狂风+暴雨
相遇之后是 ... 错过
好几天没写了,因为家务事,唉...烦,不多说.要紧是现在论坛出问题了。还是第一步,注册...
找了些资料,明天得研究研究,没地方放,想到这里...嘿.....
#1 10-04-2003, 5:33pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
VB3 Dual Hash and Salt - External PRG to access Database
--------------------------------------------------------------------------------
I have been working on a subscription module for VB3. It works fine for VB2. My problem is (like most) in the new dual hash/salt routines. I have figured out the dual md5 hash thanks to searching the forums, yet my troubles lay in the area of the salt routine.
My external php application has a database of its own, and when a customer registers thru this application, it creates its database tables there, and moves over to create the information in the VB3 database.
I cannot figure out the salt to save my life. The password works, but if you write the info to the VB database, without the data on the salt table, theres some crazy things that happen when you try to login. (An inverted forum!!).
Heres the basic shell of this function. Any help you can offer me on this would be much appreciated. Im about to use the PC as a boat anchor, and most of my hair has been pulled out over the last 4 hrs of me picking at this. Save what little bit of hair I have!!
Code:
function vbulletin_added($member_id, $product_id,
$member){
global $db, $config, $plugin_config;
$this_config = $plugin_config['protect']['vbulletin'];
$vb_db = $this_config['db'];
$max = vbulletin_get_max($member['data']['status']);
if ($max < 0) return;
foreach ($member as $k=>$v)
$member[$k] = $db->escape($v);
$q = $db->query("SELECT password, usergroupid
FROM {$vb_db}user
WHERE username='$member[login]'
");
list($p,$ul) = mysql_fetch_row($q);
$dat = date('M d, Y');
$pass = md5(md5($member['pass']).$salt);
if (!$ul){ //user not exists
$db->query($s = "INSERT INTO {$vb_db}user
(usergroupid, username, password, email, joindate,
daysprune, pmpopup, salt
)
VALUES
($max, '$member[login]', '$pass', '$member[email]', unix_timestamp(),
-1,1,'$salt'
)
");
$vb_user_id = mysql_insert_id();
$db->query($s = "INSERT INTO {$vb_db}userfield
(userid) VALUES ($vb_user_id)
");
} else {
$denied = join(',', $this_config['denied_levels']);
$db->query($s = "UPDATE {$vb_db}user
SET password='$pass', usergroupid=$max
WHERE username='$member[login]'
AND usergroupid NOT IN ($denied)
");
}
}
In the searching that I have done here, I found the salting routine used in function.php which is:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
But I havent been able to successfully include it in my above script. I also tried to post this in the 'how do i' forum for VB3 but it told me I dont have access. (I am a registered owner of VBull).
Any help you can administer to this rambler would make you THE supreme one in my eyes. Thanks!
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#2 10-04-2003, 9:43pm
websissy
Member Join Date: Sep 2003
Location: Socorro, NM, USA
Posts: 80
A similar problem...
--------------------------------------------------------------------------------
I'm having a similar problem but in my case the problem is getting the double MD5 encryption working in a Perl program.
I can offer some help on the salt. You don't need to create the salt value. It has been created FOR you and is stored in each individual member's user record. If you connect to mysql and do a describe on the vB3_user table, you'll find the salt value is stored as the last field in each user's member record. Just grab it, concatenate it and encrypt away!
I hope that helps...
If you happen to know anything about how to make the md5 encryption bit work in a PERL program, drop me a private message. I'd dearly love to know how to do that right now.
Good luck!
websissy
View Public Profile
Send a private message to websissy
Send email to websissy
Find all posts by websissy
Add websissy to Your Buddy List
#3 10-04-2003, 10:56pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
That would work if the user 1st registered in the forum. In this case, thats not occuring. They are logging into my application, and a record is created for them in its database, then it goes out and creates an account in vbull itself, so they never register, thus it needs to be hand created.
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#4 02-12-2004, 12:55pm
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
I don't know if this helps you any; but i'm halfway there..
I added this code from vBulletin in my own 3rd party app right before the database call to create the account in vBulletin:
Quote:
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
$salt = fetch_user_salt(3);
I write it into the DB as follows:
Quote:
...
$q = "INSERT INTO " . $pre . "user SET
usergroupid = '$auth',
password = '".md5($f[account_password] . $salt)."',
salt = '$salt',
...
It's adding the user record in the vBulletin database properly, and I do see that the salt is being generated and saved as well. But I still can't log in with the accounts. I think I'm doing something wrong in this line, but I'm a horrid PHP programmer...
Quote:
password = '".md5($f[account_password] . $salt)."',
plarkin
View Public Profile
Send a private message to plarkin
Find all posts by plarkin
Add plarkin to Your Buddy List
#5 02-13-2004, 10:07am
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
The inverted forum isn't the result of the lack of a salt value. I figured this one out last night.
When you create a user account, you also need to create a blank record with a matching userid in the following two tables "userfield" and "usertextfield". That will resolve the issue of the forums displaying backwards when you log in.
找了些资料,明天得研究研究,没地方放,想到这里...嘿.....
#1 10-04-2003, 5:33pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
VB3 Dual Hash and Salt - External PRG to access Database
--------------------------------------------------------------------------------
I have been working on a subscription module for VB3. It works fine for VB2. My problem is (like most) in the new dual hash/salt routines. I have figured out the dual md5 hash thanks to searching the forums, yet my troubles lay in the area of the salt routine.
My external php application has a database of its own, and when a customer registers thru this application, it creates its database tables there, and moves over to create the information in the VB3 database.
I cannot figure out the salt to save my life. The password works, but if you write the info to the VB database, without the data on the salt table, theres some crazy things that happen when you try to login. (An inverted forum!!).
Heres the basic shell of this function. Any help you can offer me on this would be much appreciated. Im about to use the PC as a boat anchor, and most of my hair has been pulled out over the last 4 hrs of me picking at this. Save what little bit of hair I have!!
Code:
function vbulletin_added($member_id, $product_id,
$member){
global $db, $config, $plugin_config;
$this_config = $plugin_config['protect']['vbulletin'];
$vb_db = $this_config['db'];
$max = vbulletin_get_max($member['data']['status']);
if ($max < 0) return;
foreach ($member as $k=>$v)
$member[$k] = $db->escape($v);
$q = $db->query("SELECT password, usergroupid
FROM {$vb_db}user
WHERE username='$member[login]'
");
list($p,$ul) = mysql_fetch_row($q);
$dat = date('M d, Y');
$pass = md5(md5($member['pass']).$salt);
if (!$ul){ //user not exists
$db->query($s = "INSERT INTO {$vb_db}user
(usergroupid, username, password, email, joindate,
daysprune, pmpopup, salt
)
VALUES
($max, '$member[login]', '$pass', '$member[email]', unix_timestamp(),
-1,1,'$salt'
)
");
$vb_user_id = mysql_insert_id();
$db->query($s = "INSERT INTO {$vb_db}userfield
(userid) VALUES ($vb_user_id)
");
} else {
$denied = join(',', $this_config['denied_levels']);
$db->query($s = "UPDATE {$vb_db}user
SET password='$pass', usergroupid=$max
WHERE username='$member[login]'
AND usergroupid NOT IN ($denied)
");
}
}
In the searching that I have done here, I found the salting routine used in function.php which is:
// ###################### Start makesalt #######################
// generates a totally random string of $length chars
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
But I havent been able to successfully include it in my above script. I also tried to post this in the 'how do i' forum for VB3 but it told me I dont have access. (I am a registered owner of VBull).
Any help you can administer to this rambler would make you THE supreme one in my eyes. Thanks!
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#2 10-04-2003, 9:43pm
websissy
Member Join Date: Sep 2003
Location: Socorro, NM, USA
Posts: 80
A similar problem...
--------------------------------------------------------------------------------
I'm having a similar problem but in my case the problem is getting the double MD5 encryption working in a Perl program.
I can offer some help on the salt. You don't need to create the salt value. It has been created FOR you and is stored in each individual member's user record. If you connect to mysql and do a describe on the vB3_user table, you'll find the salt value is stored as the last field in each user's member record. Just grab it, concatenate it and encrypt away!
I hope that helps...
If you happen to know anything about how to make the md5 encryption bit work in a PERL program, drop me a private message. I'd dearly love to know how to do that right now.
Good luck!
websissy
View Public Profile
Send a private message to websissy
Send email to websissy
Find all posts by websissy
Add websissy to Your Buddy List
#3 10-04-2003, 10:56pm
SnapRHead
Junior Member Join Date: Oct 2003
Posts: 5
That would work if the user 1st registered in the forum. In this case, thats not occuring. They are logging into my application, and a record is created for them in its database, then it goes out and creates an account in vbull itself, so they never register, thus it needs to be hand created.
SnapRHead
View Public Profile
Send a private message to SnapRHead
Visit SnapRHead's homepage!
Find all posts by SnapRHead
Add SnapRHead to Your Buddy List
#4 02-12-2004, 12:55pm
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
I don't know if this helps you any; but i'm halfway there..
I added this code from vBulletin in my own 3rd party app right before the database call to create the account in vBulletin:
Quote:
function fetch_user_salt($length = 3)
{
$salt = '';
for ($i = 0; $i < $length; $i++)
{
$salt .= chr(rand(32, 126));
}
return $salt;
}
$salt = fetch_user_salt(3);
I write it into the DB as follows:
Quote:
...
$q = "INSERT INTO " . $pre . "user SET
usergroupid = '$auth',
password = '".md5($f[account_password] . $salt)."',
salt = '$salt',
...
It's adding the user record in the vBulletin database properly, and I do see that the salt is being generated and saved as well. But I still can't log in with the accounts. I think I'm doing something wrong in this line, but I'm a horrid PHP programmer...
Quote:
password = '".md5($f[account_password] . $salt)."',
plarkin
View Public Profile
Send a private message to plarkin
Find all posts by plarkin
Add plarkin to Your Buddy List
#5 02-13-2004, 10:07am
plarkin
Junior Member Join Date: Feb 2004
Posts: 2
The inverted forum isn't the result of the lack of a salt value. I figured this one out last night.
When you create a user account, you also need to create a blank record with a matching userid in the following two tables "userfield" and "usertextfield". That will resolve the issue of the forums displaying backwards when you log in.
