virak Posted June 9, 2009 Share Posted June 9, 2009 Dear all,Who can answer me about the Encrypt text?* I use joomla 1.5.0 jos_users tableMy passwd is: admin123Encrypts: eef8c05fd1e9f22cb0e976a13b6c5c8a:CJ4W2DoIKCtMQ1UmsD1aTzpTkdzeeh4BI am wonder what kind of encrypts method they r using?I tried with MD5("admin123") the result not the same encrypt above.I tried with hash("admin123") the result not the same encrypt above.So, what kind encrypt method they r using?Thanks & Regards,Virak Link to comment Share on other sites More sharing options...
smerny Posted June 9, 2009 Share Posted June 9, 2009 sha1? Link to comment Share on other sites More sharing options...
jeffman Posted June 9, 2009 Share Posted June 9, 2009 Whatever it is, it looks like it happens twice, which each result on each side of the colon. Could be MD5, which returns a 32 byte hash. What they might do is "salt" the original (add some extra characters) once, then do it again with different salt.What could it matter? Just curious? Link to comment Share on other sites More sharing options...
justsomeguy Posted June 9, 2009 Share Posted June 9, 2009 The code to build that hash is in their login code somewhere if you can find it. Link to comment Share on other sites More sharing options...
Synook Posted June 9, 2009 Share Posted June 9, 2009 https://secure.phil-taylor.com/generate_password.phps Link to comment Share on other sites More sharing options...
virak Posted June 10, 2009 Author Share Posted June 10, 2009 Dear all,I am really happy that u show me the way.Thanks so much for your ideaRegards,Virak Link to comment Share on other sites More sharing options...
virak Posted June 15, 2009 Author Share Posted June 15, 2009 Dear Synook,I try to code with your link that u gave to me, it's very cool for me.I can do it to insert that md5 and salt to my db, but i got problem when I login.I mean can not login, bcoz when i register passwd: admin123 it's randome and when i use passwd: admin123 it's random to other 1.So, i can not do login with admin123 :)any idear? please guide me how to login?Thank^s & Regards,Virak Link to comment Share on other sites More sharing options...
justsomeguy Posted June 15, 2009 Share Posted June 15, 2009 How are you logging in? You shouldn't create anything random when logging in, only check the database. Link to comment Share on other sites More sharing options...
virak Posted June 16, 2009 Author Share Posted June 16, 2009 Dear justsomeguy,I am sorry, I still not understand your advice.Could you please give me any hints?Your help is realy appreciate.Many thanks & regards,Virak Link to comment Share on other sites More sharing options...
justsomeguy Posted June 16, 2009 Share Posted June 16, 2009 I wasn't giving advice, I was asking a question. How are you logging in? What code are you using to log in? Link to comment Share on other sites More sharing options...
virak Posted June 17, 2009 Author Share Posted June 17, 2009 Dear Justsomeguy,Sorry reply you late:Here is my code. <?php$username = $_POST["username"];function genRandomPassword($length = 32){ $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $len = strlen($salt); $makepass = ''; mt_srand(10000000 * (double) microtime()); for ($i = 0; $i < $length; $i ++) { $makepass .= $salt[mt_rand(0, $len -1)]; } return $makepass;}if ($_POST['password']){ if ( strlen($_POST['password']) > 100 ) { $_POST['password'] = substr( $_POST['password'], 0, 100 ); } $salt = genRandomPassword(); $password = md5(stripslashes($_POST['password']).$salt) .':'.$salt; //Insert USER into database $query = mysql_query("SELECT * FROM jos_users WHERE username='$username' AND block=0"); $pwd_sql = mysql_fetch_array($query); $cpasswd = $pwd_sql["password"]; if($password = $cpasswd) { echo "Logged in successfully."; header("Location: admin/index.php"); }}?> Regards,Virak Link to comment Share on other sites More sharing options...
justsomeguy Posted June 17, 2009 Share Posted June 17, 2009 Right, so it looks like you're generating a new random password to check against the database, that's not the right thing to do. You should select both the username and password from the database, and then you need to split up the password to get the salt, and create the password the same way using the salt from the database with the password they typed in. This is how the database password gets built:md5(stripslashes($_POST['pw']).$salt) .':'.$saltSo the data after the colon is the salt. So you need to get the password from the database, get everything after the colon to use as the salt, and then build the password the same way using the same salt with the password they entered. If the result is the same as what is stored in the database then they entered the same password.Also, this line is incorrect:if($password = $cpasswd)You need to use == to compare, not =. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.