Jump to content

  •  

Staff applications open!

We are currently in need of more staff members. Feel you are ready to take on the tasks of being a Community Team Member? Apply today here: http://invision-viru...f-applications/
IV Management

- - - - -

IPboard 4.4.x Login Pass & Salt


  • Please log in to reply
1 reply to this topic

#1 MarkusxX

MarkusxX

    Member

  • Member
  • PipPip
  • 23 posts

Posted 13 May 2020 - 10:48 PM

Hello, i have External PHP Code for Login to IPboard (licens system)

Now i have change all to mysqli.

What is the correct way by IPboard 4,4


$nick=$mysqli->query("SELECT * FROM ".$pf."core_members WHERE name='".$username."'");
while($rows=$nick->fetch_array()){
	$nickname=$rows['name'];
	$m_login_key = $rows['member_login_key'];
	}


$result=$mysqli->query("SELECT * FROM ".$pf."core_members WHERE member_id='" . $id . "'");
while($rows=$result->fetch_array()){
$checkpass=$rows['members_pass_hash'];
$salt=$rows['members_pass_salt'];
}

$password = md5( md5( $salt ) . md5( $password ) );


#2 cold

cold

    Management Team

  • Community Management
  • 728 posts

Posted 15 May 2020 - 06:34 PM

View PostMarkusxX, on 13 May 2020 - 10:48 PM, said:

Hello, i have External PHP Code for Login to IPboard (licens system)

Now i have change all to mysqli.

What is the correct way by IPboard 4,4


$nick=$mysqli->query("SELECT * FROM ".$pf."core_members WHERE name='".$username."'");
while($rows=$nick->fetch_array()){
$nickname=$rows['name'];
$m_login_key = $rows['member_login_key'];
}


$result=$mysqli->query("SELECT * FROM ".$pf."core_members WHERE member_id='" . $id . "'");
while($rows=$result->fetch_array()){
$checkpass=$rows['members_pass_hash'];
$salt=$rows['members_pass_salt'];
}

$password = md5( md5( $salt ) . md5( $password ) );

Your code is wrong. Firstly, IPS 4.4.x uses the php function password_hash() to store passwords with Blowfish encryption (bcrypt). These are not stored as md5 hashes.

You can use the php function password_verify() to check if a given password matches the stored hash. If password_verify() returns true, it matches. If it returns false, it doesn't match.

For more info: https://www.php.net/...word-verify.php

Community Rules | IV Discord | News
discord: cold#0001
steam: /id/hitmarker





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users