ipwnzphp Posted August 26, 2009 Share Posted August 26, 2009 Retrieve the clients password in MD5 hash format. The hash uses the format "md5(salt.pw):salt" and so the salt can be obtained from the 5 characters after the colon ( for you to be able to generate your own hash to compare. I am using WHMCS 4.0 $md5this = $sd[1] . "." . "123456"; Outputs: voc)N.123456 $md5this = $sd[1] . "." . "123456"; echo md5($md5this).":".$sd[1]; Outputs: ff9c65abaa070404a3274d4aaad6224a:voc)N Now what's in the database is this: 58a9eeb60f1f6500a93a1bf494dec24c:voc)N But what I need to get is this [upw] => 4d75fa2015aabf5620c050a85321bf27 I don't fully understand the salt and stuff. but does anyone see whats going on here? Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/ Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 $password = 'somepassword'; $salt = md5(time());//32 characters long $hash = md5($salt . $password) . $salt;//64 characters long Salt: 58a9eeb60f1f6500a93a1bf494dec24c Hash: 58a9eeb60f1f6500a93a1bf494dec24c58a9eeb60f1f6500a93a1bf494dec24c Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906496 Share on other sites More sharing options...
ipwnzphp Posted August 26, 2009 Author Share Posted August 26, 2009 thanks, ok but now they are some how getting 4d75fa2015aabf5620c050a85321bf27 from md5("voc)N"."58a9eeb60f1f6500a93a1bf494dec24c"); when i login using the username [email protected] with the password 123456 i get the password hash of the 4d75fa2015aabf5620c050a85321bf27 stored in a session. Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906808 Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 Post your code. P.S. It seems PHP is pwning you more then you PHP Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906814 Share on other sites More sharing options...
ipwnzphp Posted August 26, 2009 Author Share Posted August 26, 2009 Post your code. P.S. It seems PHP is pwning you more then you PHP $sds = $results["password"]; $sd = explode(":", $sds); $hash = $sd[1]; $pass = "123456"; echo md5($hash.$pass); Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906815 Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 Post your code. P.S. It seems PHP is pwning you more then you PHP $sds = $results["password"]; $sd = explode(":", $sds); $hash = $sd[1]; $pass = "123456"; echo md5($hash.$pass); In order to authenticate someone you need to take the same steps you took when he signed up so if during signup you used: md5($salt . $password) . $salt Then that is the same code you need to use during authentication Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906821 Share on other sites More sharing options...
ipwnzphp Posted August 26, 2009 Author Share Posted August 26, 2009 is how it is stored in the database 58a9eeb60f1f6500a93a1bf494dec24c:voc)N So how are they getting 4d75fa2015aabf5620c050a85321bf27 for the users password when logging? Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906829 Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 is how it is stored in the database 58a9eeb60f1f6500a93a1bf494dec24c:voc)N So how are they getting 4d75fa2015aabf5620c050a85321bf27 for the users password when logging? 58a9eeb60f1f6500a93a1bf494dec24c:voc)N in the database is wrong and completly defeats the purpose of hashing. Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906831 Share on other sites More sharing options...
ipwnzphp Posted August 26, 2009 Author Share Posted August 26, 2009 well i know this but WHMCS are idots. Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906879 Share on other sites More sharing options...
ignace Posted August 26, 2009 Share Posted August 26, 2009 well i know this but WHMCS are idots. What is WHMCS? Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-907032 Share on other sites More sharing options...
ipwnzphp Posted August 26, 2009 Author Share Posted August 26, 2009 billing system Link to comment https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-907040 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.