a1amattyj Posted February 24, 2008 Share Posted February 24, 2008 Hello, Im trying to code something for the forum mybb. However, with the user field in mySQL, it has two types, obviously the username, then a password and "salt". The password is md5($password) and im just lost with the $salt part of it all. If i insert this into the database, and try and login, it will give me invalid. This thread may help : http://community.mybboard.net/showthread.php?tid=27832 Im just confused and been at it for an hour or two. Any suggestions? Database structure = http://wiki.mybboard.net/index.php/Database_Tables/mybb_users Link to comment https://forums.phpfreaks.com/topic/92711-salt-im-confused/ Share on other sites More sharing options...
php_dave Posted February 24, 2008 Share Posted February 24, 2008 Hey, im not overly sure what it is you are asking - but a SALT is just a string that is added to a users password to improve the hash that is created from using the md5 routine - a SALT can be static or dynamic - looks like your BB uses a dynamic SALT for each user and stores it in the database in the users record... here is an example Normal $password = $_GET['password']; $hash = md5($password); using salt $password = $_GET['password']; $salt = 'GET SALT FROM DB' $hash = md5($password.$salt); Hope this helps Dave Link to comment https://forums.phpfreaks.com/topic/92711-salt-im-confused/#findComment-475043 Share on other sites More sharing options...
a1amattyj Posted February 24, 2008 Author Share Posted February 24, 2008 Hey, im not overly sure what it is you are asking - but a SALT is just a string that is added to a users password to improve the hash that is created from using the md5 routine - a SALT can be static or dynamic - looks like your BB uses a dynamic SALT for each user and stores it in the database in the users record... here is an example Normal $password = $_GET['password']; $hash = md5($password); using salt $password = $_GET['password']; $salt = 'GET SALT FROM DB' $hash = md5($password.$salt); Hope this helps Dave Okay thanks, from what i can gather, the salt in the database for each user is obviously always different. It is also always 8 characters. Where you say $salt = 'GET SALT FROM DB' Where too in the database would this be coming from? Thanks Link to comment https://forums.phpfreaks.com/topic/92711-salt-im-confused/#findComment-475049 Share on other sites More sharing options...
php_dave Posted February 24, 2008 Share Posted February 24, 2008 Sorry I was being lazy - i wrote that as kind of sudo code... To anwser your question I would imagine the salt is passed to the db the same time the user and password information is - which would be registration for a bb right? Dave Link to comment https://forums.phpfreaks.com/topic/92711-salt-im-confused/#findComment-475051 Share on other sites More sharing options...
a1amattyj Posted February 24, 2008 Author Share Posted February 24, 2008 Sorry I was being lazy - i wrote that as kind of sudo code... To anwser your question I would imagine the salt is passed to the db the same time the user and password information is - which would be registration for a bb right? Dave As far as im aware of yes. Link to comment https://forums.phpfreaks.com/topic/92711-salt-im-confused/#findComment-475058 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.