Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
  #1  
Old 08-25-2012, 09:07 PM
movmix movmix is offline
 
Join Date: Sep 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default how to hash or md5 userid

Hi everyone

what I am trying to do is how can I hash user id such as

https://vborg.vbsupport.ru/member.php?u=219992

i want hash these number or MD5 it


can I ?
Reply With Quote
  #2  
Old 08-25-2012, 10:56 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you mean you want to do that everywhere a userid is used in a url? Or just one place?

If you don't mind my asking, why would you want ot do that? I'm asking because if you did hash the userid, I don't know how the code would figure out which user your meant except by starting with 1 and hashing all user ids until one matched, and anyone could do that.
Reply With Quote
  #3  
Old 08-25-2012, 11:10 PM
movmix movmix is offline
 
Join Date: Sep 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Just find it
Reply With Quote
  #4  
Old 08-25-2012, 11:13 PM
AcheronAI's Avatar
AcheronAI AcheronAI is offline
 
Join Date: Aug 2012
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think it would be easier to add a new field to the user and have unique ids in it, while that would take a bit of coding it would be less work then changing their user id.
Reply With Quote
  #5  
Old 08-26-2012, 12:49 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().
Reply With Quote
  #6  
Old 08-26-2012, 02:48 AM
movmix movmix is offline
 
Join Date: Sep 2007
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by kh99 View Post
I know what you mean now, you just want to put something as a parameter that can't be guessed so people can't cheat. You could hash the user id (maybe concatenating it with some "secret" string value), but the only way to get back the userid would be to calculate the has value for each id until you find one that matches. Or you could do something like is mentioned above. You don't have to add a column to the user table, you could make a new table and just use any random value as a id into the table (this is how activation and password changes work, using the useractivation table. Maybe you could figure out a way to use that same table).

Or maybe you just wanted to know the name of the php function? It's md5().
OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0 d518dca3bb31d0e

See, If I want add the hash how can I ?
Reply With Quote
  #7  
Old 08-26-2012, 02:59 AM
AcheronAI's Avatar
AcheronAI AcheronAI is offline
 
Join Date: Aug 2012
Posts: 31
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would stay away from the hash idea , how are you going to find the correct member? If you check each user that could put a strain on the server if you have a lot of members.
Reply With Quote
  #8  
Old 08-26-2012, 08:32 AM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by movmix View Post
OK. Let's say that i want add MD5 with userid like


register.php?referrerid=1&invite=5808409b7ba1463c0 d518dca3bb31d0e

See, If I want add the hash how can I ?

Well, you could include the userid and also a hash to check the validity. Is that what you mean? It probably wouldn't be really great security-wise, but it might be good enough for your purpose. You could do something like make a secret phrase that you define in your code, then to produce the "invite" parameter, make a hash of the phrase with the userid, like

Code:
$referrerid = 10; // userid of referer
$secret = "This is a secret";
$invite = md5($secret . $referrerid);

Then when the link is clicked you can do the same thing (because you'll have the userid in the "referrerid" parameter) and compare them.

With this scheme, an uninvited person trying to register won't know how to create the right hash value to look like they were refered by a certain user, but of course once someone knows one of the hash values, it can be used again and again, which is why the other idea of storing a random value in a db table is better.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:48 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04857 seconds
  • Memory Usage 2,223KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete