Jump to content

Password verification script help

CameronB

By CameronB
in PHP Coding Help

Recommended Posts

CameronB Newbie

CameronB

Posted
Posted

Hello,

 

I currently run a store utilizing oscommerce. I'm trying to create a php script which can connect to an installer app I have created and validate a customers username and password against the oscommerce database.

 

The simple test php script I have for plain text password verification is:

 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword'];

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
echo OK;
} else {
  echo FAILED;
}

 

 

Now, the issue is with OSCommerce. It happens to use salt and an MD5 for passwords. The following is provided in OSCommerce:

 

// This funstion validates a plain text password with an
// encrpyted password
  function tep_validate_password($plain, $encrypted) {
   if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
      $stack = explode(':', $encrypted);

      if (sizeof($stack) != 2) return false;

      if (md5($stack[1] . $plain) == $stack[0]) {
        return true;
      }
    //}

    return false;
  }

////
// This function makes a new password from a plaintext password. 
  function tep_encrypt_password($plain) {
    $password = '';

    for ($i=0; $i<10; $i++) {
      $password .= tep_rand();
    }

    $salt = substr(md5($password), 0, 2);

    $password = md5($salt . $plain) . ':' . $salt;

    return $password;
  }
?>

 

 

How can I integrate this oscommerce encrypted password verification with the simple script I showed at the beginning? I have been trying this for hours, but each path I venture down fails to work. Any help is appreciated!

Link to comment
https://forums.phpfreaks.com/topic/201665-password-verification-script-help/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.