The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
![]()
Hi guys,
What i need is to be able for people to convert text to md5 hash. The aim is i'm using a auth system based of website registration and certain member id's and group id's. Now i'd like to be able for them to authenticate via website name and password typed in the notepad. So the program inputs their text entrys into a sql statement hardcoded in, and send it off for results. One of those things required would be thier password but in MD5 has form. Is this possible? |
#2
|
|||
|
|||
![]() PHP Code:
|
#3
|
||||
|
||||
![]()
Note that vBulletin uses more than a straight MD5 hash.
|
#4
|
|||
|
|||
![]()
This is my problem. As its not a simple
Code:
md5( $var) |
#5
|
|||
|
|||
![]() PHP Code:
|
#6
|
|||
|
|||
![]()
Perfect sense, but salt is
Code:
$salt = "SOME_RANDOM_NUMBERS_HERE"; |
#7
|
||||
|
||||
![]()
The salt field is contained within the user table. It is three random characters generated at registration. You will need to use the salt from the user table to verify users.
|
#8
|
|||
|
|||
![]()
Thanks all for your input. I Got this working so thought i would post this php script incase anyone else wanted to use it. It basically asks for the users name fetches all required info from the db then asks for their password in text and prints the password in vBulletin md5 format.
Fill in your host + db info and the rest should be fine as long as your on vBulletin! Code:
<?php if( eregi( "md5.php",$PHP_SELF ) ) { Header("Location: http://www.some_website_here.co.uk"); die( ); } $WebsiteUsername = $_POST['Website_Username']; $WebsitePassword = $_POST['Website_Password']; $UserVerify = $_POST['User_Verify']; $Website_Uauth = "Unauthenicated"; $ReadyForPass = false; $DB_Host = ""; $DB_Name = ""; $DB_Username = ""; $DB_Password = ""; $ConnectWebsite = mysql_pconnect($DB_Host, $DB_Username, $DB_Password) or trigger_error(mysql_error(),E_USER_ERROR); if ($ConnectWebsite) { mysql_select_db($DB_Name) or die("[ERROR]Could Not Select The Database ($DB_Name)"); } if (isset($WebsiteUsername) && $WebsiteUsername != NULL && $UserVerify == "Verify_That") { $CustomerInfoSQL = "SELECT username FROM user WHERE username='$WebsiteUsername'"; $CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error()); $CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery); $CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery); if ($CustomerVerifyRowCount == 1) { $Website_Uauth = "Authenicated"; $ReadyForPass = true; } else { echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>"; die(); } } elseif (isset($WebsiteUsername) && $WebsiteUsername != NULL && isset($WebsitePassword) && $WebsitePassword != NULL && $UserVerify == "Verify_Pass") { $CustomerInfoSQL = sprintf("SELECT username FROM user WHERE username='%s'", get_magic_quotes_gpc() ? $WebsiteUsername : addslashes($WebsiteUsername)); $CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error()); $CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery); $CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery); if ($CustomerVerifyRowCount == 1) { $SaltInfoSQL = "SELECT salt FROM user WHERE username='$WebsiteUsername'"; $SaltInfoQuery = mysql_query($SaltInfoSQL, $ConnectWebsite) or die(mysql_error()); $SaltInfoFetch = mysql_fetch_assoc($SaltInfoQuery); $SaltVerifyRowCount = mysql_num_rows($SaltInfoQuery); if ($SaltVerifyRowCount >= 1) { $SaltFound = true; $UsersSalt = $SaltInfoFetch['salt']; } } else { echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>"; die(); } } ?> <html> <head> <title>Text To vBulletin Password Converter</title> </head> <body> <?php if (!isset($WebsiteUsername) && $Website_Uauth == "Unauthenicated" && $ReadyForPass == false) { ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"> <table border="1"> <tr> <td>Enter your User:</td> <td><input type="text" name="Website_Username" value="" maxlength="25"></td> </tr> <input type="hidden" name="User_Verify" value="Verify_That"> <tr> <td align="center" colspan="2"><input type="submit" value="Verify User"></td> </tr> </form> <?php } elseif (isset($WebsiteUsername) && $Website_Uauth == "Authenicated" && $ReadyForPass == true) {?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>"> <table border="1"> <tr> <td colspan="2">Valid User: <font color="#009900"><?php echo $WebsiteUsername?></font></td> <input type="hidden" name="Website_Username" value="<?php echo $WebsiteUsername?>"> </tr> <tr> <td>Password:</td> <td><input type="text" name="Website_Password" value=""></td> </tr> <input type="hidden" name="User_Verify" value="Verify_Pass"> <tr> <td align="center" colspan="2"><input type="submit" value="Click To Create MD5 Value"></td> </tr> </form> <?php } elseif($SaltFound == true && $UsersSalt != NULL) { $code = md5( md5( $WebsitePassword ) . $UsersSalt ); echo "The password you have entered is: ".$WebsitePassword."<br>"; echo "The md5 password is: ".$code.""; } ?> </body> </html> |
#9
|
|||
|
|||
![]()
I would not suggest anyone to use this script as it is vulnerable to SQL-Injections.
|
#10
|
|||
|
|||
![]()
Any suggestions then to make it secure?
It was more of a 'This is how i got it working' more than a 'Here's how to'. Im not up to date on high security as i'm still learning, Was hoping it may help some |
![]() |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|