Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-21-2007, 05:48 PM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default md5 password + salt

Alright, I have a website with a user system, all the user passwords are stored in a mysql database and md5 encrypted. I am attempting to re-encrypt all those passwords with a salt so the same password will be used on my website, as the forum. I have come up with this..

http://www.teenagezone.org

I'm using functions straight from vBulletin to do it, and when I get it working right, changing it so it will loop through all the users in my database and update their password to work with a salt. Now.. it dosn't seem to be working right. The script works, but when I update that in the database for vbulletin, and try logging in, it will not work.

Here is the scripts..

index.php
PHP Code:
<?php
include "pwfunction.php";

if (!
$_POST['submit']){
echo 
"<form method='POST' style='margin: 0px;'>
<b>Hash: </b>
<input type='password' name='pass'><br><br>
<input type='submit' name='submit' value='sumbmit'>
</form>"
;
}else{
$password $_POST['pass'];

$salt fetch_user_salt();
$hash hash_password($password$salt);

echo (
"$hash - $salt");

}
?>
pwfunction.php
PHP Code:
<?php

    
function hash_password($password$salt)
    {
        if (
$password == '')
        {
        }
        else if (
verify_md5($password))
        {
            
$password md5($password);
        }
        return 
md5($password $salt);
    }


function 
fetch_user_salt($length 3)
{
    
$salt '';
    for (
$i 0$i $length$i++)
    {
        
$salt .= chr(rand(33126));
    }
    return 
$salt;
}

    function 
verify_md5(&$md5)
    {
        return (
preg_match('#^[a-f0-9]{32}$#'$md5) ? true false);
    }
    
?>
Does anyone know the problem or can give me some advice of why it is not working.
Reply With Quote
  #2  
Old 06-22-2007, 06:22 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

pwfunction.php, function 'hash_password'.
PHP Code:
else if (verify_md5($password)) 
Should be:
PHP Code:
else if (!verify_md5($password)) 
Reply With Quote
  #3  
Old 06-22-2007, 11:08 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wow, thanks! I would have never thought to do that and would be sitting there for days attempting to make it work.

Sorry for double posting, but I have something to add to this post. I currently have the script grabbing users from my website testing database, and it works! But.. it only does some, then errors. The reason being is to much work for the server doing this in a while loop for 4000 members (re encrypting plus producing a slat). Does anyone know how to limit how many it will do in a second/minute, or offer a idea for a different solution for doing this which will work?

Thanks.
Reply With Quote
  #4  
Old 06-25-2007, 07:10 PM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Norco View Post
Wow, thanks! I would have never thought to do that and would be sitting there for days attempting to make it work.

Sorry for double posting, but I have something to add to this post. I currently have the script grabbing users from my website testing database, and it works! But.. it only does some, then errors. The reason being is to much work for the server doing this in a while loop for 4000 members (re encrypting plus producing a slat). Does anyone know how to limit how many it will do in a second/minute, or offer a idea for a different solution for doing this which will work?

Thanks.
Anyone?
Reply With Quote
  #5  
Old 06-26-2007, 07:37 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Add a variable. Increase it every time a user goes by.
Reply With Quote
  #6  
Old 06-26-2007, 02:29 PM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dismounted View Post
Add a variable. Increase it every time a user goes by.
How so?
Reply With Quote
  #7  
Old 06-26-2007, 09:33 PM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What kind of errors do you get?
Reply With Quote
  #8  
Old 06-26-2007, 11:51 PM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MarkPW View Post
What kind of errors do you get?
It just says you have a error with your sql syntax, but I think its because a) it is loading all random characters, right? So it is interfering with the sql update query and/or b) it is trying to load all 4000 at the same time, causing it to stop.

It only does about 10-20 then errors.... the highest its ever gotten was to 75, but then I have to drop the table and upload the backup to try again. The only thing I can think of doing is adding check boxes to the script with the usernames, check off 10, click submit, and it will update those one, then in the while loop it will only grab rows where there is noting in the salt field. But that would take a long time...
Reply With Quote
  #9  
Old 06-27-2007, 12:40 AM
MarkPW MarkPW is offline
 
Join Date: Apr 2006
Posts: 65
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What exactly is the error with your SQL syntax?
Reply With Quote
  #10  
Old 06-27-2007, 12:48 AM
Norco Norco is offline
 
Join Date: Jun 2007
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MarkPW View Post
What exactly is the error with your SQL syntax?
It varies with each run. For example:

First run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$R' WHERE `id`='1819'' at line 1
Second run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1472'' at line 1
Third run:
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'E' WHERE `id`='3290'' at line 1
By run I mean refresh.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:53 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04754 seconds
  • Memory Usage 2,277KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_php
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete