I currently run a store utilizing oscommerce. I'm trying to create a php script which can connect to an installer app I have created and validate a customers username and password against the oscommerce database.
The simple test php script I have for plain text password verification is:
Code: Select all
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
echo OK;
} else {
echo FAILED;
}Now, the issue is with OSCommerce. It happens to use salt and an MD5 for passwords. The following is provided in OSCommerce:
Code: Select all
// This funstion validates a plain text password with an
// encrpyted password
function tep_validate_password($plain, $encrypted) {
if (tep_not_null($plain) && tep_not_null($encrypted)) {
// split apart the hash / salt
$stack = explode(':', $encrypted);
if (sizeof($stack) != 2) return false;
if (md5($stack[1] . $plain) == $stack[0]) {
return true;
}
//}
return false;
}
////
// This function makes a new password from a plaintext password.
function tep_encrypt_password($plain) {
$password = '';
for ($i=0; $i<10; $i++) {
$password .= tep_rand();
}
$salt = substr(md5($password), 0, 2);
$password = md5($salt . $plain) . ':' . $salt;
return $password;
}
?>How can I integrate this encrypted password verification with the simple script I showed at the beginning? I have been trying this for hours, but each path I venture down fails to work. Any help is appreciated!