Invision...again...
Moderator: General Moderators
Invision...again...
Hi. Got a problem with Invision....
It uses an MD5 for the password. However, triying to login through a custom script..when i convert the password to MD5, its different to the MD5 in the forums database. Does anyone know if invision does anything to password strings before encrypting them in MD5?
It uses an MD5 for the password. However, triying to login through a custom script..when i convert the password to MD5, its different to the MD5 in the forums database. Does anyone know if invision does anything to password strings before encrypting them in MD5?
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
thegreatone2176
- Forum Contributor
- Posts: 102
- Joined: Sun Jul 11, 2004 1:27 pm
Well, i have found this in the code:
But where would i find this function in the code? Theres loads of include files and i dont know which it would be in.
Code: Select all
//-----------------------------------------
// Check password...
//-----------------------------------------
if ( $ibforums->converge->converge_authenticate_member( $password ) != TRUE )
{
$this->log_in_form( 'wrong_pass' );
}No wonder i couldnt find it. I tracked down this in the source:
KERNAL_PATH appears to be a preset pointer to a folder, but what folder would it be?
EDIT: nm, found it. Leads me on another goose chase to find another function in a nother class which i have to go find now :-\
Code: Select all
require KERNEL_PATH."class_converge.php";EDIT: nm, found it. Leads me on another goose chase to find another function in a nother class which i have to go find now :-\
I cannot remember exactly how they have done it, but the idea is....when user registers ....a random, a variable called salt, generated....this salt is combined with already md5 password.....and this combination is then md5 again.
The salt is stored on one of the tables on forums' database, and the encoded passowrd is stored on another table. This is the reason why your encoded password is different than that of the forums.
If you still have problem with it... i will take a look at the forums script ....
What version of forums do you use?
Note: in the earlier version of invision, 1.2 and ealier, and the current version of phpbb, md5 the password once without using the salt.
The salt is stored on one of the tables on forums' database, and the encoded passowrd is stored on another table. This is the reason why your encoded password is different than that of the forums.
If you still have problem with it... i will take a look at the forums script ....
What version of forums do you use?
Note: in the earlier version of invision, 1.2 and ealier, and the current version of phpbb, md5 the password once without using the salt.