hash_passwrd

Xarcell · January 06, 2013, 11:27:37 AM

Quote from: Arantor on January 04, 2013, 01:39:10 PM
The reason I'm asking is because I'm 99% certain you're trying to do something YOU DON'T NEED TO DO.

I agree...

hebrew878 · January 06, 2013, 01:05:40 PM

@Arantor Where are you getting this session id from? its hidden in the login form

onsubmit event javascript generates hash_passwrd using these(sessionid,username,password) parameters and finaly generated hash_passwrd append to the form for submission. do u still need more explanation?

https://github.com/SimpleMachines/SMF2.1/blob/release-2.1/Themes/default/scripts/script.js
https://github.com/SimpleMachines/SMF2.1/blob/release-2.1/Themes/default/scripts/sha1.js

hebrew878 · January 06, 2013, 01:09:32 PM

Quote from: Xarcell on January 06, 2013, 11:27:37 AM
Quote from: Arantor on January 04, 2013, 01:39:10 PM
The reason I'm asking is because I'm 99% certain you're trying to do something YOU DON'T NEED TO DO.

I agree...

please repair your signature

Kindred · January 06, 2013, 01:14:39 PM

hebrew...

instead of demanding and repeating yourself, why don't you try answering the questions which were asked.

1- what - EXACTLY - are you trying to do?
2- WHY are you passing login information around? (this goes hand-in-hand with #1)

Please try to understand... the people who have contributed to this discussion so far know EXACTLY what they are talking about - and you (obviously) do not. Answer their questions and they will be able to help you. If you don't, they won't... because you are asking the wrong question(s) for the wrong reasons... and you apparently are making assumptions and conclusions which are (most likely) incorrect.

hebrew878 · January 06, 2013, 01:21:23 PM

Quote from: Kindred on January 06, 2013, 01:14:39 PM
hebrew...

instead of demanding and repeating yourself, why don't you try answering the questions which were asked.

1- what - EXACTLY - are you trying to do?
2- WHY are you passing login information around? (this goes hand-in-hand with #1)

Please try to understand... the people who have contributed to this discussion so far know EXACTLY what they are talking about - and you (obviously) do not. Answer their questions and they will be able to help you. If you don't, they won't... because you are asking the wrong question(s) for the wrong reasons... and you apparently are making assumptions and conclusions which are (most likely) incorrect.

i want to login to a forum using a php script(external) this is my objective please dont ask me why do u want to login

mashby · January 06, 2013, 01:22:48 PM

Since you asked Kindred not to, I'll ask!

why do u want to login

Arantor · January 06, 2013, 01:23:39 PM

Which brings me back to the question I asked back dozens of posts ago... is this on another server? If it's not on another server, you almost certainly don't need any of this.

hebrew878 · January 06, 2013, 01:25:29 PM

yes php script is on external server

hebrew878 · January 06, 2013, 01:28:02 PM

Quote from: mashby on January 06, 2013, 01:22:48 PM
Since you asked Kindred not to, I'll ask!
why do u want to login

secret remains secret untill its leaked

Kindred · January 06, 2013, 01:30:03 PM

I'll say it again...

Quote from: Kindred on January 06, 2013, 01:14:39 PM
Please try to understand... the people who have contributed to this discussion so far know EXACTLY what they are talking about - and you (obviously) do not. Answer their questions and they will be able to help you. If you don't, they won't... because you are asking the wrong question(s) for the wrong reasons... and you apparently are making assumptions and conclusions which are (most likely) incorrect.

Unless you are willing to share, we are, essentially, unable to help.
It's not like you are talking about state secrets...

hebrew878 · January 06, 2013, 01:34:08 PM

ok thanks supporters keep going, i am marking this thread as solved and i will find the answer by myself

good bye smf

Xarcell · January 06, 2013, 06:57:54 PM

Using a PHP script on an external server to login, sounds like hack attempt to me.

hebrew878 · January 08, 2013, 03:33:53 PM

<?php
$u="admin";//username
$p="admin";//password
$s="9239b61f938d24e676ff88d8b6b03809";//sessionid data hidden in the form
echo sha1(sha1(strtolower($u) . $p) . $s);//value of hash_passwrd
?>

hebrew878 · January 08, 2013, 03:35:30 PM

Quote from: Xarcell on January 06, 2013, 06:57:54 PM
Using a PHP script on an external server to login, sounds like hack attempt to me.

not exactly.

Arantor · January 08, 2013, 03:46:53 PM

Congratulations, you've figured out a big secret, even though it should have been fairly obvious earlier.

I hope you feel very proud of yourself.

hebrew878 · January 08, 2013, 03:54:07 PM

Quote from: Arantor on January 08, 2013, 03:46:53 PM
Congratulations, you've figured out a big secret, even though it should have been fairly obvious earlier.

I hope you feel very proud of yourself.

it was a simple one which you guys refused to tell me

Arantor · January 08, 2013, 03:55:25 PM

I refused for ethical reasons. I'm sorry you couldn't see that.

hebrew878 · January 08, 2013, 03:59:17 PM

no problem man

ascaland · January 08, 2013, 04:02:47 PM

Quote from: hebrew878 on January 08, 2013, 03:59:17 PM
no problem man

leave

emanuele · January 08, 2013, 04:54:39 PM

It's always nice to know people don't read my posts at all...oh well.

News:

hash_passwrd