Jump to content

Part MYSQL PART PHP password hashing

Bobfm

By Bobfm
in MySQL Help

 Share

Recommended Posts

Bobfm Newbie

Bobfm

Posted
Posted

I am trying to get this little piece of code right...

Just need to be able to login using OLD_PASSWORD and not MD5 but despite my best efforts I can only get the MD5 method to work...

 

// --------------- GET/POST actions

$member['ID']	    = $_POST['ID'];
$member['Password']   = md5( process_pass_data( $_POST['Password'] ) );

if ( !( $_POST['ID'] && $_POST['Password'] ) && ( $_COOKIE['memberID'] && $_COOKIE['memberPassword'] ) )
{
    if ( !( $logged['member'] = member_auth( 0, false ) ) )
login_form( _t( "_LOGIN_OBSOLETE" ) );
}

 

How would it be changed to OLD_PASSWORD from the MD5?

 

If I could get alittle help I would be so ever grateful...

I got the registering in OLD_PASSWORD working changing password using it just I know there is something small I am missing..

 

Link to comment
Share on other sites
Bobfm Newbie

Bobfm

Posted
  • Author
Posted

Well it only lets a user login using md5... despite my best efforts.... I am a game designer not a coder.. but I learning... :(

 

I need it to use OLD_PASSWORD instead of md5.

Everywhere I have tried to enter it after removing the md5 doesn't work.

 

It's for a Game that the client uses a older version of MYSQL

And I need the Server to stay the way it is.

 

I got the register.php code to use OLD_PASSWORD instead of the md5

The change password. But not the login.php which is what I posted below

// --------------- GET/POST actions

$member['ID']	    = $_POST['ID'];
$member['Password']   = md5( process_pass_data( $_POST['Password'] ) );

if ( !( $_POST['ID'] && $_POST['Password'] ) && ( $_COOKIE['memberID'] && $_COOKIE['memberPassword'] ) )
{
    if ( !( $logged['member'] = member_auth( 0, false ) ) )
login_form( _t( "_LOGIN_OBSOLETE" ) );
}
else
{
    if ( !$_POST['ID'] && !$_POST['Password'] )
{
	// this is dynamic page -  send headers to do not cache this page
	send_headers_page_changed();

	login_form();
}
    else
    {
        $member['ID'] = getID( $member['ID'] );

        // Check if ID and Password are correct (addslashes already inside)
        if ( check_login( $member['ID'], $member['Password'] ) )
        {
		setcookie( "memberID", $_COOKIE['memberID'], time() - 3600, '/' );
		setcookie( "memberPassword", $_COOKIE['memberPassword'], time() - 3600, '/' );
		setcookie( "memberID", $member['ID'], 0, '/' );
		setcookie( "memberPassword", $member['Password'], 0, '/' );
		//setcookie( 'userArray', 'aUser' . $member['ID'] );
		$update_res = db_res( "UPDATE `Profiles` SET `LastLoggedIn` = NOW() WHERE `ID` = {$member['ID']}" );
		createUserDataFile( $member['ID'] );

Link to comment
Share on other sites
Bobfm Newbie

Bobfm

Posted
  • Author
Posted

Nope. I want to be able to login using the OLD_PASSWORD function instead of MD5.

I already got the register.php to store them as OLD_PASSWORD.

If I want the plain version I can just remove the md5 from:

 

member['Password']  = md5( process_pass_data( $_POST['Password'] ) )

 

Well I posted it here as it could be both. As it could be a SQL setting I could solve the problem with.. thou... I would much prefer the script to allow users to login using OLD_... then to-redo my whole MYSQL install..

 

So it's both

If I am wrong my apologies....

If I move it will you answer it? ....lol...

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

well this old password function you speak of is not a mysql or php function nor do I see any mysql issues here you simply got your self into something you don't know so either figure out what it needs to pay some one to fix it cause you aren't asking any questions that we can help you

 

You can only retrieve what is in the database so if the passwords are MD5ed you can't use a different algorithm to encrypt them and expect to find matches.

Link to comment
Share on other sites
Bobfm Newbie

Bobfm

Posted
  • Author
Posted

Okay last try...

 

I took out the MD5 out of: $fval = md5( process_pass_data( $fval ) );

In the registration page below...

	switch ( $arrpd['type'] )
	{
		case 'set': // set of checkboxes
		case 'r': // reference to array for combo box
		case 'a': // text Area
		case 'c': // input box
		case 'rb': // radio buttons
		case 'e': // enum combo box
		case 'en': // enum combo box with numbers
		case 'eny': // enum combo box with numbers
		case 'date': // date
			$fval = process_db_input( $fval, 0, 1 );
			$cl_values .= " `$dbname` = '$fval'";
			$cl_values .= ", ";
			break;
		case 'p':
			$fval = md5( process_pass_data( $fval ) );
			$cl_values .= " `$dbname` = '$fval'";
			$cl_values .= ", ";
			break;

 

Then I edited it

	$fval = process_db_input( $fval, 0, 1 );
			$cl_values .= " `$dbname` = '$fval'";
			$cl_values .= ", ";
			break;
		case 'p':
			$fval = md5( process_pass_data( $fval ) );
			$cl_values .= " `$dbname` = 'OLD_PASSWORD('$fval')'";
			$cl_values .= ", ";
			break;

And it stores the password using the  OLD_PASSWORD .

 

And similar on the changepassword.php

 

Now my users can't log in with their passwords as the memberslogin is using md5.

So how do I change the script in my first two posts to let users log in with the OLD_PASSWORD function.

 

Now if that is to complicated cool to understand then I guess I am in the wrong forum. I just figured this is where the freaks are...

 

I will figure it out eventually... just would be nice to not have to spend hours or days trying.. when I know  I am just missing something little...

 

 

 

 

 

Link to comment
Share on other sites
Bobfm Newbie

Bobfm

Posted
  • Author
Posted

I got it... Never mind... had to add one line and a line to an include file.

 

I guess this is just a reminder of why I don't ask for help from these places... not once has anyone been able to answer my questions. Instead I'm told I posted it in the wrong place.. or when the question is difficult to understand... you get a "It doesn't even make sense."

 

Wow I guess to noobs it would not.

 

Please admin delete this account, since I noticed I can't myself.. my email and name forever trapped here..

 

::)

Link to comment
Share on other sites
fenway Advanced Member

fenway

Posted
Posted

I guess this is just a reminder of why I don't ask for help from these places... not once has anyone been able to answer my questions. Instead I'm told I posted it in the wrong place.. or when the question is difficult to understand... you get a "It doesn't even make sense."

 

Wow I guess to noobs it would not.

Only if you want to judge the quality of these forums based on the rantings of a single individual...

 

well if you enjoy writing junk and asking even worse questions then you do not belong here

Entirely uncalled for -- if you don't understand, then don't respond.  You've been warned.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.