Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-04-2008, 04:20 PM
sjsteve33171 sjsteve33171 is offline
 
Join Date: Jan 2008
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Text to MD5

Hi guys,

What i need is to be able for people to convert text to md5 hash.

The aim is i'm using a auth system based of website registration and certain member id's and group id's. Now i'd like to be able for them to authenticate via website name and password typed in the notepad.

So the program inputs their text entrys into a sql statement hardcoded in, and send it off for results. One of those things required would be thier password but in MD5 has form.

Is this possible?
Reply With Quote
  #2  
Old 06-04-2008, 08:36 PM
MoT3rror MoT3rror is offline
 
Join Date: Mar 2007
Posts: 423
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
md5($text); 
http://www.php.net/md5
Reply With Quote
  #3  
Old 06-05-2008, 07:23 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Note that vBulletin uses more than a straight MD5 hash.
Reply With Quote
  #4  
Old 06-05-2008, 12:26 PM
sjsteve33171 sjsteve33171 is offline
 
Join Date: Jan 2008
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This is my problem. As its not a simple

Code:
md5( $var)
I need a method... Any ideas?
Reply With Quote
  #5  
Old 06-05-2008, 01:18 PM
Opserty Opserty is offline
 
Join Date: Apr 2007
Posts: 4,103
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
md5md5($password) . $salt
Reply With Quote
  #6  
Old 06-06-2008, 02:12 PM
sjsteve33171 sjsteve33171 is offline
 
Join Date: Jan 2008
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Opserty View Post
PHP Code:
md5md5($password) . $salt
Perfect sense, but salt is

Code:
$salt = "SOME_RANDOM_NUMBERS_HERE";
So i need need to know how you generate your salt code so i can match it up.
Reply With Quote
  #7  
Old 06-07-2008, 06:40 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The salt field is contained within the user table. It is three random characters generated at registration. You will need to use the salt from the user table to verify users.
Reply With Quote
  #8  
Old 06-09-2008, 06:36 AM
sjsteve33171 sjsteve33171 is offline
 
Join Date: Jan 2008
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks all for your input. I Got this working so thought i would post this php script incase anyone else wanted to use it. It basically asks for the users name fetches all required info from the db then asks for their password in text and prints the password in vBulletin md5 format.

Fill in your host + db info and the rest should be fine as long as your on vBulletin!

Code:
<?php
if( eregi( "md5.php",$PHP_SELF ) )
{
    Header("Location: http://www.some_website_here.co.uk");
    die( );
}

$WebsiteUsername = $_POST['Website_Username'];
$WebsitePassword = $_POST['Website_Password'];
$UserVerify = $_POST['User_Verify'];
$Website_Uauth = "Unauthenicated";
$ReadyForPass = false;

$DB_Host = "";
$DB_Name = "";
$DB_Username = "";
$DB_Password = "";
$ConnectWebsite = mysql_pconnect($DB_Host, $DB_Username, $DB_Password) or trigger_error(mysql_error(),E_USER_ERROR); 

if ($ConnectWebsite)
{
	mysql_select_db($DB_Name) or die("[ERROR]Could Not Select The Database ($DB_Name)");
}

if (isset($WebsiteUsername) && $WebsiteUsername != NULL && $UserVerify == "Verify_That")
{
	$CustomerInfoSQL = "SELECT username FROM user WHERE username='$WebsiteUsername'";
	$CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error());
	$CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery);
	$CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery);
	
	if ($CustomerVerifyRowCount == 1)
	{
		$Website_Uauth = "Authenicated";
		$ReadyForPass = true;
	}
	else
	{
		echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>";
		die();
	}
}
elseif (isset($WebsiteUsername) && $WebsiteUsername != NULL && isset($WebsitePassword) && $WebsitePassword != NULL && $UserVerify == "Verify_Pass")
{
	$CustomerInfoSQL = sprintf("SELECT username FROM user WHERE username='%s'",
	get_magic_quotes_gpc() ? $WebsiteUsername : addslashes($WebsiteUsername)); 
	$CustomerInfoQuery = mysql_query($CustomerInfoSQL, $ConnectWebsite) or die(mysql_error());
	$CustomerInfoFetch = mysql_fetch_assoc($CustomerInfoQuery);
	$CustomerVerifyRowCount = mysql_num_rows($CustomerInfoQuery);
	
	if ($CustomerVerifyRowCount == 1)
	{		
		$SaltInfoSQL = "SELECT salt FROM user WHERE username='$WebsiteUsername'";
		$SaltInfoQuery = mysql_query($SaltInfoSQL, $ConnectWebsite) or die(mysql_error());
		$SaltInfoFetch = mysql_fetch_assoc($SaltInfoQuery);
		$SaltVerifyRowCount = mysql_num_rows($SaltInfoQuery);
		
		if ($SaltVerifyRowCount >= 1)
		{
			$SaltFound = true;
			$UsersSalt = $SaltInfoFetch['salt'];
		}
	}
	else
	{
		echo "<div align=\"center\"><b>UNKNOWN USER DETECTED</b></div>";
		die();
	}
	
}

?>
<html>
	<head>
		<title>Text To vBulletin Password Converter</title>
	</head>
<body>
<?php
if (!isset($WebsiteUsername) && $Website_Uauth == "Unauthenicated" && $ReadyForPass == false)
{
?>
	<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
		<table border="1">
		<tr>
			<td>Enter your User:</td>
			<td><input type="text" name="Website_Username" value="" maxlength="25"></td>
		</tr>
		<input type="hidden" name="User_Verify" value="Verify_That">
		<tr>	
			<td align="center" colspan="2"><input type="submit" value="Verify User"></td>
		</tr>
			
	</form>

<?php
}
elseif (isset($WebsiteUsername) && $Website_Uauth == "Authenicated" && $ReadyForPass == true)
{?>
	<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
		<table border="1">
		<tr>
			<td colspan="2">Valid User: <font color="#009900"><?php echo $WebsiteUsername?></font></td>
			<input type="hidden" name="Website_Username" value="<?php echo $WebsiteUsername?>">
		</tr>
		<tr>
			<td>Password:</td>
			<td><input type="text" name="Website_Password" value=""></td>
		</tr>
		<input type="hidden" name="User_Verify" value="Verify_Pass">
		<tr>	
			<td align="center" colspan="2"><input type="submit" value="Click To Create MD5 Value"></td>
		</tr>
		
	</form>
<?php	
}
elseif($SaltFound == true && $UsersSalt != NULL)
{
	$code = md5( md5( $WebsitePassword ) . $UsersSalt ); 
	echo "The password you have entered is: ".$WebsitePassword."<br>";
	echo "The md5 password is: ".$code."";
}
?>
</body>
</html>
Reply With Quote
  #9  
Old 06-09-2008, 06:58 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would not suggest anyone to use this script as it is vulnerable to SQL-Injections.
Reply With Quote
  #10  
Old 06-09-2008, 09:58 AM
sjsteve33171 sjsteve33171 is offline
 
Join Date: Jan 2008
Posts: 24
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Any suggestions then to make it secure?

It was more of a 'This is how i got it working' more than a 'Here's how to'. Im not up to date on high security as i'm still learning, Was hoping it may help some
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:06 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03986 seconds
  • Memory Usage 2,265KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_code
  • (3)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete