offer a idea for a different solution for doing this which will work?

Thanks.

Norco 06-25-2007 07:10 PM
Quote:
Originally Posted by Norco (Post 1273856)
Wow, thanks! I would have never thought to do that and would be sitting there for days attempting to make it work.

Sorry for double posting, but I have something to add to this post. I currently have the script grabbing users from my website testing database, and it works! But.. it only does some, then errors. The reason being is to much work for the server doing this in a while loop for 4000 members (re encrypting plus producing a slat). Does anyone know how to limit how many it will do in a second/minute, or offer a idea for a different solution for doing this which will work?

Thanks.
Anyone?

Dismounted 06-26-2007 07:37 AM
Add a variable. Increase it every time a user goes by.

Norco 06-26-2007 02:29 PM
Quote:
Originally Posted by Dismounted (Post 1276761)
Add a variable. Increase it every time a user goes by.
How so?

MarkPW 06-26-2007 09:33 PM
What kind of errors do you get?

Norco 06-26-2007 11:51 PM
Quote:
Originally Posted by MarkPW (Post 1277267)
What kind of errors do you get?
It just says you have a error with your sql syntax, but I think its because a) it is loading all random characters, right? So it is interfering with the sql update query and/or b) it is trying to load all 4000 at the same time, causing it to stop.

It only does about 10-20 then errors.... the highest its ever gotten was to 75, but then I have to drop the table and upload the backup to try again. The only thing I can think of doing is adding check boxes to the script with the usernames, check off 10, click submit, and it will update those one, then in the while loop it will only grab rows where there is noting in the salt field. But that would take a long time...

MarkPW 06-27-2007 12:40 AM
What exactly is the error with your SQL syntax?

Norco 06-27-2007 12:48 AM
Quote:
Originally Posted by MarkPW (Post 1277362)
What exactly is the error with your SQL syntax?
It varies with each run. For example:

First run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$R' WHERE `id`='1819'' at line 1
Second run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1472'' at line 1
Third run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'E' WHERE `id`='3290'' at line 1
By run I mean refresh.


All times are GMT. The time now is 03:46 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01802 seconds
  • Memory Usage 1,756KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete