CameronB Posted May 13, 2010 Share Posted May 13, 2010 Hello, I currently run a store utilizing oscommerce. I'm trying to create a php script which can connect to an installer app I have created and validate a customers username and password against the oscommerce database. The simple test php script I have for plain text password verification is: // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ echo OK; } else { echo FAILED; } Now, the issue is with OSCommerce. It happens to use salt and an MD5 for passwords. The following is provided in OSCommerce: // This funstion validates a plain text password with an // encrpyted password function tep_validate_password($plain, $encrypted) { if (tep_not_null($plain) && tep_not_null($encrypted)) { // split apart the hash / salt $stack = explode(':', $encrypted); if (sizeof($stack) != 2) return false; if (md5($stack[1] . $plain) == $stack[0]) { return true; } //} return false; } //// // This function makes a new password from a plaintext password. function tep_encrypt_password($plain) { $password = ''; for ($i=0; $i<10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; } ?> How can I integrate this oscommerce encrypted password verification with the simple script I showed at the beginning? I have been trying this for hours, but each path I venture down fails to work. Any help is appreciated! Link to comment https://forums.phpfreaks.com/topic/201665-password-verification-script-help/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.