News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

Check Password from applications

Started by Bobysait, April 21, 2007, 08:21:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Bobysait

April 21, 2007, 08:21:30 PM Last Edit: April 21, 2007, 08:26:02 PM by Bobysait
Hi.
I'm trying to developp a 3D Chat using a specific application that can access php files, and i'm hard trying to check for password in the database

I first get the username, the password and the passwordsalt, then, i apply some filter to convert the pass the user entered with few routines.
But noone seems to run !
I'm not really familiar with php, and maybe my code is really bad, so if someone could help me debug this ...

=> the request is like
http://Mydomain.[...]/phpScript.php?&username=User&password=Pass&salt=Salt
with User is the username the user enter
=> pass is the password entered
=> salt the value get in the database for the username entered.


Code Select

<?
$username = array_key_exists("username",$_GET) ? $_GET["username"] : "";
$password = array_key_exists("password",$_GET) ? $_GET["password"] : "";
$salt = array_key_exists("salt",$_GET) ? $_GET["salt"] : "";

/* 10 façons d'encrypté, il faut les verifier toutes .. au cas où ! */

$pass1 = sha1(sha1(strtolower($username) . $password) . $salt);
$pass2 = md5($password);
$pass3 = crypt($password, substr($password, 0, 2));
$pass4 = crypt($password, substr($user_settings['passwd'], 0, 2));
$pass5 = md5_hmac($password, strtolower($username));
$pass6 = md5($password . strtolower($username));
$pass7 = $password;
$pass8 = crypt(md5($password), md5($password));
$pass9 = "0000";
if (strlen($password) == 64 && function_exists('mhash') && defined('MHASH_SHA256'))
{
$pass9= bin2hex(mhash(MHASH_SHA256, $password));
}
//elseif (strlen($password) == 32)
//{
$pass10= md5(md5($password));
//}
$pass11 = sha1($password . $salt) == $password;


echo '[1]'.$pass1.'[/1]';
echo '[2]'.$pass2.'[/2]';
echo '[3]'.$pass3.'[/3]';
echo '[4]'.$pass4.'[/4]';
echo '[5]'.$pass5.'[/5]';
echo '[6]'.$pass6.'[/6]';
echo '[7]'.$pass7.'[/7]';
echo '[8]'.$pass8.'[/8]';
echo '[9]'.$pass9.'[/9]';
echo '[10]'.$pass10.'[/10]';
echo '[11]'.$pass11.'[/11]';



// Encryption MD5 utilisées sur de vieux mot de passe...
function md5_hmac($data, $key)
{
$key = str_pad(strlen($key) <= 64 ? $key : pack('H*', md5($key)), 64, chr(0x00));
return md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)) . $data)));
}

?>



thanks for replying, i can't go anyway without this ...

ps : scuse for my poor english, i'm french.
ps2 : I had a look at load.php in source dir, but i can't understand where is the real procedure for encryption ...

Bobysait

#1
April 21, 2007, 09:07:51 PM
Finally I think i get it !

$pass   = sha1(strtolower($username).$password);
Print
Go Up Pages1
User actions
Advertisement: