Jump to content

Archived

This topic is now archived and is closed to further replies.

newb

making a member login script with vbulletin

Recommended Posts

im making a member login script and using vbulletin passwords. the problem is, that vbulletin uses some weird encryption or something and when i put my password in, it says its wrong.. i thought vbulletin uses md5 but apparently they dont ... i went to another md5 encryption site, and got my password encrypted elsewhere, and it didnt match the one i got from my vbulletin database at all...

here's my script..

[code]<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password
        $md5Pass = md5( $_POST['pass'] );
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>[/code]

i guess vbuletin use some kinda salt or something i duno but its weird.

Share this post


Link to post
Share on other sites
Can you post an example encrypted password?

[b]EDIT:[/b] Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?

Share this post


Link to post
Share on other sites
yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.


[quote]
EDIT: Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?[/quote]

omg thats crazy...i dont even know what vb file the function is in aahhh...........

Share this post


Link to post
Share on other sites
[!--quoteo(post=386168:date=Jun 20 2006, 05:16 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 20 2006, 05:16 PM) [snapback]386168[/snapback][/div][div class=\'quotemain\'][!--quotec--]
yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.
omg thats crazy...i dont even know what vb file the function is in aahhh...........
[/quote]

Please Watch your language!

Thanks

Share this post


Link to post
Share on other sites
in your datadase password colum add this.


[code]
cf1ff14ba4fd584135f81648a4436cf3
[/code]

when log in use admin as the password.

[code]

<?

$password="admin";

$result=MD5(MD5(password.salt));

echo $result;

?>

[/code]



try this code edited.
[code]
<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password

        $md5Pass = MD5(MD5(pass.salt));
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>
[/code]

Share this post


Link to post
Share on other sites
[!--quoteo(post=386192:date=Jun 20 2006, 07:45 PM:name=legohead6)--][div class=\'quotetop\']QUOTE(legohead6 @ Jun 20 2006, 07:45 PM) [snapback]386192[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Please Watch your language!

Thanks
[/quote]


dont be a fag.

Share this post


Link to post
Share on other sites
[!--quoteo(post=387248:date=Jun 23 2006, 01:37 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 23 2006, 01:37 PM) [snapback]387248[/snapback][/div][div class=\'quotemain\'][!--quotec--]
dont be a fag.
[/quote]

seriously. Watch it. The mods will crack come down on you.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.