Jump to content

Recommended Posts

Retrieve the clients password in MD5 hash format. The hash uses the format "md5(salt.pw):salt" and so the salt can be obtained from the 5 characters after the colon (:) for you to be able to generate your own hash to compare. I am using WHMCS 4.0

 

$md5this =  $sd[1] . "." . "123456";

Outputs: voc)N.123456

 

$md5this =  $sd[1] . "." . "123456";

echo md5($md5this).":".$sd[1];

Outputs: ff9c65abaa070404a3274d4aaad6224a:voc)N

 

Now what's in the database is this: 58a9eeb60f1f6500a93a1bf494dec24c:voc)N

 

But what I need to get is this [upw] => 4d75fa2015aabf5620c050a85321bf27

 

I don't fully understand the salt and stuff. but does anyone see whats going on here?

Link to comment
https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/
Share on other sites

$password = 'somepassword';
$salt = md5(time());//32 characters long
$hash = md5($salt . $password) . $salt;//64 characters long

 

Salt: 58a9eeb60f1f6500a93a1bf494dec24c

Hash: 58a9eeb60f1f6500a93a1bf494dec24c58a9eeb60f1f6500a93a1bf494dec24c

Link to comment
https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906496
Share on other sites

thanks, ok but now they are some how getting 4d75fa2015aabf5620c050a85321bf27 from md5("voc)N"."58a9eeb60f1f6500a93a1bf494dec24c");

 

when i login using the username test@test.com with the password 123456 i get the password hash of the 4d75fa2015aabf5620c050a85321bf27 stored in a session.

Link to comment
https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906808
Share on other sites

Post your code.

 

P.S. It seems PHP is pwning you more then you PHP ;)

 

  $sds =  $results["password"];

  $sd = explode(":", $sds);

  $hash =  $sd[1];

  $pass = "123456";

  echo md5($hash.$pass);

 

In order to authenticate someone you need to take the same steps you took when he signed up so if during signup you used:

 

md5($salt . $password) . $salt

 

Then that is the same code you need to use during authentication

Link to comment
https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906821
Share on other sites

is how it is stored in the database 58a9eeb60f1f6500a93a1bf494dec24c:voc)N

 

So how are they getting 4d75fa2015aabf5620c050a85321bf27 for the users password when logging?

 

58a9eeb60f1f6500a93a1bf494dec24c:voc)N in the database is wrong and completly defeats the purpose of hashing.

Link to comment
https://forums.phpfreaks.com/topic/171902-md5-and-salt-help/#findComment-906831
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.