Jump to content

Recommended Posts

Hi all,

 

Respectz & Greetz To PHPFreaks team!

 

I am trying to set up a login form for an existing sql database. usernames & passswords already exist... I basically need to know what function has been used to secure these passwords.. Which look like:

 

$1$EgZYyOOM$k1zO1PylkPdEuzpLX9Qfu0

 

Cheers! Clarity

 

Link to comment
https://forums.phpfreaks.com/topic/148544-is-this-md5/
Share on other sites

yes, ok.. well, it looks like it might be salted somewhere.... Ive tried crypt(), no success... and then base64_encode(), which is the function in the original script used to post the password to the database... but still, the output for base64_encode looks different to what i posted above... from what can see, base64_encode doesnt output with the $ symbols...so thats where im thinkin salt?

So the only other option I have had has been to use a reset password page :-\ - which is just crappy...lol.. but it will have to do...

 

 

Thanks guys for all of your help, and suggestion:)

 

Clarity

 

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/148544-is-this-md5/#findComment-780720
Share on other sites

Hi there,

 

here i the code from the original script:

 

<?php
$page = "signup";
include "header.php";

if(isset($_POST['task'])) { $task = $_POST['task']; } else { $task = "step1"; }

// SET ERROR VARS
$is_error = 0;


// IF USER IS ALREADY LOGGED IN, FORWARD TO USER HOME PAGE
if($user->user_exists != 0) { header("Location: user_home.php"); exit(); }



// CHECK IF USER SIGNUP COOKIES SET (STEPS 3, 4, 5)
$signup_logged_in = 0;
if($task != "step1" && $task != "step1do" && $task != "step2" && $task != "step2do") {
  if(isset($_COOKIE['signup_id']) && isset($_COOKIE['signup_email']) && isset($_COOKIE['signup_password'])) {

    // GET USER ROW IF AVAILABLE
    $user_id = $_COOKIE['signup_id'];
    $new_user = new se_user(Array($user_id));

    // VERIFY USER LOGIN COOKIE VALUES AND RESET USER LOGIN VARIABLE
    if($_COOKIE['signup_email'] == crypt($new_user->user_info[user_email], "$1$".$new_user->user_info[user_code]."$") && $_COOKIE['signup_password'] == $new_user->user_info[user_password]) {
      $signup_logged_in = 1;
    }
  }

  if($signup_logged_in != 1) { cheader("signup.php"); exit(); }
}

if($signup_logged_in != 1) {
  setcookie("signup_id", "", 0, "/");
  setcookie("signup_email", "", 0, "/");
  setcookie("signup_password", "", 0, "/");
  $_COOKIE['signup_id'] = "";
  $_COOKIE['signup_email'] = "";
  $_COOKIE['signup_password'] = "";
  $new_user = new se_user();
  if($task == "step1") { 
    if(isset($_GET['signup_email'])) { $signup_email = $_GET['signup_email']; } else { $signup_email = ""; }
    if(isset($_GET['signup_invite'])) { $signup_invite = $_GET['signup_invite']; } 
    $signup_password = ""; 
    $signup_timezone = $setting['setting_timezone'];
  }
}



// PROCESS INPUT FROM FIRST STEP (OR DOUBLE CHECK VALUES), CONTINUE TO SECOND STEP (OR SECOND STEP PROCESSING)
if($task == "step1do" || $task == "step2do") {
  $signup_email = $_POST['signup_email'];
  $signup_password = $_POST['signup_password'];
  $signup_password2 = $_POST['signup_password2'];
  $step = $_POST['step'];
    if($task == "step2do" && $step != "1") {
      $signup_password = base64_decode($signup_password);
      $signup_password2 = base64_decode($signup_password2);
    }
  $signup_username = $_POST['signup_username'];
  $signup_timezone = $_POST['signup_timezone'];
  $signup_invite = $_POST['signup_invite'];
  $signup_cat = $_POST['signup_cat'];

  // GET LANGUAGE PACK SELECTION
  if($setting[setting_lang_allow] != 1) { $signup_lang = 0; } else { $signup_lang = $_POST['signup_lang']; }

  // TEMPORARILY SET PASSWORD IF RANDOM PASSWORD ENABLED
  if($setting[setting_signup_randpass] != 0) {
    $signup_password = "temporary";
    $signup_password2 = "temporary";
  }

  // CHECK USER ERRORS
  $new_user->user_password('', $signup_password, $signup_password2, 0);
  $new_user->user_account($signup_email, $signup_username);
  $is_error = $new_user->is_error;

  // CHECK INVITE CODE IF NECESSARY
  if($setting[setting_signup_invite] != 0) {
    if($setting[setting_signup_invite_checkemail] != 0) {
      $invite = $database->database_query("SELECT invite_id FROM se_invites WHERE invite_code='$signup_invite' AND invite_email='$signup_email'");
      $invite_error_message = 705;
    } else {
      $invite = $database->database_query("SELECT invite_id FROM se_invites WHERE invite_code='$signup_invite'");
      $invite_error_message = 706;
    }
    if($database->database_num_rows($invite) == 0) { $is_error = $invite_error_message; }
  }

  // CHECK TERMS OF SERVICE AGREEMENT IF NECESSARY
  if($setting[setting_signup_tos] != 0) {
    $signup_agree = $_POST['signup_agree'];
    if($signup_agree != 1) {
      $is_error = 707;
    }
  }

  // RETRIEVE AND CHECK SECURITY CODE IF NECESSARY
  if($setting[setting_signup_code] != 0) {
    session_start();
    $code = $_SESSION['code'];
    if($code == "") { $code = randomcode(); }
    $signup_secure = $_POST['signup_secure'];

    if($signup_secure != $code) {
      $is_error = 708;
   }
  }

  // IF THERE IS NO ERROR, CONTINUE TO STEP 2 OR PROCESS STEP 2
  if($is_error == 0) {
    // ONLY IF ON STEP ONE, CONTINUE TO STEP 2 - ELSE GO TO PROCESSING STEP 2
    if($task == "step1do") { $task = "step2"; }

  // IF THERE WAS AN ERROR, GO BACK TO STEP 1
  } else {
    $task = "step1";
  }

}












if($task == "step1" || $task == "step1do" || $task == "step2" || $task == "step2do") {
  if($database->database_num_rows($database->database_query("SELECT NULL FROM se_profilecats WHERE profilecat_id='$signup_cat' AND profilecat_dependency='0'")) != 1) {
    $cat_info = $database->database_fetch_assoc($database->database_query("SELECT profilecat_id FROM se_profilecats WHERE profilecat_dependency='0' ORDER BY profilecat_order LIMIT 1"));
    $signup_cat = $cat_info[profilecat_id];
  }
  if($task == "step2do") { $validate = 1; } else { $validate = 0; }
  if($task != "step1") { $cat_where = "profilecat_signup='1' AND profilecat_id='$signup_cat'"; } else { $cat_where = "profilecat_signup='1'"; }
  $field = new se_field("profile");
  $field->cat_list($validate, 0, 0, $cat_where, "", "profilefield_signup='1'");
  $cat_array = $field->cats;
  if($task != "step1" && count($cat_array) == 0) { $task = "step1"; }
  if($validate == 1) { $is_error = $field->is_error; }
  if($task != "step1" && count($field->fields_all) == 0) { $task = "step2do"; }
}









if($task == "step2do") {


  // PROFILE FIELD INPUTS PROCESSED AND CHECKED FOR ERRORS ABOVE
  // IF THERE IS NO ERROR, ADD USER AND USER PROFILE AND CONTINUE TO STEP 3
  if($is_error == 0) {
    $new_user->user_create($signup_email, $signup_username, $signup_password, $signup_timezone, $signup_lang, $signup_cat, $field->field_query);

    // INVITE CODE FEATURES
    if($setting[setting_signup_invite] != 0) {
      if($setting[setting_signup_invite_checkemail] != 0) {
        $invitation = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_invites WHERE invite_code='$signup_invite' AND invite_email='$signup_email' LIMIT 1"));
      } else {
        $invitation = $database->database_fetch_assoc($database->database_query("SELECT * FROM se_invites WHERE invite_code='$signup_invite' LIMIT 1"));
      }

      // ADD USER TO INVITER'S FRIENDLIST
      $friend = new se_user(Array($invitation[invite_user_id]));
      if($friend->user_exists == 1) {
        if($setting[setting_connection_allow] == 3 || $setting[setting_connection_allow] == 1 || ($setting[setting_connection_allow] == 2 && $new_user->user_info[user_subnet_id] == $friend->user_info[user_subnet_id])) {
          // SET RESULT, DIRECTION, STATUS
          switch($setting[setting_connection_framework]) {
            case "0":
              $direction = 2;
              $friend_status = 0;
              break;
            case "1":
              $direction = 1;
              $friend_status = 0;
              break;
            case "2": 
              $direction = 2;
              $friend_status = 1;
              break;
            case "3":
              $direction = 1;
              $friend_status = 1;
              break;      
          } 

          // INSERT FRIENDS INTO FRIEND TABLE AND EXPLANATION INTO EXPLAIN TABLE	          
  $friend->user_friend_add($new_user->user_info[user_id], $friend_status, '', '');
          
          // IF TWO-WAY CONNECTION AND NON-CONFIRMED, INSERT OTHER DIRECTION
          if($direction == 2 && $friend_status == 1) { $new_user->user_friend_add($friend->user_info[user_id], $friend_status, '', ''); }
        }
      }
      

      // DELETE INVITE CODE
      $database->database_query("DELETE FROM se_invites WHERE invite_id='$invitation[invite_id]' LIMIT 1");

    }

    // SET SIGNUP COOKIE
    $id = $new_user->user_info[user_id];
    $em = crypt($new_user->user_info[user_email], "$1$".$new_user->user_info[user_code]."$");
    $pass = $new_user->user_info[user_password];
    setcookie("signup_id", "$id", 0, "/");
    setcookie("signup_email", "$em", 0, "/");
    setcookie("signup_password", "$pass", 0, "/");


    // SEND USER TO PHOTO UPLOAD IF SPECIFIED BY ADMIN
    // OR TO USER INVITE IF NO PHOTO UPLOAD
    if($setting[setting_signup_photo] == 0) { 
      if($setting[setting_signup_invitepage] == 0) {
        $task = "step5";
      } else {
        $task = "step4"; 
      }
    } else { 
      $task = "step3"; 
    }

  // IF THERE WAS AN ERROR, GO BACK TO STEP 2
  } else {
    $task = "step2";
  }
}







// UPLOAD PHOTO
if($task == "step3do") {
  $new_user->user_photo_upload("photo");
  $is_error = $new_user->is_error;
  $task = "step3";
}




// SEND INVITE EMAILS
if($task == "step4do") {

  $invite_emails = $_POST['invite_emails'];
  $invite_message = $_POST['invite_message'];

  if($invite_emails != "") {
    send_systememail('invite', $invite_emails, Array($new_user->user_displayname, $new_user->user_info[user_email], $invite_message, "<a href=\"".$url->url_base."signup.php\">".$url->url_base."signup.php</a>"), TRUE);
  }

  // SEND USER TO THANK YOU PAGE
  $task = "step5";

}





// SIGNUP TERMINAL VELOCITY POINT HOOK
($hook = SE_Hook::exists('se_signup_decide')) ? SE_Hook::call($hook, array()) : NULL; 







// SHOW COMPLETION PAGE
if($task == "step5") {
  // UNSET SIGNUP COOKIES
  setcookie("signup_id", "", 0, "/");
  setcookie("signup_email", "", 0, "/");
  setcookie("signup_password", "", 0, "/");

  // UPDATE SIGNUP STATS
  update_stats("signups");

  // DISPLAY THANK YOU
  $step = 5;
}




// SHOW FOURTH STEP
if($task == "step4") {
  $step = 4;
  $next_task = "step4do";
  if($setting[setting_signup_invitepage] == 0) { $task = "step3"; }
}





// SHOW THIRD STEP
if($task == "step3") {
  $step = 3;
  $next_task = "step3do";
  if($setting[setting_signup_invitepage] == 0) { $last_task = "step5"; } else { $last_task = "step4"; }
  if($setting[setting_signup_photo] == 0) { $task = "step2"; }
}





// SHOW SECOND STEP
if($task == "step2") {
  $step = 2;
  $next_task = "step2do";
  if(count($field->cats) == 0) { $task = "step1"; }
  $signup_password = base64_encode($signup_password);
  $signup_password2 = base64_encode($signup_password2);
}







// SHOW FIRST STEP
if($task == "step1") {
  $step = 1;
  $next_task = "step1do";

  // GET LANGUAGE PACK LIST
  $lang_packlist = SE_Language::list_packs();
  ksort($lang_packlist);
  $lang_packlist = array_values($lang_packlist);

}






// SET GLOBAL PAGE TITLE
$global_page_title[0] = 679;
$global_page_description[0] = 680;



// ASSIGN VARIABLES AND INCLUDE FOOTER
$smarty->assign('is_error', $is_error);
$smarty->assign('new_user', $new_user);
$smarty->assign('cats', $field->cats);
$smarty->assign('signup_email', $signup_email);
$smarty->assign('signup_password', $signup_password);
$smarty->assign('signup_password2', $signup_password2);
$smarty->assign('signup_username', $signup_username);
$smarty->assign('signup_timezone', $signup_timezone);
$smarty->assign('signup_lang', $signup_lang);
$smarty->assign('signup_invite', $signup_invite);
$smarty->assign('signup_secure', $signup_secure);
$smarty->assign('signup_agree', $signup_agree);
$smarty->assign('signup_cat', $signup_cat);
$smarty->assign('lang_packlist', $lang_packlist);
$smarty->assign('next_task', $next_task);
$smarty->assign('last_task', $last_task);
$smarty->assign('step', $step);
include "footer.php";
?>

 

 

Link to comment
https://forums.phpfreaks.com/topic/148544-is-this-md5/#findComment-780725
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.