Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-17-2011, 10:28 PM
iimp iimp is offline
 
Join Date: Feb 2011
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Password help

Hey,

I am using VB 3.8 and am trying to validate the password through an external app. Here is the PHP code I have

Code:
	$username = isset($_GET[$usernameLabel]) ? ($_GET[$usernameLabel]) : "";
	$password = isset($_GET[$passwordLabel]) ? ($_GET[$passwordLabel]) : "";
	$userid = isset($_GET[$useridLabel]) ? $_GET[$useridLabel] : "";
	$script = isset($_GET[$scriptLabel]) ? ($_GET[$scriptLabel]) : "";

	$action = isset($_GET[$actionLabel]) ? $_GET[$actionLabel] : "";
	
	switch($action){
	case $actionLoginLabel:	
		$userid = -1;
		$res = mysql_query("select `userid`,`username`,`password`,`salt` from `user` where 1",$sql_con);
		while($row = mysql_fetch_array($res,MYSQL_ASSOC)){	
			if($row["password"] == md5(md5($password).$row["salt"]) && strtolower($row["username"]) == strtolower($username)){
				$userid = $row["userid"];
				break;
			}
		}
		//echo(enc($userid));
		echo($userid);
		break;
and here is the java

Code:
		private void loginButton_event(ActionEvent e) {
			char[] p_raw = passwordTextBox.getPassword();
			String p = "";
			for(char c : p_raw){
				p = p + Character.toString(c);
			}
			
			try {
				userid = Integer.parseInt(getPage(DOMAIN+"?"+LABEL_ACTION+"="+LABEL_ACTION_LOGIN+"&"+LABEL_USERNAME+"="+usernameTextBox.getText()+"&"+LABEL_PASSWORD+"="+p));
			} catch(NumberFormatException err){}
			
			if(userid > -1){
				username = usernameTextBox.getText();
				password = p;
				
				setVisible(false);
			} else {
				JOptionPane.showMessageDialog(this,"Incorrect login details!","Error!",JOptionPane.ERROR_MESSAGE);
			}
		}
It always shows as Incorrect login but I am using the right login/pass, can anyone help fix this please?
Reply With Quote
  #2  
Old 09-18-2011, 12:59 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

<span style="text-decoration: line-through">I think maybe it should be:</span> nvm, Eric is right.
Reply With Quote
  #3  
Old 09-18-2011, 01:21 AM
Eric's Avatar
Eric Eric is offline
 
Join Date: May 2006
Location: Kentucky
Posts: 792
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is what vB 3.8 has in functions login:

PHP Code:
md5(md5($password) . $vbulletin->userinfo['salt']) 
So:
PHP Code:
md5(md5($password) . $row['salt']) 
Should be fine. I'm not familiar with Java but are you sure you are getting the input values correctly?
Reply With Quote
  #4  
Old 09-18-2011, 09:38 AM
iimp iimp is offline
 
Join Date: Feb 2011
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's the same code I already have :/.

I think i need to encrypt it on the java side so it will read it from the database?
Reply With Quote
  #5  
Old 09-18-2011, 10:32 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by iimp View Post
That's the same code I already have :/.
That's my fault - in the previous post I was suggesting that it needed to be changed and Eric was pointing out that what you have is correct. I deleted my code just to avoid someone seeing it in the future and thinking it might be correct.


Quote:
I think i need to encrypt it on the java side so it will read it from the database?
I don't think so - I think if you added an md5() on the java side you'd have to remove one on the server side. Have you tried anything like writing some debug info to a file to see what values you're working with?

One thing, you probably need to html encode the password to handle cases where it has special characters. Maybe doing an md5() on the java side would be a good idea. It might take care of that and any issue where someone might see the url (like server logs).
Reply With Quote
  #6  
Old 09-18-2011, 10:38 AM
iimp iimp is offline
 
Join Date: Feb 2011
Posts: 13
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It seems the password is more encrypted than i thought, can I PM you the whole code to see if you can work it out?
Reply With Quote
  #7  
Old 09-18-2011, 10:49 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can do that if you'd like.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 08:13 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.09268 seconds
  • Memory Usage 2,229KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (2)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete