Invision...again...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Invision...again...

Post by dwfait »

Hi. Got a problem with Invision....

It uses an MD5 for the password. However, triying to login through a custom script..when i convert the password to MD5, its different to the MD5 in the forums database. Does anyone know if invision does anything to password strings before encrypting them in MD5?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

how have you stored them in your database? what is the size of the database column?
User avatar
PrObLeM
Forum Contributor
Posts: 418
Joined: Sun Mar 07, 2004 2:30 pm
Location: Mesa, AZ
Contact:

Post by PrObLeM »

take a know password/hash from invision and md5 it and make sure the hashes are the same and compare them ...make sure they are the same.
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

thats what i have done. Its not the same. So invision must do something to its passwords...
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Not sure if they still provide support for their free forums, but if they do I'm sure you will have better luck there.
thegreatone2176
Forum Contributor
Posts: 102
Joined: Sun Jul 11, 2004 1:27 pm

Post by thegreatone2176 »

check the database and make sure that if its varchar that its set high enough because i have actually made it too short before and screwed up the script.

Also check the method they use to compare it and make sure they are just md5'ing the entered pass and not combining more that one method.
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

Well, i have found this in the code:

Code: Select all

//-----------------------------------------
		// Check password...
		//-----------------------------------------
		
		if ( $ibforums->converge->converge_authenticate_member( $password ) != TRUE )
		{
			$this->log_in_form( 'wrong_pass' );
		}
But where would i find this function in the code? Theres loads of include files and i dont know which it would be in.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

first find where $ibforums is set, to figure out which class it is. Then find what class the converge member is.. that class will have a method called converge_authenticate_member() ..
dwfait
Forum Contributor
Posts: 113
Joined: Sun Aug 01, 2004 10:36 pm

Post by dwfait »

No wonder i couldnt find it. I tracked down this in the source:

Code: Select all

require KERNEL_PATH."class_converge.php";
KERNAL_PATH appears to be a preset pointer to a folder, but what folder would it be?

EDIT: nm, found it. Leads me on another goose chase to find another function in a nother class which i have to go find now :-\
hongco
Forum Contributor
Posts: 186
Joined: Sun Feb 20, 2005 2:49 pm

Post by hongco »

I cannot remember exactly how they have done it, but the idea is....when user registers ....a random, a variable called salt, generated....this salt is combined with already md5 password.....and this combination is then md5 again.

The salt is stored on one of the tables on forums' database, and the encoded passowrd is stored on another table. This is the reason why your encoded password is different than that of the forums.

If you still have problem with it... i will take a look at the forums script ....
What version of forums do you use?


Note: in the earlier version of invision, 1.2 and ealier, and the current version of phpbb, md5 the password once without using the salt.
Post Reply