Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #11  
Old 06-27-2007, 01:12 AM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It sounds as though you aren't escaping certain value(s) in your sql statement. Are you using mysql_escape_string() on your variables before you use them in your statement?
Reply With Quote
  #12  
Old 06-27-2007, 01:34 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

No? The source to the script I am using is located in the first post in this thread, I quoted it below.

Quote:
Originally Posted by Norco View Post
Alright, I have a website with a user system, all the user passwords are stored in a mysql database and md5 encrypted. I am attempting to re-encrypt all those passwords with a salt so the same password will be used on my website, as the forum. I have come up with this..

http://www.teenagezone.org

I'm using functions straight from vBulletin to do it, and when I get it working right, changing it so it will loop through all the users in my database and update their password to work with a salt. Now.. it dosn't seem to be working right. The script works, but when I update that in the database for vbulletin, and try logging in, it will not work.

Here is the scripts..

index.php
PHP Code:
<?php
include "pwfunction.php";

if (!
$_POST['submit']){
echo 
"<form method='POST' style='margin: 0px;'>
<b>Hash: </b>
<input type='password' name='pass'><br><br>
<input type='submit' name='submit' value='sumbmit'>
</form>"
;
}else{
$password $_POST['pass'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

echo (
"$hash - $salt");

}
?>
pwfunction.php
PHP Code:
<?php

    
function hash_password($password$salt)
    {
        if (
$password == '')
        {
        }
        else if (
verify_md5($password))
        {
            
$password md5($password);
        }
        return 
md5($password $salt);
    }


function 
fetch_user_salt($length 3)
{
    
$salt '';
    for (
$i 0$i $length$i++)
    {
        
$salt .= chr(rand(33126));
    }
    return 
$salt;
}

    function 
verify_md5(&$md5)
    {
        return (
preg_match('#^[a-f0-9]{32}$#'$md5) ? true false);
    }
    
?>
Does anyone know the problem or can give me some advice of why it is not working.
Reply With Quote
  #13  
Old 06-27-2007, 01:49 AM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

AFAIK your problem is to do with your SQL statement. Your script above tells me nothing that will explain your SQL errors.
Reply With Quote
  #14  
Old 06-27-2007, 01:51 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You asked if I was using mysql_escape_string()... which would be in the source if I was, right?
Reply With Quote
  #15  
Old 06-27-2007, 01:59 AM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Where are your SQL errors generated from? You're giving me half the story - I haven't a clue what's happening in the "rest" of your script. The above script generated a password hash with salt. It has does nothing to do with your database. Your SQL errors are coming from somewhere...
Reply With Quote
  #16  
Old 06-27-2007, 02:06 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MarkPW View Post
Where are your SQL errors generated from? You're giving me half the story - I haven't a clue what's happening in the "rest" of your script. The above script generated a password hash with salt. It has does nothing to do with your database. Your SQL errors are coming from somewhere...
OH. Ok here:

PHP Code:
<?php
include "pwfunction.php";

 
$dbh=mysql_connect ("localhost""user""password") or die ('I cannot connect to the database because: ' mysql_error());
mysql_select_db ("database");

$get mysql_query("SELECT * FROM users") or die('Error, query failed');
while(
$row mysql_fetch_array($get)){

$password $row['password']; 
$id $row['id'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

$update mysql_query("UPDATE users SET `password`='$hash', `salt`='$salt' WHERE `id`='$id'") or die(mysql_error());
}
?>
pwfunctions.php is the same. Sorry my bad, I forgot to add the updated script for running it.
Reply With Quote
  #17  
Old 06-27-2007, 02:29 AM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Since you have a connection to your database, you can use mysql_real_escape_string() (which you should use anyway). This should solve your problem:

PHP Code:
$salt mysql_real_escape_string(fetch_user_salt());
$hash mysql_real_escape_string(hash_password($password$salt));

$update mysql_query("UPDATE users SET `password`='$hash', `salt`='$salt' WHERE `id`='$id'") or die(mysql_error()); 
Reply With Quote
  #18  
Old 06-27-2007, 02:33 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Let me try this, just a second.

Ah! It worked! Thank you SO MUCH.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:18 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.10394 seconds
  • Memory Usage 2,243KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete