Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 11-08-2004, 10:56 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Nakor
and yep $row['password'] is the password field from the database.
The password stored in teh database already is a md5 hash. You can not calculate back teh password from it if this is what you're trying.

Like Kirby said, you can with that formula calculate the hash of a userinputed password to compaire to the (hashed) password stored in the database, to see if it matches.
Reply With Quote
  #12  
Old 11-08-2004, 12:14 PM
Link14716's Avatar
Link14716 Link14716 is offline
 
Join Date: Jun 2002
Location: Georgia, USA
Posts: 2,519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MarcoH64
The password stored in teh database already is a md5 hash. You can not calculate back teh password from it if this is what you're trying.

Like Kirby said, you can with that formula calculate the hash of a userinputed password to compaire to the (hashed) password stored in the database, to see if it matches.
He's trying to match to cookie value, with is hashed again with the license number.
Reply With Quote
  #13  
Old 11-08-2004, 12:20 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Link14716
He's trying to match to cookie value, with is hashed again with the license number.
Yes that's what he try to do, but if i read back his last 2 posts:
Quote:
ok I tried it like this:
echo md5($row['password'] . 'LicenseID');
Yet it still doesnt match =(
Also I confirmed that this is definately my license ID and not my customer ID.
And
Quote:
and yep $row['password'] is the password field from the database.
It looks like he is trying the md5 on the pass stored in the database.

Oops re-read the whole thing again, and i think i made a mistake here. You're probably right that he already understood it correct.
Reply With Quote
  #14  
Old 11-08-2004, 07:31 PM
Nakor Nakor is offline
 
Join Date: Nov 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Nah I can't get it heh, I'm full on trying all combinations of the password and my license ID but I doesn't salt go in there somewhere? And yeah I'm trying to compare the set cookie with the persons password to see if they REALLY are logged in.
Reply With Quote
  #15  
Old 11-08-2004, 08:26 PM
Link14716's Avatar
Link14716 Link14716 is offline
 
Join Date: Jun 2002
Location: Georgia, USA
Posts: 2,519
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

As said, the password stored in the database is md5(md5(password) . salt).
The password stored in cookies is md5(md5(md5(password) . salt) . licensenumber).
Reply With Quote
  #16  
Old 11-08-2004, 09:21 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry to go slightly off topic, but what is the "salt" bit ?
Reply With Quote
  #17  
Old 11-08-2004, 09:35 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
Sorry to go slightly off topic, but what is the "salt" bit ?
Its a random blurb of 3-4 characters generated when someone registereds to further remove the ability of bruteforcing passwords
Reply With Quote
  #18  
Old 11-08-2004, 10:08 PM
Nakor Nakor is offline
 
Join Date: Nov 2004
Posts: 17
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok got it working, thanks heaps for the help =)
Reply With Quote
  #19  
Old 12-03-2004, 07:15 AM
the drifter the drifter is offline
 
Join Date: Dec 2004
Posts: 2
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Nakor
Ok got it working, thanks heaps for the help =)
how did you get it working i am trying to do the same
Reply With Quote
  #20  
Old 12-06-2004, 10:33 AM
GreeceMonkey GreeceMonkey is offline
 
Join Date: Dec 2004
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hello people,
can somebody help me with my SQL. I have the same problems as above, and still cant get it working.

Here is mySQL syntax

SELECT MD5(CONCAT(MD5("6536e4053b7eb3375d3ef92acceab8e2") , "Lxxxxxxx"));
the hash above is the one found in my password column in the user table

I took the licence number out of the post, but it is the L number at the top of all my PHP pages, however I cant get this to match the cookie value for the userpassword.

Can any body help ?

Graham
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 10:06 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05207 seconds
  • Memory Usage 2,246KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete