vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Modification Requests/Questions (Unpaid) (https://vborg.vbsupport.ru/forumdisplay.php?f=112)
-   -   Customizing login.php (https://vborg.vbsupport.ru/showthread.php?t=61481)

latinguy 02-12-2004 04:43 PM
Customizing login.php
 
Hi,

How can I modify the login.php file so when someone tries to log in it only checks 2 fields in the db table, the username and password. Nothing about salt and others.. only check if the username and password entered are in the database table, if they are found then you are logged in if they are not found give the error.

Thanks in advance

Daniel

Andreas 02-12-2004 04:56 PM
Impossible. You need the salt as for security reasons passwords aren't stored in the database - only MD5-Hashes with a salt to randomize the results.
This makes it more difficult to crack passwords, as MD5 itself is not collision-free.

But you could simplify the login very much, avoiding almost all "vB-Overhead".
What exactly do you want to achieve?

latinguy 02-12-2004 05:04 PM
Quote:
Originally Posted by KirbyDE
Impossible. You need the salt as for security reasons passwords aren't stored in the database - only MD5-Hashes with a salt to randomize the results.
This makes it more difficult to crack passwords, as MD5 itself is not collision-free.

But you could simplify the login very much, avoiding almost all "vB-Overhead".
What exactly do you want to achieve?
What I want to do is this.. in http://vac.dndweb.net/forum when someone tries to log in on top and click 'log in' the action page only looks for the username and password. If the query recordcount is 1 (meaning it was found) then you are successfuly logged in if not you get an error.

How can I do this??

latinguy 02-12-2004 05:27 PM
Quote:
Originally Posted by latinguy
What I want to do is this.. in http://vac.dndweb.net/forum when someone tries to log in on top and click 'log in' the action page only looks for the username and password. If the query recordcount is 1 (meaning it was found) then you are successfuly logged in if not you get an error.

How can I do this??
I was thinking something like this:

function login($username,$password)
{

global $myDB;

$myquery = "SELECT username, password FROM forum_user WHERE (username = '$username') AND (password = '".md5($password)."')";
$myresult = $myDB->query($myquery);

... rest of coding here before it gets logged in ...

}

login($_POST['vb_login_username'],$_POST['vb_login_password']);

Don't know if that makes sense at all.

Hope you get what I want to do :)

Hugs,

Daniel

Andreas 02-12-2004 05:41 PM
So you actually just want to verify that username and password are correct?

Then this might get you started:

PHP Code:
<?php
  if (!isset($_POST[username])) {
    echo "Please enter your username &amp; password below<br />";
    echo "<form method=\"post\" action=\"$PHP_SELF\">";
?>
    Username: <input name="username" size="30"><br /> 
    Password: <input name="password" type="password" size="30"><br>
    <input type="submit">&nbsp;<input type="reset">
    </form>
<?php    
  } else {
    // Check if combination is correct
    include('./includes/config.php');
    $link mysql_connect($servername$dbusername$dbpassword) or die("Could not connect mySQL-Server");
    mysql_select_db($dbname) or die ("Could not open vB database"); 
    $res mysql_query("SELECT userid,username,password FROM user WHERE MD5(CONCAT(MD5('$_POST[password]'), salt)) = password AND username='$_POST[username]'"$link) or die ("Invalid query");
    if (mysql_num_rows($res) == 1)
      echo "Login OK";
    else
      echo "Login failed";
  }
?>

yoyo 03-06-2004 07:20 PM
Oh, thank you! I searched ages for this!

Can I ask, though, are there any security implications in accessing username and password in this way?


All times are GMT. The time now is 09:10 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02635 seconds
  • Memory Usage 1,742KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete