Jump to content

Md5 Encrypt Or What?


virak
 Share

Recommended Posts

Dear all,Who can answer me about the Encrypt text?* I use joomla 1.5.0 jos_users tableMy passwd is: admin123Encrypts: eef8c05fd1e9f22cb0e976a13b6c5c8a:CJ4W2DoIKCtMQ1UmsD1aTzpTkdzeeh4BI am wonder what kind of encrypts method they r using?I tried with MD5("admin123") the result not the same encrypt above.I tried with hash("admin123") the result not the same encrypt above.So, what kind encrypt method they r using?Thanks & Regards,Virak

Link to comment
Share on other sites

Whatever it is, it looks like it happens twice, which each result on each side of the colon. Could be MD5, which returns a 32 byte hash. What they might do is "salt" the original (add some extra characters) once, then do it again with different salt.What could it matter? Just curious?

Link to comment
Share on other sites

Dear Synook,I try to code with your link that u gave to me, it's very cool for me.I can do it to insert that md5 and salt to my db, but i got problem when I login.I mean can not login, bcoz when i register passwd: admin123 it's randome and when i use passwd: admin123 it's random to other 1.So, i can not do login with admin123 :)any idear? please guide me how to login?Thank^s & Regards,Virak

Link to comment
Share on other sites

Dear Justsomeguy,Sorry reply you late:Here is my code.

<?php$username = $_POST["username"];function genRandomPassword($length = 32){	$salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";	$len = strlen($salt);    $makepass = '';	mt_srand(10000000 * (double) microtime());    for ($i = 0; $i < $length; $i ++)	{		$makepass .= $salt[mt_rand(0, $len -1)];	}	return $makepass;}if ($_POST['password']){	if ( strlen($_POST['password']) > 100 )	{		$_POST['password'] = substr( $_POST['password'], 0, 100 );	}	$salt = genRandomPassword();	$password = md5(stripslashes($_POST['password']).$salt) .':'.$salt;	//Insert USER into database	$query = mysql_query("SELECT * FROM jos_users WHERE username='$username' AND block=0");	$pwd_sql = mysql_fetch_array($query);	$cpasswd = $pwd_sql["password"];	if($password = $cpasswd)	{		echo "Logged in successfully.";		header("Location: admin/index.php");	}}?>

Regards,Virak

Link to comment
Share on other sites

Right, so it looks like you're generating a new random password to check against the database, that's not the right thing to do. You should select both the username and password from the database, and then you need to split up the password to get the salt, and create the password the same way using the salt from the database with the password they typed in. This is how the database password gets built:md5(stripslashes($_POST['pw']).$salt) .':'.$saltSo the data after the colon is the salt. So you need to get the password from the database, get everything after the colon to use as the salt, and then build the password the same way using the same salt with the password they entered. If the result is the same as what is stored in the database then they entered the same password.Also, this line is incorrect:if($password = $cpasswd)You need to use == to compare, not =.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...