好几天没写了,因为家务事,唉...烦,不多说.要紧是现在论坛出问题了。还是第一步,注册...
找了些资料,明天得研究研究,没地方放,想到这里...嘿.....
#1 10-04-2003, 5:33pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
VB3 Dual Hash and Salt - External PRG to access Database
--------------------------------------------------------------------------------
I have been working on a subscription module for VB3. It works fine for VB2. My problem is (like most) in the new dual hash/salt routines. I have figured out the dual md5 hash thanks to searching the forums, yet my troubles lay in the area of the salt routine.
My external php application has a database of its own, and when a customer registers thru this application, it creates its database tables there, and moves over to create the information in the VB3 database.
I cannot figure out the salt to save my life. The password works, but if you write the info to the VB database, without the data on the salt table, theres some crazy things that happen when you try to login. (An inverted forum!!).
Heres the basic shell of this function. Any help you can offer me on this would be much appreciated. Im about to use the PC as a boat anchor, and most of my hair has been pulled out over the last 4 hrs of me picking at this. Save what little bit of hair I have!!
Code:
function vbulletin_added($member_id, $product_id,
$member){
global $db, $config, $plugin_config;
$this_config = $plugin_config['protect']['vbulletin'];
$vb_db = $this_config['db'];
$max = vbulletin_get_max($member['data']['status']);
if ($max < 0) return;
foreach ($member as $k=>$v)
$member[$k] = $db->escape($v);
$q = $db->query("SELECT password, usergroupid
FROM {$vb_db}user
WHERE username='$member[login]'
");
list($p,$ul) = mysql_fetch_row($q);
$dat = date('M d, Y');
$pass = md5(md5($member['pass']).$salt);
if (!$ul){ //user not exists
$db->query($s = "INSERT INTO {$vb_db}user
(usergroupid, username, password, email, joindate,
daysprune, pmpopup, salt
)
VALUES
($max, '$member[login]', '$pass', '$member[email]', unix_timestamp(),
-1,1,'$salt'
)
");
$vb_user_id = mysql_insert_id();
$db->query($s = "INSERT INTO {$vb_db}userfield
(userid) VALUES ($vb_user_id)
");
} else {
$denied = join(',', $this_config['denied_levels']);
$db->query($s = "UPDATE {$vb_db}user
SET password='$pass', usergroupid=$max
WHERE username='$member[login]'
AND usergroupid NOT IN ($denied)
");
}
}
In the searching that I have done here, I found the salting routine used in function.php which is:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
But I havent been able to successfully include it in my above script. I also tried to post this in the 'how do i' forum for VB3 but it told me I dont have access. (I am a registered owner of VBull).
Any help you can administer to this rambler would make you THE supreme one in my eyes. Thanks!
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#2 10-04-2003, 9:43pm
websissy
Member Join Date: Sep 2003
Location: Socorro, NM, USA
Posts: 80
A similar problem...
--------------------------------------------------------------------------------
I'm having a similar problem but in my case the problem is getting the double MD5 encryption working in a Perl program.
I can offer some help on the salt. You don't need to create the salt value. It has been created FOR you and is stored in each individual member's user record. If you connect to mysql and do a describe on the vB3_user table, you'll find the salt value is stored as the last field in each user's member record. Just grab it, concatenate it and encrypt away!
I hope that helps...
If you happen to know anything about how to make the md5 encryption bit work in a PERL program, drop me a private message. I'd dearly love to know how to do that right now.
Good luck!
websissy
View Public Profile
Send a private message to websissy
Send email to websissy
Find all posts by websissy
Add websissy to Your Buddy List
#3 10-04-2003, 10:56pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
That would work if the user 1st registered in the forum. In this case, thats not occuring. They are logging into my application, and a record is created for them in its database, then it goes out and creates an account in vbull itself, so they never register, thus it needs to be hand created.
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#4 02-12-2004, 12:55pm
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
I don't know if this helps you any; but i'm halfway there..
I added this code from vBulletin in my own 3rd party app right before the database call to create the account in vBulletin:
Quote:
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
$salt = fetch_user_salt(3);
I write it into the DB as follows:
Quote:
...
$q = "INSERT INTO " . $pre . "user SET
usergroupid = '$auth',
password = '".md5($f[account_password] . $salt)."',
salt = '$salt',
...
It's adding the user record in the vBulletin database properly, and I do see that the salt is being generated and saved as well. But I still can't log in with the accounts. I think I'm doing something wrong in this line, but I'm a horrid PHP programmer...
Quote:
password = '".md5($f[account_password] . $salt)."',
plarkin
View Public Profile
Send a private message to plarkin
Find all posts by plarkin
Add plarkin to Your Buddy List
#5 02-13-2004, 10:07am
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
The inverted forum isn't the result of the lack of a salt value. I figured this one out last night.
When you create a user account, you also need to create a blank record with a matching userid in the following two tables "userfield" and "usertextfield". That will resolve the issue of the forums displaying backwards when you log in.
找了些资料,明天得研究研究,没地方放,想到这里...嘿.....
#1 10-04-2003, 5:33pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
VB3 Dual Hash and Salt - External PRG to access Database
--------------------------------------------------------------------------------
I have been working on a subscription module for VB3. It works fine for VB2. My problem is (like most) in the new dual hash/salt routines. I have figured out the dual md5 hash thanks to searching the forums, yet my troubles lay in the area of the salt routine.
My external php application has a database of its own, and when a customer registers thru this application, it creates its database tables there, and moves over to create the information in the VB3 database.
I cannot figure out the salt to save my life. The password works, but if you write the info to the VB database, without the data on the salt table, theres some crazy things that happen when you try to login. (An inverted forum!!).
Heres the basic shell of this function. Any help you can offer me on this would be much appreciated. Im about to use the PC as a boat anchor, and most of my hair has been pulled out over the last 4 hrs of me picking at this. Save what little bit of hair I have!!
Code:
function vbulletin_added($member_id, $product_id,
$member){
global $db, $config, $plugin_config;
$this_config = $plugin_config['protect']['vbulletin'];
$vb_db = $this_config['db'];
$max = vbulletin_get_max($member['data']['status']);
if ($max < 0) return;
foreach ($member as $k=>$v)
$member[$k] = $db->escape($v);
$q = $db->query("SELECT password, usergroupid
FROM {$vb_db}user
WHERE username='$member[login]'
");
list($p,$ul) = mysql_fetch_row($q);
$dat = date('M d, Y');
$pass = md5(md5($member['pass']).$salt);
if (!$ul){ //user not exists
$db->query($s = "INSERT INTO {$vb_db}user
(usergroupid, username, password, email, joindate,
daysprune, pmpopup, salt
)
VALUES
($max, '$member[login]', '$pass', '$member[email]', unix_timestamp(),
-1,1,'$salt'
)
");
$vb_user_id = mysql_insert_id();
$db->query($s = "INSERT INTO {$vb_db}userfield
(userid) VALUES ($vb_user_id)
");
} else {
$denied = join(',', $this_config['denied_levels']);
$db->query($s = "UPDATE {$vb_db}user
SET password='$pass', usergroupid=$max
WHERE username='$member[login]'
AND usergroupid NOT IN ($denied)
");
}
}
In the searching that I have done here, I found the salting routine used in function.php which is:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
But I havent been able to successfully include it in my above script. I also tried to post this in the 'how do i' forum for VB3 but it told me I dont have access. (I am a registered owner of VBull).
Any help you can administer to this rambler would make you THE supreme one in my eyes. Thanks!
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#2 10-04-2003, 9:43pm
websissy
Member Join Date: Sep 2003
Location: Socorro, NM, USA
Posts: 80
A similar problem...
--------------------------------------------------------------------------------
I'm having a similar problem but in my case the problem is getting the double MD5 encryption working in a Perl program.
I can offer some help on the salt. You don't need to create the salt value. It has been created FOR you and is stored in each individual member's user record. If you connect to mysql and do a describe on the vB3_user table, you'll find the salt value is stored as the last field in each user's member record. Just grab it, concatenate it and encrypt away!
I hope that helps...
If you happen to know anything about how to make the md5 encryption bit work in a PERL program, drop me a private message. I'd dearly love to know how to do that right now.
Good luck!
websissy
View Public Profile
Send a private message to websissy
Send email to websissy
Find all posts by websissy
Add websissy to Your Buddy List
#3 10-04-2003, 10:56pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
That would work if the user 1st registered in the forum. In this case, thats not occuring. They are logging into my application, and a record is created for them in its database, then it goes out and creates an account in vbull itself, so they never register, thus it needs to be hand created.
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#4 02-12-2004, 12:55pm
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
I don't know if this helps you any; but i'm halfway there..
I added this code from vBulletin in my own 3rd party app right before the database call to create the account in vBulletin:
Quote:
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
$salt = fetch_user_salt(3);
I write it into the DB as follows:
Quote:
...
$q = "INSERT INTO " . $pre . "user SET
usergroupid = '$auth',
password = '".md5($f[account_password] . $salt)."',
salt = '$salt',
...
It's adding the user record in the vBulletin database properly, and I do see that the salt is being generated and saved as well. But I still can't log in with the accounts. I think I'm doing something wrong in this line, but I'm a horrid PHP programmer...
Quote:
password = '".md5($f[account_password] . $salt)."',
plarkin
View Public Profile
Send a private message to plarkin
Find all posts by plarkin
Add plarkin to Your Buddy List
#5 02-13-2004, 10:07am
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
The inverted forum isn't the result of the lack of a salt value. I figured this one out last night.
When you create a user account, you also need to create a blank record with a matching userid in the following two tables "userfield" and "usertextfield". That will resolve the issue of the forums displaying backwards when you log in.
上班 ...
遭遇 暴雨+狂风 .... (哇.. 快跑啊.. 不行,还得上班.我要前进...... )
结果 全身尽湿...
现在 有点发冷.好难受.
回家 ? 好主意,但很难实现. 因为 暴雨+狂风 还依旧 .....
昨晚,一朋友和女朋友吵了,要过来,结果三人同床,还好我床够大.不过只能保证能容下三人,没保证三人都能睡好.
脚裸在外头一夜,结果一夜都半醒着.... 唉 ......
看来是老天嫉妒我的好身体了.今天注定感冒
左腿,神仙姐姐考验你的时候到了,你要坚持住,下午回家就洗个 热热热 水澡,然后躺床上重温 DVD 版 指环王.
爽.........
OK ,开工..........
遭遇 暴雨+狂风 .... (哇.. 快跑啊.. 不行,还得上班.我要前进...... )
结果 全身尽湿...
现在 有点发冷.好难受.
回家 ? 好主意,但很难实现. 因为 暴雨+狂风 还依旧 .....
昨晚,一朋友和女朋友吵了,要过来,结果三人同床,还好我床够大.不过只能保证能容下三人,没保证三人都能睡好.
脚裸在外头一夜,结果一夜都半醒着.... 唉 ......
看来是老天嫉妒我的好身体了.今天注定感冒
左腿,神仙姐姐考验你的时候到了,你要坚持住,下午回家就洗个 热热热 水澡,然后躺床上重温 DVD 版 指环王.
爽.........
OK ,开工..........
放了两首老狼的歌词,真是太棒了.
很能体会歌词的意思...... 尤其是蓝色理想... ........................................
难得的周末,不过过得还挺充实,上午去了朋友家玩,顺便骗了吨饭吃:),下午和同事打球,好久没打了,觉得差了好多.看来不管吃喝玩乐都要费工夫费时间才行啊.... 呵呵.
好快又到了晚上,去超市买了 米\油\酱\醋..... 又准备自己做饭了.有点激动,有点开心,激动:好久没烧菜了,想烧菜.开心:可以省一比.哈 .........
练吉他,录了几首歌,自己感觉还行.
明天放上来.
好了,想睡了.晚安左腿........[align=right][Edit on 2004-3-8 1:12:03 By leftleg][/align]
最后放张通缉令嘿,要记住哦,20W啊.哈哈 .....
[align=right][Edit on 2004-3-8 1:18:26 By leftleg][/align]
很能体会歌词的意思...... 尤其是蓝色理想... ........................................
难得的周末,不过过得还挺充实,上午去了朋友家玩,顺便骗了吨饭吃:),下午和同事打球,好久没打了,觉得差了好多.看来不管吃喝玩乐都要费工夫费时间才行啊.... 呵呵.
好快又到了晚上,去超市买了 米\油\酱\醋..... 又准备自己做饭了.有点激动,有点开心,激动:好久没烧菜了,想烧菜.开心:可以省一比.哈 .........
练吉他,录了几首歌,自己感觉还行.
明天放上来.
好了,想睡了.晚安左腿........[align=right][Edit on 2004-3-8 1:12:03 By leftleg][/align]
最后放张通缉令嘿,要记住哦,20W啊.哈哈 .....
[align=right][Edit on 2004-3-8 1:18:26 By leftleg][/align]
计划了几天的泡吧,本来想着可以尽兴,不想..... 乐队很棒,除了BASS手,其他都不错。尤其是主唱,唱许巍、汪峰的歌一流,可久没去,不想冒出来好多女歌手,唱歌奇差,扭动的身体让人感到恶心;气愤也变了,到处都充斥着吧女恶心的笑声 …… 算了,越想越不爽的,看来在金钱的刺激下什么都变的很快 …… 发誓,再也不去那酒吧了。很喜欢朋友说的北京酒吧的感觉:一杂15¥的啤酒,几个歌手,几把木吉他,一整晚好的音乐。
和聊了几日的美妹,今天终于结束了瞎扯,谈了谈内心的一些想法,当然,还是从感情方面谈起 .....谈得不多,但我轻松了很多,还有很多我很想说,却表达不出来,呵呵......
不说了,没感觉。
送一份祝福给那美妹,实在点就好:开心 …………
和聊了几日的美妹,今天终于结束了瞎扯,谈了谈内心的一些想法,当然,还是从感情方面谈起 .....谈得不多,但我轻松了很多,还有很多我很想说,却表达不出来,呵呵......
不说了,没感觉。
送一份祝福给那美妹,实在点就好:开心 …………
男人25岁前的忠告
这是忠告也是建议.
1.男人是社会的主体,不管你信或不信.所以男人应该有种责任感.
2.25岁之前,请记得,爱情通常是假的,或者不是你所想象的那样纯洁和永远.如果你过了25岁,那么你应该懂得这个道理.
3.吃饭7成饱最舒服.对待女友最多也请你保持在7成.
4.30岁之前请爱惜自己的身体,前30年你找病,后30年病找你.如果你过了30岁,你自然也会懂得这个道理.
5.事业远比爱情重要.如果说事业都不能永恒,那么爱情只能算是昙花一现.
6.不要轻易接受追求你的女孩.女追男隔层纱.如果你很容易就陷进去,你会发现你会错过很多东西,失去很多东西.
7.请你相信,能用钱解决的问题,都不是问题.如果你认为钱索王道,有钱有女人,没钱没女人,那么.女人不是问题.
8.请永远积极向上.每个男人都有他可爱的地方,但是不可爱的地方只有不积极面对生活.
9.不要连续2次让同一个女人伤害.好马不吃回头草,是有他道理的.如果认真考虑过该分手,那么请不要做任何舍不得的行动.
10.如果你和你前女友能做朋友,那么你要问自己:为什么?如果分手后还是朋友,那么只有2个可能:.你们当初都只是玩玩而已,没付出彼此最真的感情.或者:必定有个人是在默默的付出无怨无悔!
11.永远不要太相信女人在恋爱时的甜言蜜语.都说女人爱听甜言蜜语,其实,男人更喜欢.
12.请不要为自己的相貌或者身高过分担心和自卑.人是动物,但是区别于动物.先天条件并不是阻挡你好好生活的借口.人的心灵远胜于相貌,请相信这点.如果有人以相貌取人,那么你也没必要太在意.因为他从某种意义来讲,只是只动物.你会跟动物怄气吗?
13.失恋时,只有2种可能,要么你爱她她不爱你,或者相反.那么,当你爱的人不再爱你,或者从来没爱过你时.你没有遗憾,因为你失去的只是一个不爱你的人.
14.请不要欺骗善良的女孩.这个世界上,善良的女孩太少.
15.不能偏激的认为金钱万能,至少,金钱治不好艾滋病.
16.请一定要有自信.你就是一道风景,没必要在别人风景里面仰视.
17.受到再大的打击,只要生命还在,请相信每天的太阳都是新的.
18.爱情永远不可能是天平.你想在爱情里幸福就要舍得伤心.
19.如果你喜欢一个认为别人应该对她好的mm,请尽早放弃.没有人是应该对一个人好的.如果她不明白这个道理,也就是她根本不懂得珍惜.
20.不要因为寂寞而’找’gf,寂寞男人请要学会品味寂寞.请记住:即使寂寞,远方黑暗的夜空下,一定有人和你一样,寂寞的人不同,仰望的星空却是唯一.
21.任何事没有永远.也别问怎样才能永远.生活有很多无奈.请尽量充实自己,充实生活.请善待生活.
end.男人有很多无奈,生活很累但是因为生活才有意义.当你以为你一无所有时,你至少还有时间,时间能抚平一切创伤.所以请不要流泪.....
这是忠告也是建议.
1.男人是社会的主体,不管你信或不信.所以男人应该有种责任感.
2.25岁之前,请记得,爱情通常是假的,或者不是你所想象的那样纯洁和永远.如果你过了25岁,那么你应该懂得这个道理.
3.吃饭7成饱最舒服.对待女友最多也请你保持在7成.
4.30岁之前请爱惜自己的身体,前30年你找病,后30年病找你.如果你过了30岁,你自然也会懂得这个道理.
5.事业远比爱情重要.如果说事业都不能永恒,那么爱情只能算是昙花一现.
6.不要轻易接受追求你的女孩.女追男隔层纱.如果你很容易就陷进去,你会发现你会错过很多东西,失去很多东西.
7.请你相信,能用钱解决的问题,都不是问题.如果你认为钱索王道,有钱有女人,没钱没女人,那么.女人不是问题.
8.请永远积极向上.每个男人都有他可爱的地方,但是不可爱的地方只有不积极面对生活.
9.不要连续2次让同一个女人伤害.好马不吃回头草,是有他道理的.如果认真考虑过该分手,那么请不要做任何舍不得的行动.
10.如果你和你前女友能做朋友,那么你要问自己:为什么?如果分手后还是朋友,那么只有2个可能:.你们当初都只是玩玩而已,没付出彼此最真的感情.或者:必定有个人是在默默的付出无怨无悔!
11.永远不要太相信女人在恋爱时的甜言蜜语.都说女人爱听甜言蜜语,其实,男人更喜欢.
12.请不要为自己的相貌或者身高过分担心和自卑.人是动物,但是区别于动物.先天条件并不是阻挡你好好生活的借口.人的心灵远胜于相貌,请相信这点.如果有人以相貌取人,那么你也没必要太在意.因为他从某种意义来讲,只是只动物.你会跟动物怄气吗?
13.失恋时,只有2种可能,要么你爱她她不爱你,或者相反.那么,当你爱的人不再爱你,或者从来没爱过你时.你没有遗憾,因为你失去的只是一个不爱你的人.
14.请不要欺骗善良的女孩.这个世界上,善良的女孩太少.
15.不能偏激的认为金钱万能,至少,金钱治不好艾滋病.
16.请一定要有自信.你就是一道风景,没必要在别人风景里面仰视.
17.受到再大的打击,只要生命还在,请相信每天的太阳都是新的.
18.爱情永远不可能是天平.你想在爱情里幸福就要舍得伤心.
19.如果你喜欢一个认为别人应该对她好的mm,请尽早放弃.没有人是应该对一个人好的.如果她不明白这个道理,也就是她根本不懂得珍惜.
20.不要因为寂寞而’找’gf,寂寞男人请要学会品味寂寞.请记住:即使寂寞,远方黑暗的夜空下,一定有人和你一样,寂寞的人不同,仰望的星空却是唯一.
21.任何事没有永远.也别问怎样才能永远.生活有很多无奈.请尽量充实自己,充实生活.请善待生活.
end.男人有很多无奈,生活很累但是因为生活才有意义.当你以为你一无所有时,你至少还有时间,时间能抚平一切创伤.所以请不要流泪.....
