Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-23-2009, 01:02 PM
digitalstudio digitalstudio is offline
 
Join Date: Feb 2009
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default bbpassword Query

Hi.

I need to write a query that takes the value of the "bbpassword" cookie and checks it against the user table "password" field.

The query will look something like this:
PHP Code:
$stmt "SELECT user.`userid` 
         FROM `user` 
         WHERE `password` = '" 
md5($_COOKIE['bbpassword'])  . "' "

My question is: Which functions do I need to run of the bbpassword cookie value to check it against the password field? As I'm pretty sure md5() isn't the only one!

Thanks.
Reply With Quote
  #2  
Old 02-23-2009, 01:41 PM
TigerC10's Avatar
TigerC10 TigerC10 is offline
 
Join Date: Apr 2006
Location: Austin, TX
Posts: 616
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The cookie password is:

PHP Code:
md5(md5(md5($password) . $salt) . $license
The password hash in the user table is:
PHP Code:
md5(md5($password) . $salt
It is not possible to "undo" a hash. You cannot search for passwords in the database like this. In order to do what you want, you'll have to select password from the database - and then run a while loop that hashes the values out and then compares with the cookie data.

PHP Code:
$passes $db->query_read("SELECT password FROM "TABLE_PREFIX ."user");
while( 
$user $db->fetch_array($passes) )
{
     if( 
md5$user[password] . $license ) == $_COOKIE['bbpassword'] )
     {
          
//Do something that you want to do when the password matches
          
break;
     }



This is terribly inefficient, I wouldn't do it if I were you.
Reply With Quote
  #3  
Old 02-23-2009, 02:11 PM
digitalstudio digitalstudio is offline
 
Join Date: Feb 2009
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TigerC10 View Post
PHP Code:
$passes $db->query_read("SELECT password FROM "TABLE_PREFIX ."user");
while( 
$user $db->fetch_array($passes) )
{
     if( 
md5$user[password] . $license ) == $_COOKIE['bbpassword'] )
     {
          
//Do something that you want to do when the password matches
          
break;
     }



This is terribly inefficient, I wouldn't do it if I were you.
You're right. But you can do the same thing in a single query. I forgot to mention that i will also be doing a lookup on the user ID:

PHP Code:
$stmt "SELECT user.`userid` 
         FROM `user` 
         WHERE MD5(CONCAT(user.`password`, '" 
$license "')) = '" $_COOKIE['bbpassword'] . "' 
         AND user.`userid` = '" 
$userid "'"
But thanks for the info, you've answered my question.
Reply With Quote
  #4  
Old 02-23-2009, 03:41 PM
TigerC10's Avatar
TigerC10 TigerC10 is offline
 
Join Date: Apr 2006
Location: Austin, TX
Posts: 616
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I wasn't aware MySQL had an MD5 function, is that a new addition for MySQL 5? That makes things totally different.
Reply With Quote
  #5  
Old 02-24-2009, 04:41 AM
Dismounted's Avatar
Dismounted Dismounted is offline
 
Join Date: Jun 2005
Location: Melbourne, Australia
Posts: 15,047
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It's existed prior to that: http://dev.mysql.com/doc/refman/4.1/...functions.html
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:34 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.14280 seconds
  • Memory Usage 2,216KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (6)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete