Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page (PHP) Check VB md5 password on non-vb page
Register FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 12-22-2004, 03:19 PM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default (PHP) Check VB md5 password on non-vb page
I have a header system on my forums that has an upload area that ONLY staff (mods and admins) can get too and upload new headers for the forums home page.

http://www.scifi-meshes.com/forums

Now.. prior to my update to PHP 4.3.10 (on saturday) this header system was working fine. However after that update (which I assume is part of the problem) I've discovered that I can no longer log into my header management page (self created).

The code for checking the password is as follows:
Code:
	/* password correct? */
	$query = "SELECT salt, password FROM user WHERE username='$username'"; 
	$result = mysql_query($query) or die("The information you entered does not match our records.");
	$row=mysql_fetch_array($result);

	$dbpassword = $row['password'];
	$salt = $row['salt'];	

	if ($dbpassword == md5(md5($password). $salt)) {
		print "Password correct<br><br>";
	}
	else {
		die("password not correct!");
	}
This compares what the user entered with that is stored in the Vbulletin forums MySQL database. However, I am ALWAYS getting "Password not correct!" and I have changed my password a few times to see if something wasn't set properly.

Can anyone help me? This code WAS working perfectly.
Reply With Quote
  #2  
Old 12-22-2004, 07:40 PM
all-the-vb's Avatar
all-the-vb all-the-vb is offline
 
Join Date: Apr 2003
Location: Norwich,Uk
Posts: 174
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
PHP Code:
    /* password correct? */
    $query "SELECT salt, password FROM user WHERE username='$username'"
    $result mysql_query($query) or die("The information you entered does not match our records.");
    $row=mysql_fetch_array($result);

    $dbpassword $row['password'];
    $salt $row['salt'];    

    if ($dbpassword == md5($password$salt)) {
        print "Password correct<br><br>";
    }
    else {
        die("password not correct!");
    } 
Reply With Quote
  #3  
Old 12-28-2004, 01:35 PM
Aceman's Avatar
Aceman Aceman is offline
 
Join Date: Mar 2002
Location: Virginia, USA
Posts: 172
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
The change from:

if ($dbpassword == md5(md5($password). $salt)) {

to This:

if ($dbpassword == md5($password. $salt)) {

Apprently does not work.
Reply With Quote
  #4  
Old 12-28-2004, 01:39 PM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I believe the license # has something to do with it too. There are a few topics around like this, you'll find the answer there
Reply With Quote
  #5  
Old 12-28-2004, 02:24 PM
Zubaz Zubaz is offline
 
Join Date: Dec 2004
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I've done this before, $user[password]==md5(md5($unencrypted).$user[salt])) should've worked.

I would start echoing variables and seeing what's not matching up.
Reply With Quote
  #6  
Old 12-29-2004, 10:13 PM
rake's Avatar
rake rake is offline
 
Join Date: Nov 2002
Posts: 311
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
or you could just use the same if vbulletin uses for checking login information:

taken from function_login.php, verify_authentication function:

if (
$bbuserinfo['password'] != iif($password AND !$md5password, md5(md5($password) . $bbuserinfo['salt']), '') AND
$bbuserinfo['password'] != md5($md5password . $bbuserinfo['salt']) AND
$bbuserinfo['password'] != iif($md5password_utf, md5($md5password_utf . $bbuserinfo['salt']), '')
)
Reply With Quote
  #7  
Old 12-30-2004, 11:38 AM
Dean C's Avatar
Dean C Dean C is offline
 
Join Date: Jan 2002
Location: England
Posts: 9,071
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hold on a second, if you're doing this from within vBulletin anyway, just check to see if a user is logged in using if(!$bbuserinfo['userid']) and then use is_moderator() function
Reply With Quote
  #8  
Old 12-30-2004, 01:40 PM
rake's Avatar
rake rake is offline
 
Join Date: Nov 2002
Posts: 311
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i don't think he's using vbulletin. in the first snippet of code he's using mysql_query.
Reply With Quote
  #9  
Old 12-30-2004, 02:56 PM
Zubaz Zubaz is offline
 
Join Date: Dec 2004
Posts: 14
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
the title fo the thread also includes "on non-vb page"...
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 04:04 PM.

Contact Us - Archive - Privacy Policy - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06446 seconds
  • Memory Usage 4,723KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (9)post_thanks_box
  • (9)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (9)post_thanks_postbit_info
  • (9)postbit
  • (9)postbit_onlinestatus
  • (9)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/functions_amr.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete