vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Password help (https://vborg.vbsupport.ru/showthread.php?t=270484)

iimp 09-17-2011 10:28 PM
Password help
 
Hey,

I am using VB 3.8 and am trying to validate the password through an external app. Here is the PHP code I have

Code:
        $username = isset($_GET[$usernameLabel]) ? ($_GET[$usernameLabel]) : "";
        $password = isset($_GET[$passwordLabel]) ? ($_GET[$passwordLabel]) : "";
        $userid = isset($_GET[$useridLabel]) ? $_GET[$useridLabel] : "";
        $script = isset($_GET[$scriptLabel]) ? ($_GET[$scriptLabel]) : "";

        $action = isset($_GET[$actionLabel]) ? $_GET[$actionLabel] : "";
       
        switch($action){
        case $actionLoginLabel:       
                $userid = -1;
                $res = mysql_query("select `userid`,`username`,`password`,`salt` from `user` where 1",$sql_con);
                while($row = mysql_fetch_array($res,MYSQL_ASSOC)){       
                        if($row["password"] == md5(md5($password).$row["salt"]) && strtolower($row["username"]) == strtolower($username)){
                                $userid = $row["userid"];
                                break;
                        }
                }
                //echo(enc($userid));
                echo($userid);
                break;
and here is the java

Code:
                private void loginButton_event(ActionEvent e) {
                        char[] p_raw = passwordTextBox.getPassword();
                        String p = "";
                        for(char c : p_raw){
                                p = p + Character.toString(c);
                        }
                       
                        try {
                                userid = Integer.parseInt(getPage(DOMAIN+"?"+LABEL_ACTION+"="+LABEL_ACTION_LOGIN+"&"+LABEL_USERNAME+"="+usernameTextBox.getText()+"&"+LABEL_PASSWORD+"="+p));
                        } catch(NumberFormatException err){}
                       
                        if(userid > -1){
                                username = usernameTextBox.getText();
                                password = p;
                               
                                setVisible(false);
                        } else {
                                JOptionPane.showMessageDialog(this,"Incorrect login details!","Error!",JOptionPane.ERROR_MESSAGE);
                        }
                }
It always shows as Incorrect login but I am using the right login/pass, can anyone help fix this please?

kh99 09-18-2011 12:59 AM
<span style="text-decoration: line-through">I think maybe it should be:</span> nvm, Eric is right.

Eric 09-18-2011 01:21 AM
Here is what vB 3.8 has in functions login:

PHP Code:
md5(md5($password) . $vbulletin->userinfo['salt']) 
So:
PHP Code:
md5(md5($password) . $row['salt']) 
Should be fine. I'm not familiar with Java but are you sure you are getting the input values correctly?

iimp 09-18-2011 09:38 AM
That's the same code I already have :/.

I think i need to encrypt it on the java side so it will read it from the database?

kh99 09-18-2011 10:32 AM
Quote:
Originally Posted by iimp (Post 2247448)
That's the same code I already have :/.
That's my fault - in the previous post I was suggesting that it needed to be changed and Eric was pointing out that what you have is correct. I deleted my code just to avoid someone seeing it in the future and thinking it might be correct.


Quote:
I think i need to encrypt it on the java side so it will read it from the database?
I don't think so - I think if you added an md5() on the java side you'd have to remove one on the server side. Have you tried anything like writing some debug info to a file to see what values you're working with?

One thing, you probably need to html encode the password to handle cases where it has special characters. Maybe doing an md5() on the java side would be a good idea. It might take care of that and any issue where someone might see the url (like server logs).

iimp 09-18-2011 10:38 AM
It seems the password is more encrypted than i thought, can I PM you the whole code to see if you can work it out?

kh99 09-18-2011 10:49 AM
You can do that if you'd like.


All times are GMT. The time now is 10:21 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01119 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code_printable
  • (2)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete