The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Password help
Hey,
I am using VB 3.8 and am trying to validate the password through an external app. Here is the PHP code I have Code:
$username = isset($_GET[$usernameLabel]) ? ($_GET[$usernameLabel]) : ""; $password = isset($_GET[$passwordLabel]) ? ($_GET[$passwordLabel]) : ""; $userid = isset($_GET[$useridLabel]) ? $_GET[$useridLabel] : ""; $script = isset($_GET[$scriptLabel]) ? ($_GET[$scriptLabel]) : ""; $action = isset($_GET[$actionLabel]) ? $_GET[$actionLabel] : ""; switch($action){ case $actionLoginLabel: $userid = -1; $res = mysql_query("select `userid`,`username`,`password`,`salt` from `user` where 1",$sql_con); while($row = mysql_fetch_array($res,MYSQL_ASSOC)){ if($row["password"] == md5(md5($password).$row["salt"]) && strtolower($row["username"]) == strtolower($username)){ $userid = $row["userid"]; break; } } //echo(enc($userid)); echo($userid); break; Code:
private void loginButton_event(ActionEvent e) { char[] p_raw = passwordTextBox.getPassword(); String p = ""; for(char c : p_raw){ p = p + Character.toString(c); } try { userid = Integer.parseInt(getPage(DOMAIN+"?"+LABEL_ACTION+"="+LABEL_ACTION_LOGIN+"&"+LABEL_USERNAME+"="+usernameTextBox.getText()+"&"+LABEL_PASSWORD+"="+p)); } catch(NumberFormatException err){} if(userid > -1){ username = usernameTextBox.getText(); password = p; setVisible(false); } else { JOptionPane.showMessageDialog(this,"Incorrect login details!","Error!",JOptionPane.ERROR_MESSAGE); } } |
#2
|
|||
|
|||
<span style="text-decoration: line-through">I think maybe it should be:</span> nvm, Eric is right.
|
#3
|
||||
|
||||
Here is what vB 3.8 has in functions login:
PHP Code:
PHP Code:
|
#4
|
|||
|
|||
That's the same code I already have :/.
I think i need to encrypt it on the java side so it will read it from the database? |
#5
|
|||
|
|||
That's my fault - in the previous post I was suggesting that it needed to be changed and Eric was pointing out that what you have is correct. I deleted my code just to avoid someone seeing it in the future and thinking it might be correct.
Quote:
One thing, you probably need to html encode the password to handle cases where it has special characters. Maybe doing an md5() on the java side would be a good idea. It might take care of that and any issue where someone might see the url (like server logs). |
#6
|
|||
|
|||
It seems the password is more encrypted than i thought, can I PM you the whole code to see if you can work it out?
|
#7
|
|||
|
|||
You can do that if you'd like.
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|