making a member login script with vbulletin

[newb]

im making a member login script and using vbulletin passwords. the problem is, that vbulletin uses some weird encryption or something and when i put my password in, it says its wrong.. i thought vbulletin uses md5 but apparently they dont ... i went to another md5 encryption site, and got my password encrypted elsewhere, and it didnt match the one i got from my vbulletin database at all...

here's my script..

[code]<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password
        $md5Pass = md5( $_POST['pass'] );
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>[/code]

i guess vbuletin use some kinda salt or something i duno but its weird.

[zq29]

Can you post an example encrypted password?

[b]EDIT:[/b] Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?

[newb]

yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.


[quote]
EDIT: Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?[/quote]

omg thats crazy...i dont even know what vb file the function is in aahhh...........

[legohead6]

[!--quoteo(post=386168:date=Jun 20 2006, 05:16 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 20 2006, 05:16 PM) [snapback]386168[/snapback][/div][div class=\'quotemain\'][!--quotec--]
yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.
omg thats crazy...i dont even know what vb file the function is in aahhh...........
[/quote]

Please Watch your language!

Thanks

[redarrow]

in your datadase password colum add this.


[code]
cf1ff14ba4fd584135f81648a4436cf3
[/code]

when log in use admin as the password.

[code]

<?

$password="admin";

$result=MD5(MD5(password.salt));

echo $result;

?>

[/code]



try this code edited.
[code]
<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password

        $md5Pass = MD5(MD5(pass.salt));
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>
[/code]

[newb]

[!--quoteo(post=386192:date=Jun 20 2006, 07:45 PM:name=legohead6)--][div class=\'quotetop\']QUOTE(legohead6 @ Jun 20 2006, 07:45 PM) [snapback]386192[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Please Watch your language!

Thanks
[/quote]


dont be a fag.

[DaveLinger]

[!--quoteo(post=387248:date=Jun 23 2006, 01:37 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 23 2006, 01:37 PM) [snapback]387248[/snapback][/div][div class=\'quotemain\'][!--quotec--]
dont be a fag.
[/quote]

seriously. Watch it. The mods will crack come down on you.