Announcement

Collapse
No announcement yet.

vBulletin password salt issue :/

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zachery
    replied
    You might get a bette response at vBulletin.org.

    Leave a comment:


  • Shamil.
    replied
    Please sanitise your $_POST values before you forward them to the query, using mysql_real_escape_string() or something.

    Leave a comment:


  • hellbomb
    replied
    Wow thank you very much, ugh it's just one of those things I have been looking at it way to long to see such a simple mistake ya know?

    Leave a comment:


  • pod
    replied
    It seems your second query should be something like

    PHP Code:
    $sql "SELECT username FROM vb_user 
                           WHERE username = '
    {$_POST['fusername']}
                           AND password = md5( concat( md5('
    {$_POST['fpassword']}'), salt));"
    I recommend trying the queries manually in mysql client (or phpmyadmin, whatever you use). Once you know they are working, just copy them into the php and replace the values with the needed variables.

    Leave a comment:


  • hellbomb
    replied
    All my sql files are correct but here is my script, it seems to only have an issue with the checking password.

    PHP Code:
    <?php

     session_start
    ();

     include(
    "db.php");

     switch (@
    $_POST['do'])
     {
       case 
    "login":
       
         
    $sql "SELECT username FROM vb_user
                 WHERE username='
    $_POST[fusername]'";
         
    $result mysqli_query($cxn,$sql)
                   or die(
    "Couldn't execute query.");
                   
         
    $num mysqli_num_rows($result);
         if (
    $num 0)  // login name was found
         
    {
             
            
    $sql "SELECT username FROM vb_user WHERE username = 'fusername' and password = md5( concat( md5('fpassword'), salt));";    
                    
            
    $result2 mysqli_query($cxn,$sql)
                       or die(
    "Couldn't execute query 2.");
            
    $num2 mysqli_num_rows($result2);
            
            if (
    $num2 0)  // password is correct
            
    {
               
    header("Location: success.php");
            }

            else    
    // password is not correct
            
    {
               include(
    "failure.php");
               
    $error='password fail';
            }
            
         }
         
         elseif (
    $num == 0)  // login name not found
         
    {   
            include(
    "failure.php"); // This is the login page
            
    $error='username fail';
         }
         
       break;

        default:
            include(
    "test.php");
      }
    ?>

    Leave a comment:


  • hellbomb
    replied
    Yea, that ain't working either. I am making a custom login script that is not connecting to vBulletin files, just the usual vBulletin database.

    Leave a comment:


  • pod
    replied
    Try with something like this:

    PHP Code:
    $sql "SELECT username, userid FROM user WHERE username = '$username' and password = md5( concat( md5('$password'), salt));"

    Leave a comment:


  • hellbomb
    started a topic vBulletin password salt issue :/

    vBulletin password salt issue :/

    I am trying to make a login page that will work outside of vBulletin, but to do this I need to figure out how to get the password with the salt variable.

    How do i do this? Here is my code so far? Sorry I am kinda new to vBulletin >.<

    PHP Code:
    $sql "SELECT username FROM user 
                    WHERE username='
    $_POST[fusername]'
                    AND password=md5('
    $_POST[fpassword]')"

Related Topics

Collapse

Working...
X