User's table

wider · December 19, 2005, 11:29:23 AM

Hi,
where is and how is called, the table that contains gives you of the users (username, password, profile...).
Other question: with which system they come criptate the password inserted from the users at the moment of the forum registrations? (md5, crypt...)

It serves to know these things to me why I must shape my situated one web in order to make in way to make only recording for my site and forum...

Trekkie101 · December 19, 2005, 11:36:50 AM

A MySQL Query will let you do stuff to the members table.

Passwords are in SHA-1, youll see an encryption sequence in SMF source files, Register.php I'd assume.

wider · December 20, 2005, 07:52:56 AM

thanks... but... what's the name of the table?

Are you sure than crypt function is sha-1?

wider · December 20, 2005, 08:20:03 AM

The table's name is {prefix}members
but the password aren't sha1, md5, crypt (i've tested witch my one script...)
Can the software creator (or supports man) tell me the crypt mode?

Oldiesmann · December 20, 2005, 10:46:31 AM

Again, you should use SMF's built-in registration system instead of your own.

The passwords are indeed sha1:

Code Select

sha1(sha1(strtolower($regOptions['username']) . $regOptions['password']) . substr($regOptions['register_vars']['passwordSalt'], 1, -1)))

The passwordSalt is '' by default.

wider · December 21, 2005, 05:35:02 AM

i've tried: http://www.widlite.com/crypt.php [nofollow]
the script change te word that you insert in a crypted word

^{<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Documento senza titolo</title>
</head>

<body>
<?php
if (!$_GET['string']) {
?>
<b>Plese insert any word. This script cript your word in: md5(), md5(md5()), Sha1(Sha1)), Crc32(), Sha1 </b><br />
<form action="index.php" method="get">
<input type="text" name="string" width="100px" />
<input type="submit" value="Cripta" />
</form>
<?php
}
else
{
?>
<b>Results:</b>
<table>
<tr>
<td><b>Md5</b></td><td><?php print md5($_GET['string']); ?></td>
</tr>
<tr>
<td><b>Md5++</b></td><td><?php print md5(md5($_GET['string'])); ?></td>
</tr>
<tr>
<td><b>Sha1++</b></td><td><?php print sha1(sha1($_GET['string'])); ?></td>
</tr>
<tr>
<td><b>Crc32</b></td><td><?php print crc32($_GET['string']); ?></td>
</tr>
<tr>
<td><b>Sha1</b></td><td><?php print sha1($_GET['string']); ?></td>
</tr>
</table>
<?php
}
?>
</body>
</html>}

We can insert "demo" and after see the results....
if we register an user in SMF 1.0.5 with password "demo" the results is: ecce546ff0dc779242516ec8c46c0818
(I've see to table members...)

Can we help me?

wider · December 21, 2005, 09:57:15 AM

i've found the method to encrypt the forum's password:

md5(($key ^ str_repeat(chr(0x5c), 64)) . pack('H*', md5(($key ^ str_repeat(chr(0x36), 64)). $data)));

$key = username
$data = password

News:

User's table

wider

Trekkie101

wider

wider

Oldiesmann

wider

wider