vb.org Archive - (PHP) Check VB md5 password on non-vb page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)

- - (PHP) Check VB md5 password on non-vb page (https://vborg.vbsupport.ru/showthread.php?t=73206)

(PHP) Check VB md5 password on non-vb page

I have a header system on my forums that has an upload area that ONLY staff (mods and admins) can get too and upload new headers for the forums home page.

http://www.scifi-meshes.com/forums

Now.. prior to my update to PHP 4.3.10 (on saturday) this header system was working fine. However after that update (which I assume is part of the problem) I've discovered that I can no longer log into my header management page (self created).

The code for checking the password is as follows:

Code:

        /* password correct? */

        $query = "SELECT salt, password FROM user WHERE username='$username'"; 

        $result = mysql_query($query) or die("The information you entered does not match our records.");

        $row=mysql_fetch_array($result);



        $dbpassword = $row['password'];

        $salt = $row['salt'];        



        if ($dbpassword == md5(md5($password). $salt)) {

                print "Password correct<br><br>";

        }

        else {

                die("password not correct!");

        }

This compares what the user entered with that is stored in the Vbulletin forums MySQL database. However, I am ALWAYS getting "Password not correct!" and I have changed my password a few times to see if something wasn't set properly.

Can anyone help me? This code WAS working perfectly.

PHP Code:


		
			
    /* password correct? */

    $query = "SELECT salt, password FROM user WHERE username='$username'"; 

    $result = mysql_query($query) or die("The information you entered does not match our records.");

    $row=mysql_fetch_array($result);



    $dbpassword = $row['password'];

    $salt = $row['salt'];    



    if ($dbpassword == md5($password. $salt)) {

        print "Password correct<br><br>";

    }

    else {

        die("password not correct!");

    }

The change from:

if ($dbpassword == md5(md5($password). $salt)) {

to This:

if ($dbpassword == md5($password. $salt)) {

Apprently does not work.

I believe the license # has something to do with it too. There are a few topics around like this, you'll find the answer there :)

I've done this before, $user[password]==md5(md5($unencrypted).$user[salt])) should've worked.

I would start echoing variables and seeing what's not matching up.

or you could just use the same if vbulletin uses for checking login information:

taken from function_login.php, verify_authentication function:

if (
$bbuserinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $bbuserinfo['salt']), '') AND
$bbuserinfo['password'] != md5($md5password . $bbuserinfo['salt']) AND
$bbuserinfo['password'] != iif($md5password_utf, md5($md5password_utf . $bbuserinfo['salt']), '')
)

Hold on a second, if you're doing this from within vBulletin anyway, just check to see if a user is logged in using if(!$bbuserinfo['userid']) and then use is_moderator() function :)

i don't think he's using vbulletin. in the first snippet of code he's using mysql_query.

the title fo the thread also includes "on non-vb page"...

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01015 seconds Memory Usage 1,735KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code_printable (1)bbcode_php_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_navbar_search (1)printthread (9)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: