vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Text to MD5 (https://vborg.vbsupport.ru/showthread.php?t=181510)

sjsteve33171 06-04-2008 04:20 PM
Text to MD5
 
Hi guys,

What i need is to be able for people to convert text to md5 hash.

The aim is i'm using a auth system based of website registration and certain member id's and group id's. Now i'd like to be able for them to authenticate via website name and password typed in the notepad.

So the program inputs their text entrys into a sql statement hardcoded in, and send it off for results. One of those things required would be thier password but in MD5 has form.

Is this possible?

MoT3rror 06-04-2008 08:36 PM
PHP Code:
md5($text); 
http://www.php.net/md5

Dismounted 06-05-2008 07:23 AM
Note that vBulletin uses more than a straight MD5 hash.

sjsteve33171 06-05-2008 12:26 PM
This is my problem. As its not a simple

Code:
md5( $var)
I need a method... Any ideas?

Opserty 06-05-2008 01:18 PM
PHP Code:
md5md5($password) . $salt

sjsteve33171 06-06-2008 02:12 PM
Quote:
Originally Posted by Opserty (Post 1541514)
PHP Code:
md5md5($password) . $salt
Perfect sense, but salt is

Code:
$salt = "SOME_RANDOM_NUMBERS_HERE";
So i need need to know how you generate your salt code so i can match it up.

Dismounted 06-07-2008 06:40 AM
The salt field is contained within the user table. It is three random characters generated at registration. You will need to use the salt from the user table to verify users.

sjsteve33171 06-09-2008 06:36 AM
Thanks all for your input. I Got this working so thought i would post this php script incase anyone else wanted to use it. It basically asks for the users name fetches all required info from the db then asks for their password in text and prints the password in vBulletin md5 format.

Fill in your host + db info and the rest should be fine as long as your on vBulletin!

Code:
<?php
if( eregi( "md5.php",$PHP_SELF ) )
{
    Header("Location: http://www.some_website_here.co.uk");
    die( );
}

$WebsiteUsername = $_POST['Website_Username'];
$WebsitePassword = $_POST['Website_Password'];
$UserVerify = $_POST['User_Verify'];
$Website_Uauth = "Unauthenicated";
$ReadyForPass = false;

$DB_Host = "";
$DB_Name = "";
$DB_Username = "";
$DB_Password = "";
$ConnectWebsite = mysql_pconnect($DB_Host, $DB_Username, $DB_Password) or trigger_error(mysql_error(),E_USER_ERROR);

if ($ConnectWebsite)
{
        mysql_select_db($DB_Name) or die("[ERROR]Could Not Select The Database ($DB_Name)");
}

if (isset($WebsiteUsername) && $WebsiteUsername != NULL && $UserVerify == "Verify_That")
{
        $CustomerInfoSQL = "SELECT username FROM user WHERE username='$WebsiteUsername'";
        $CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error());
        $CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery);
        $CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery);
       
        if ($CustomerVerifyRowCount == 1)
        {
                $Website_Uauth = "Authenicated";
                $ReadyForPass = true;
        }
        else
        {
                echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>";
                die();
        }
}
elseif (isset($WebsiteUsername) && $WebsiteUsername != NULL && isset($WebsitePassword) && $WebsitePassword != NULL && $UserVerify == "Verify_Pass")
{
        $CustomerInfoSQL = sprintf("SELECT username FROM user WHERE username='%s'",
        get_magic_quotes_gpc() ? $WebsiteUsername : addslashes($WebsiteUsername));
        $CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error());
        $CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery);
        $CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery);
       
        if ($CustomerVerifyRowCount == 1)
        {               
                $SaltInfoSQL = "SELECT salt FROM user WHERE username='$WebsiteUsername'";
                $SaltInfoQuery = mysql_query($SaltInfoSQL, $ConnectWebsite) or die(mysql_error());
                $SaltInfoFetch = mysql_fetch_assoc($SaltInfoQuery);
                $SaltVerifyRowCount = mysql_num_rows($SaltInfoQuery);
               
                if ($SaltVerifyRowCount >= 1)
                {
                        $SaltFound = true;
                        $UsersSalt = $SaltInfoFetch['salt'];
                }
        }
        else
        {
                echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>";
                die();
        }
       
}

?>
<html>
        <head>
                <title>Text To vBulletin Password Converter</title>
        </head>
<body>
<?php
if (!isset($WebsiteUsername) && $Website_Uauth == "Unauthenicated" && $ReadyForPass == false)
{
?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
                <table border="1">
                <tr>
                        <td>Enter your User:</td>
                        <td><input type="text" name="Website_Username" value="" maxlength="25"></td>
                </tr>
                <input type="hidden" name="User_Verify" value="Verify_That">
                <tr>       
                        <td align="center" colspan="2"><input type="submit" value="Verify User"></td>
                </tr>
                       
        </form>

<?php
}
elseif (isset($WebsiteUsername) && $Website_Uauth == "Authenicated" && $ReadyForPass == true)
{?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
                <table border="1">
                <tr>
                        <td colspan="2">Valid User: <font color="#009900"><?php echo $WebsiteUsername?></font></td>
                        <input type="hidden" name="Website_Username" value="<?php echo $WebsiteUsername?>">
                </tr>
                <tr>
                        <td>Password:</td>
                        <td><input type="text" name="Website_Password" value=""></td>
                </tr>
                <input type="hidden" name="User_Verify" value="Verify_Pass">
                <tr>       
                        <td align="center" colspan="2"><input type="submit" value="Click To Create MD5 Value"></td>
                </tr>
               
        </form>
<?php       
}
elseif($SaltFound == true && $UsersSalt != NULL)
{
        $code = md5( md5( $WebsitePassword ) . $UsersSalt );
        echo "The password you have entered is: ".$WebsitePassword."<br>";
        echo "The md5 password is: ".$code."";
}
?>
</body>
</html>

Marco van Herwaarden 06-09-2008 06:58 AM
I would not suggest anyone to use this script as it is vulnerable to SQL-Injections.

sjsteve33171 06-09-2008 09:58 AM
Any suggestions then to make it secure?

It was more of a 'This is how i got it working' more than a 'Here's how to'. Im not up to date on high security as i'm still learning, Was hoping it may help some


All times are GMT. The time now is 11:39 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01061 seconds
  • Memory Usage 1,769KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_code_printable
  • (3)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete