Jump to content


Photo

making a member login script with vbulletin


  • Please log in to reply
6 replies to this topic

#1 newb

newb
  • Members
  • PipPipPip
  • Advanced Member
  • 454 posts

Posted 20 June 2006 - 10:06 PM

im making a member login script and using vbulletin passwords. the problem is, that vbulletin uses some weird encryption or something and when i put my password in, it says its wrong.. i thought vbulletin uses md5 but apparently they dont ... i went to another md5 encryption site, and got my password encrypted elsewhere, and it didnt match the one i got from my vbulletin database at all...

here's my script..

<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password
        $md5Pass = md5( $_POST['pass'] );
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>

i guess vbuletin use some kinda salt or something i duno but its weird.

#2 Kris

Kris
  • Staff Alumni
  • Advanced Member
  • 2,755 posts
  • LocationThe Internet

Posted 20 June 2006 - 10:09 PM

Can you post an example encrypted password?

EDIT: Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?

#3 newb

newb
  • Members
  • PipPipPip
  • Advanced Member
  • 454 posts

Posted 20 June 2006 - 10:16 PM

yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.


EDIT: Just searched on Google, and someone posted somewhere else that vB hashes passwords through md5, then salts it, then through md5 again... Maybe you could extract the encryption function from vB and use it to encrypt your passwords?


omg thats crazy...i dont even know what vb file the function is in aahhh...........

#4 legohead6

legohead6
  • Members
  • PipPipPip
  • Advanced Member
  • 434 posts

Posted 20 June 2006 - 11:45 PM

[!--quoteo(post=386168:date=Jun 20 2006, 05:16 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 20 2006, 05:16 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
yeah.

the pasword in vbulletin database: b6ca97cccb2cd8fa4afa7cff7d741a03

the same password i use to login my vbulletin forum (encrypted at [a href=\"http://www.iwebtool.com/md5):\" target=\"_blank\"]http://www.iwebtool.com/md5):[/a] 374789384d64563d38e5de0b357a10bc

fucking weird. if i put the 2nd md5 password inside the database, it logs in perfectly so i guess the vbulletin database uses some weird encryption but i dont know what it is.
omg thats crazy...i dont even know what vb file the function is in aahhh...........
[/quote]

Please Watch your language!

Thanks
"Syntax error" .. WHERE THE **** IS IT?!

#5 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 20 June 2006 - 11:53 PM

in your datadase password colum add this.


cf1ff14ba4fd584135f81648a4436cf3 

when log in use admin as the password.


<?

$password="admin";

$result=MD5(MD5(password.salt)); 

echo $result;

?> 




try this code edited.
<form action="index.php?p=login" method="post" enctype="multipart/form-data">
        Username: <input type="text" name="user" />
        Password: <input type="password" name="pass" />
        <input type="submit" value="Login" />
    </form>

<?

    if ( $_GET['p'] == 'login' ) {
    
  $server = "localhost";
  $username = "xx";
  $password = "xx";
  $database = "xx";
  $con = mysql_connect($server, $username, $password);
  mysql_select_db($database);
  
        // MD5 the form password

        $md5Pass = MD5(MD5(pass.salt)); 
        
        // Get user details from MySQL Table
        $Query = mysql_query( " SELECT * FROM tbl_users WHERE username = '$_POST[user]' " );
        $result = mysql_fetch_array( $Query );
        
        // Check that the form password matches the one in the database
        if ( $md5Pass == $result['password'] ) {
            echo 'User logged in';
        } else {
            echo 'Wrong Password, please try again';
        }
        
    }
    
?>

Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#6 newb

newb
  • Members
  • PipPipPip
  • Advanced Member
  • 454 posts

Posted 23 June 2006 - 05:37 PM

[!--quoteo(post=386192:date=Jun 20 2006, 07:45 PM:name=legohead6)--][div class=\'quotetop\']QUOTE(legohead6 @ Jun 20 2006, 07:45 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Please Watch your language!

Thanks
[/quote]


dont be a fag.

#7 DaveLinger

DaveLinger
  • Members
  • PipPipPip
  • Advanced Member
  • 268 posts
  • LocationWV, USA

Posted 23 June 2006 - 05:48 PM

[!--quoteo(post=387248:date=Jun 23 2006, 01:37 PM:name=newb)--][div class=\'quotetop\']QUOTE(newb @ Jun 23 2006, 01:37 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
dont be a fag.
[/quote]

seriously. Watch it. The mods will crack come down on you.
http://www.DaveLinger.com
dave at linger dot com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users