Jump to content

passwrod hash encription help

ctcp

By ctcp
in PHP Coding Help

 Share

Recommended Posts

ctcp Regular Member

ctcp

Posted
Posted

Im using SMF forum

im trying to connect (my software C#)  and grand access from forum DB

this is a hash from SMF

sha1(strtolower($membername) . $password);

 

 


<?php
include("config.php");

$user = "-1";
if (isset($_GET['user'])) {
  $user = $_GET['user'];
}
$pass = "-1";
if (isset($_GET['pass'])) {
  $pass = $_GET['pass'];
}

$ip = $_SERVER['REMOTE_ADDR']; 

$sql = "select id_member,count from smf_members where real_name='$user' and passwd=MD5('$pass')";
$results = mysql_query($sql, $con);
$values = mysql_fetch_assoc($results);
$user_id = $values['id_member'];
$login=$values['count'];

?>

 

MD5 working fine but how to use SMF hash to login?

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Not really understanding what you are doing here. If your database is using an MD5() hash why are you wanting to try and authenticate via a different hash? You can only use ONE hashing method for the same value. Since the password is already hashed using MD5 you cannot unhash it and then determine what it's value is using a different hashing method. You would either need to use a consistent hashing method for all authentication processes (correct methodology) or implement multiple hashes for each user record (i.e. and MD5 hash and the SHA1 hash) and use the correct value based upon the authentication method you want to use.

Link to comment
Share on other sites
ctcp Regular Member

ctcp

Posted
  • Author
Posted 
<?php
ob_start();
$host="xx"; // Host name
$username="xx"; // Mysql username
$password="xx"; // Mysql password
$db_name="xx"; // Database name
$tbl_name="smf_members"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_GET['u'];
$mypassword=$_GET['p'];

// encrypt password
$encrypted_mypassword=sha1(strtolower($myusername).$mypassword);

$sql="SELECT * FROM $tbl_name WHERE member_name='$myusername' and passwd='$encrypted_mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row


$row = mysql_fetch_array($result);
$x=$row['id_group'];
if($x==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("u");
session_register("p");
echo ok ;
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.