vb.org Archive - cookie password stuff

Page 1 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)

- - cookie password stuff (https://vborg.vbsupport.ru/showthread.php?t=49911)

mr e	03-10-2003 06:10 PM

cookie password stuff

ok how come i cant do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$ _COOKIE[bbpassword]");
[/sql]

but i can do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE userid=$ _COOKIE[bbuserid]");
[/sql]

i've looked at my cookies and everything is there, why can i do one, but not the other? and yes this is on a non-vb page

filburt1

03-10-2003 06:11 PM

You need to put the passhash in quotes.

mr e	03-10-2003 06:13 PM

you mean like this?
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$_COOKIE['bbpassword']");
[/sql]

then i get this error
Can't query: SELECT * FROM user WHERE password=

where normally (without single quotes) i get this error
Can't query: SELECT * FROM user WHERE password= some 25 digit number

mr e	03-10-2003 06:27 PM

i tried it in phpmyadmin and this is the error i got
Unknown column '79ab945544e5bc017a2317b6146ed3aa' in 'where clause'

the query i used was
[sql]
$bbuserinfo = $sql->query("SELECT * FROM `user` WHERE `password`=$_COOKIE[bbpassword]");
[/sql]

filburt1

03-10-2003 06:32 PM

PHP Code:


		
			
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password = \"" . $_COOKIE['bbpassword'] . "\"");

mr e	03-10-2003 06:35 PM

darn you turtle boy and your always being right :p thanks though :D

Lesane

03-11-2003 12:26 PM

Mr_e, it's not smart to post your md5 password hash here. Did you know that you can crack md5 hashes?

filburt1

03-11-2003 12:55 PM

It takes exponentially or logarithmically longer to break an md5 hash the longer the original string was, although I do agree that it wasn't wise.

Also Lesane, please shorten your sig to eight lines (you're only allowed eight lines of small text :))

DrkFusion

03-11-2003 01:12 PM

Approximatly how long does it take to crack a unique password which is encrypted in md5? With only the hash available?

I know there are programs that have dictionaries and brute it out, so if the password is apple, and since apple is present in the dictionary it will compare and tell you. Im really not sure how long, the method of cracking unique passwords.

Do not get me wrong, I do not want to hack or crack:)

filburt1

03-11-2003 01:41 PM

It takes minutes for a couple letters, days for a few more, and many, many years for a couple words.

All times are GMT. The time now is 04:59 PM.

Page 1 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01108 seconds Memory Usage 1,726KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: