The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#11
03-21-2004, 12:01 AM
|
||||
|
||||
hmm, i think just the administrators have a special salt as well.
At least the upgradescript said something about salting administrators passwords. Truly a bit confusing, we might sum up such things in a modification tutorial ^^ 
|
|
#12
04-08-2004, 05:30 PM
|
||||
|
||||
|
Quote:
$userPassword = md5(mysql_result($result, 0, "password")."#####"); The ##### is my license number. Providing my license number is correct (which it is.), the login should work. This code, however, returns a totally different hash than what is stored in the cookie. Is there an error in my code, or is the above quote incorrect?
|
|
#13
04-10-2004, 11:08 PM
|
||||
|
||||
|
There's a new field in the table 'user' named 'salt'.
I solved it like this: //Query: SELECT password,salt FROM user WHERE username = '".$username."' Login is correct if $password = md5(md5($Input_PW_from_User) . $SALT_Value_from_Table_User)
|
|
#14
04-13-2004, 02:38 AM
|
||||
|
||||
|
OK... im still getting two different hashes. What you are saying is i should apply the code you provided to the hash in the cookie?
OK... so I tried this (minus some obvious stuff, but you should get the point): $bbuserid = $HTTP_COOKIE_VARS["bbuserid"]; $bbpassword = $HTTP_COOKIE_VARS["bbpassword"]; $query = "SELECT password, salt FROM user WHERE userid = '$bbuserid'"; $result = mysql_query($query, $connection); $salt = mysql_result($result, 0, "salt"); $password = mysql_result($result, 0, "password"); $bbpassword = md5(md5($bbpassword).$salt); But this still doesn't work... $password (from the db) and $bbpassword (from the cookie) still do not match. I even tried switching it around and applying what you have told me to the hash in the DB, but still no luck. It seems VB has made their product more secure, must much less customizable since no one at VB will answer this question. It may just be time to switch to different software.
|
|
#15
04-13-2004, 12:39 PM
|
||||
|
||||
|
Quote:
In your code "$bbpassword" must be equal to "md5(md5($password.$salt))".
|
|
#16
04-13-2004, 07:09 PM
|
||||
|
||||
|
As I said I tried it to both passwords but I had the salt only in the 2nd hash of the operation... "md5(md5($password).$salt)". But even after I fixed it... meaning I did not rehash the cookie password, and applied what you have said to the db password, it still doesn't work! Heres the script I'm using just to see if i can get the hashes to match:
Code:
$bbuserid = $HTTP_COOKIE_VARS["bbuserid"]; $bbpassword = $HTTP_COOKIE_VARS["bbpassword"]; $query = "SELECT password, salt FROM user WHERE userid = '$bbuserid'"; $result = mysql_query($query, $connection); $salt = mysql_result($result, 0, "salt"); $password = mysql_result($result, 0, "password"); $password = md5(md5($password.$salt)); echo "$bbpassword (cookie)<br>"; echo "$password (db)<br>"; echo "$salt (salt)<br>"; Also... I appreciate the help very much... I've been waiting for an answer for a while here... my whole site is shut down and I'm losing valuable traffic everyday. Thank you very much.
|
|
#17
04-15-2004, 12:45 PM
|
|||
|
|||
|
Hi,
I'm not sure if it helps but I've been trying to do something similar but instead of pulling from a cookie I was checking the password from a form field. It took a long time to work out but the actual code I needed was: $bbpassword = md5(md5($bbpassword).$salt); - Note where the brackets are.
|
|
#18
04-15-2004, 08:59 PM
|
||||
|
||||
|
Thats what I'm working on now... I've given up on getting an answer from anyone at VB, and I've lost too much traffic. I'll tell you this is the last time I'm using VB...
Thanks for the info!
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 08:17 PM.