Go Back   vb.org Archive > vBulletin 5 Connect Discussion > vB5 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-29-2013, 05:03 PM
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Posts: 129
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Password Hash Algorithm

Hi, according to other threads the following SHOULD compute the password hash for vBulletin:

md5(md5($rawpassword).#seed) where seed is the user hash.

However, it's not working on my server. Passwords do work within vBulletin but not when I am trying to set up a script licensing site to use the same vBulletin logins. When I run the same formula drawing from the same exact database, I get a different result. Not going to post the hash here but they are completely different results. Does anyone have a clue why that would be happening?
Reply With Quote
  #2  
Old 08-29-2013, 08:48 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Its a salt, not a seed, but where are you getting the salt from?

Here is a query I use to reset passwords:
Code:
UPDATE user
set password = MD5(concat(MD5('NewPassword'), user.salt))
WHERE userid = UserID
Reply With Quote
  #3  
Old 08-29-2013, 09:47 PM
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Posts: 129
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks. Salt is what I mean. Not sure why I said seed.

--------------- Added [DATE]1377819932[/DATE] at [TIME]1377819932[/TIME] ---------------

Here is my problem. This is not a real salt but it shows the special characters I am running into. I changed the alphanumeric characters.

6K)Gf"Y@LqQs|{N_ 6K)Gf"Y@LqQs|{N_ 0 [49]

This is what I see in phpMyAdmin and when I print_r($res) of the particular record I testing with.

What I get with the below code:
Code:
$userhash = $res[0]['hash'];
is this output: 6K)Gf"Y@LqQs|{N_

It seems almost like something changed in PHP because if something funky is in the hash character wise, the string is getting chopped. Is there a way around this?

--------------- Added [DATE]1377820593[/DATE] at [TIME]1377820593[/TIME] ---------------

To explain what I am after, I want to set up a licensing site where the members login to the website using the same credentials as they use in the forum, but still a separate login, that is not sharing sessions. However, the above problem is stopping me and has me stumped as to what is causing PDO to chop part of it. Do I need to set a character set or something in the database?
Reply With Quote
  #4  
Old 08-30-2013, 10:34 AM
nhawk nhawk is offline
 
Join Date: Jan 2011
Posts: 1,604
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.
Reply With Quote
  #5  
Old 08-30-2013, 05:00 PM
dmm2020 dmm2020 is offline
 
Join Date: Apr 2010
Posts: 129
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by nhawk View Post
I don't know how you're getting special characters in salt. Salt is limited to ascii 33 to 126. None of those are control or special characters.

Now if you're getting special characters in your hash, that's a problem with your hash coding. Not with salt.
I changed the salt but the problem I run into now, is the md5 formula before yields a different value in MySQL as compared to PHP. I am grabing the salt from $res[0]['salt'] and password from $_POST['[pass']) and using md5(md5($rawpassword).$salt) but this yields a different result than the MySQL version done in VB. Basically, what I want to do is set up a subsidiary site to log in with vb credentials (not sharing session data though).

EDIT: I figured out the problem. When user salt contains nonconventional characters (see nhawk's post), MD5 produces different results between php and MySQL.
Reply With Quote
  #6  
Old 08-30-2013, 06:06 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Worth a try:

md5( ( md5( trim( $rawpassword ) ) . trim($salt) )
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:42 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.11709 seconds
  • Memory Usage 2,206KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete