Php Check with login password md5

Need some custom code changes to the phpBB core simple enough that you feel doesn't require an extension? Then post your request here so that community members can provide some assistance.

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

NOTE: NO OFFICIAL SUPPORT IS PROVIDED IN THIS SUB-FORUM
Locked
geankevin
Registered User
Posts: 1
Joined: Mon Dec 10, 2018 10:07 pm

Php Check with login password md5

Post by geankevin »

i want login, this incorrect password :/ i try all don't work this
pls i need help

Code: Select all

<?php
$link = mysqli_connect("localhost", "test","test123");
$database = mysqli_select_db($link, "test");

$user = $_GET['username_clean'];
$password = $_GET['user_password'];
$hwid = $_GET['hwid'];
$tables = "phpbb_users";
$token = $_GET['token'];

$sql = "SELECT * FROM ". $tables ." WHERE username_clean = '". mysqli_real_escape_string($link,$user) ."'" ;
$result = $link->query($sql);
if ($result->num_rows > 0) {
    // Outputting the rows
    while($row = $result->fetch_assoc())
    {
        $password = $row['user_password'];
        $salt = $row['salt'];
        $plain_pass = $_GET['user_password'];
        $stored_pass = md5(md5($salt).md5($plain_pass));


		$passwordstatus;
		$hwidstatus;

        echo "{<br>";

        if($stored_pass != $row['user_password'])
        {
            echo "password: false<br>";
        }
        else
        {
            echo "password: true<br>";
        }

        echo "group: " . $row['group_id'] . "<br>";
        echo "additionalgroups: " . $row['group_id'] . "<br>";

        if (strlen($row['hwid']) > 1)
        {
            if ($hwid != $row['hwid'])
            {
                echo "hwid: false<br>";
            }
            else
            {
                echo "hwid: true<br>";
            }
        }
        else
        {
            $sql = "UPDATE ". $tables ." SET hwid='$hwid' WHERE username_clean='$user'";
            if(mysqli_query($link, $sql))
            {
                echo "hwid: true<br>";
            }
            else
            {
                echo "hwid: false<br>";
            }
        }
		
		echo "token: " . $_GET['token'] . "<br>";
		
		echo "}";
		
    }
}
else
{
   echo "password: false";
}
?>

User avatar
bbthailand
Translator
Posts: 76
Joined: Wed Jun 18, 2008 6:00 am
Contact:

Re: Php Check with login password md5

Post by bbthailand »

I thank it must use Oauth.
User avatar
axe70
Registered User
Posts: 752
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Name: Alessio
Contact:

Re: Php Check with login password md5

Post by axe70 »

if i am not wrong, may you want to know something like this?

Code: Select all

// If the hash still old md5
    if ( $hash != null && strlen($hash) <= 32 ) {
        $check = hash_equals( $hash, md5( $password ) );
     }
     if ($check === true){ 
      // the pass is ok
      }
     
Do not take me too serious
Anyway i do not like Discourse
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: Php Check with login password md5

Post by HiFiKabin »

bbthailand wrote: Thu Jan 27, 2022 4:49 am I thank it must use Oauth.
Bumping a 4 year old topic is not likely to be helpful for anyone as code and versions have changed many times in that time.

Hence closing
Locked

Return to “phpBB Custom Coding”