About Passwords

[lotus55]

I would like to understand how to recognize the password in the database, I get a code, this should be md5 but it is not, how to make an appointment to such a confirmation password for login? How to see a change that password?

[MentaL]

[das7002]

This is how Ronny encodes it in JSP

Code:

String pw_encode(String salt, MessageDigest alg)
    {
        alg.reset(); 
        alg.update(salt.getBytes());
        byte[] digest = alg.digest();
        StringBuffer hashedpasswd = new StringBuffer();
        String hx;
        for(int i=0; i<digest.length; i++)
        {
            hx =  Integer.toHexString(0xFF & digest[i]);
            //0x03 is equal to 0x3, but we need 0x03 for our md5sum
            if(hx.length() == 1)
            {
                hx = "0" + hx;
            } 
            hashedpasswd.append(hx);
        }
        salt = "0x" + hashedpasswd.toString();

            return salt;
       }

[lotus55]

But what is the logic of programming in php for this?

[lotus55]

Nobody? I think it would be in everyone's interest to understand this, recover password, password by sending emails etc..

[[D@nte]]

open your register.php and u've the php syntax -.-

md5(username.password)

[vixio_dv]

i think already password change php script. just add email sender

[lotus55]

ok, the script says that record is saved in md5

model md5:

99e2b89f3cda731add47da0c4a7698c1e4c80ba3

the database is saved as:

Ž=&°â^1v×ß\ì̳(

Öã±VB:SªÌ)‚

What could this be?

What is the logic to read? When trying to correct MD5 CORRECT COSEGA not log into the game.

---------- Post added at 03:05 PM ---------- Previous post was at 02:50 PM ----------

One thing I noticed, the script saves the database without quotation marks, JAVA can make reading more php not. By placing quotation marks around the game does not recognize login.

[vixio_dv]

ok now what do you want to do? you want make login like control panel for players?

[nofxpunkerbrian]

what you do is:

Get Password entered in form:
Convert md5(username.password);
Get the Password from the SQL DB
fn_varbintohexsubstring run this function entering all syntax
Compare the 2
if correct proceed

[lotus55]

I'm having a panel, as I could not read, convert the password in PHP, I am using login and password a second (keyword) to log into the player panel. But many people do not remember the key word and wanted to use the same password for the game.

---------- Post added at 03:39 PM ---------- Previous post was at 03:31 PM ----------

So the key word to solve the problem would be the function:

fn_varbintohexsubstring?

[vixio_dv]

something like this. please download change password script from nofxpunkerbrian, you only need little modified. just delete sql excute update

Code:

	$GetAccountArray = Mysql_Fetch_Array($GetAccountInfo);
	$GetPassword = $GetAccountArray['passwd'];
	$GetPassword = addslashes($GetPassword);
	$rs = mysql_query("SELECT fn_varbintohexsubstring (1,'$GetPassword',1,0) AS result");
	$GetResult = Mysql_Fetch_Array($rs);
	$CheckPassword = $GetResult['result'];

---------- Post added at 04:18 PM ---------- Previous post was at 04:16 PM ----------

at the first line, you will see password checking. and after all match, thats will update sql, just read all php code, you will understand.

[nofxpunkerbrian]

Well you cant convert md5 back to text it is very complicated so the only way to do it is meet the code half way and reference from there.

[lotus55]

After a brief survey of the role that the nofxpunkerbrian offered, I believe I will get, I get the logic now, thanks for the help.

[vixio_dv]

change back md5 to text its mean cracking.. its imposible. u only can use brute force

[lotus55]

managed to bring the BD right way but even doing the md5, but the result does not match:

0xc3a7c2ad010426c5a0c2ba354fc3b7c3b84128272c2e
0xe7ad0104268aba354ff7f84128272c2e

The first is the BD, and below is what do you put in your hand, ta missing something. = /

[das7002]

u only can use brute force

I used to run a site that specialized in that, every time you used it to make hashes it stored them in the database, and then you could undo them because it just read them from the database, got pretty large at one point then the server it was on had a hard drive failure out of the blue (no backup ftl) and it went poof so I lost it >_>

[vixio_dv]

I used to run a site that specialized in that, every time you used it to make hashes it stored them in the database, and then you could undo them because it just read them from the database, got pretty large at one point then the server it was on had a hard drive failure out of the blue (no backup ftl) and it went poof so I lost it >_>

yes, md5 site they are hacking community, they save all password to they database, and its for they soft, md5 cracking soft. and for lotus55 you cannot convert md5 to text with php code or what is thats, if you can, no one use md5 for database password security, and CNN will publish news about you
if want make recover password, just make generate password with php code, and input to database, with email sending.

[lotus55]

A little work, but we are here to login with the password panel game, thanks to fn_ offered with chgpass function that has been shared. Thanks again to everyone.

The condition is as follows:

if(mysql_num_rows($result) > 0){
$lista = mysql_fetch_assoc($result);
$GetPassword = $lista['passwd'];
$GetPassword = addslashes($GetPassword);
$rs = mysql_query("SELECT fn_varbintohexsubstring (1,'$GetPassword',1,0) AS result");
$GetResult = Mysql_Fetch_Array($rs);