Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 04-28-2004, 05:25 PM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default md5 password authentication on non-vb pages.

I've got a contest in development on my site where members will vote on a winning. However, I require that they be members before that can upload entries and submit a vote (when the contest is in the voting stage).

I had this working before VB3.. with VB2.. however now it no longer works. Below is the code I used for VB2 and VB3 to compare the submitted password with the one stored in the database.

I realize the password is encrypted in the database and can not be reversed. However I guess I need to encrypt the password the member inputs and then compare that to the one stored in the database. IF they match.. access granted.. if they don't.. end.

Here's the VB2 Code:
Code:
$query = "select password, userid from user where username='$username'";
$result = mysql_query($query) or die("Query failed");

$row=mysql_fetch_array($result);

$userid = $row['userid'];
	
if ($row['password'] == md5($password)) {
	print "Password correct<br><br>";
}
else {
	die("password not correct!");
}
Here's the VB3 Code that never correctly matches the passwords:
Code:
$query = "SELECT password FROM user WHERE username='$username' AND password = MD5(CONCAT(MD5('$password'), salt))"; 
$result = mysql_query($query) or die("Query failed");

$row=mysql_fetch_array($result);

$userid = $row['userid'];

/* THIS IS WHERE THE PROBLEM IS */

if ($row['password'] == MD5(CONCAT(MD5('$password'), salt)) {
	print "Password correct!<br><br>";
}
else {
	die("password not correct!");
}
Any help on how to properly encrypt the inputed password to match that stored in the database would be greatly appreciated.

Aceman
Reply With Quote
  #2  
Old 04-28-2004, 05:31 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Why not just use the vB login html from the navbar template?
Reply With Quote
  #3  
Old 04-29-2004, 04:41 PM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Anyone know how to properly encrypt a submitted password so it can be checked against the one in the VB database?

Aceman
Reply With Quote
  #4  
Old 04-29-2004, 05:59 PM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Code:
echo $row['password'];
print "<br>";
echo (md5($password). salt) ;
does not return the same numbers at all. But it DOES pull the correct one from the VB database.
Reply With Quote
  #5  
Old 04-30-2004, 02:28 AM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

A friend of mine who's a PHP GOD.. helped me figure this one out. Daneel.. you da man!

You can use the following code to accept a username and password from a form and then compare it to what's stored in the VB3 Database. NOTE This takes into account the md5 and salt encryption. It works perfectly for me.

Code:
// hostname or ip of server
	$servername='localhost';

	// username and password to log onto db server
	$dbusername='?????????';
	$dbpassword='?????????';

	// name of database ($dbname2 is my VB3 database)
	$dbname='MY_contest';
	$dbname2='MY_forum';

	/* Connecting, selecting database */
	$link = mysql_connect($servername, $dbusername, $dbpassword)
		or die("Could not connect");
	print "Connected successfully<br><br>";
	mysql_select_db($dbname2) or die("Could not select database");

	/* Necessary fields filled? */
	if (!$username || !$password || !$name || !$country || !$email || !$picture || !$stats)
		die("Fill in all necessary fields.");


	/* password correct? */
	$query = "SELECT salt, password FROM user WHERE username='$username'"; 
	$result = mysql_query($query) or die("The information you entered does not match our records.");
	$row=mysql_fetch_array($result);

	$dbpassword = $row['password'];
	$salt = $row['salt'];	

	if ($dbpassword == md5(md5($password). $salt)) {
		print "Password correct<br><br>";
	}
	else {
		die("password not correct!");
	}
Then just place the rest of whatever you need your page to do after the password comparison.

I honestly have yet to find this code posted anywhere on VB.org and VB.com so I hope this helps someone!

Aceman
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04603 seconds
  • Memory Usage 2,206KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete