Page 1 of 1
Invision...again...
Posted: Sun Feb 20, 2005 2:49 pm
by dwfait
Hi. Got a problem with Invision....
It uses an MD5 for the password. However, triying to login through a custom script..when i convert the password to MD5, its different to the MD5 in the forums database. Does anyone know if invision does anything to password strings before encrypting them in MD5?
Posted: Sun Feb 20, 2005 4:05 pm
by timvw
how have you stored them in your database? what is the size of the database column?
Posted: Sun Feb 20, 2005 4:38 pm
by PrObLeM
take a know password/hash from invision and md5 it and make sure the hashes are the same and compare them ...make sure they are the same.
Posted: Sun Feb 20, 2005 5:20 pm
by dwfait
thats what i have done. Its not the same. So invision must do something to its passwords...
Posted: Sun Feb 20, 2005 5:22 pm
by John Cartwright
Not sure if they still provide support for their free forums, but if they do I'm sure you will have better luck there.
Posted: Sun Feb 20, 2005 10:55 pm
by thegreatone2176
check the database and make sure that if its varchar that its set high enough because i have actually made it too short before and screwed up the script.
Also check the method they use to compare it and make sure they are just md5'ing the entered pass and not combining more that one method.
Posted: Tue Feb 22, 2005 11:21 pm
by dwfait
Well, i have found this in the code:
Code: Select all
//-----------------------------------------
// Check password...
//-----------------------------------------
if ( $ibforums->converge->converge_authenticate_member( $password ) != TRUE )
{
$this->log_in_form( 'wrong_pass' );
}
But where would i find this function in the code? Theres loads of include files and i dont know which it would be in.
Posted: Tue Feb 22, 2005 11:36 pm
by feyd
first find where $ibforums is set, to figure out which class it is. Then find what class the converge member is.. that class will have a method called converge_authenticate_member() ..
Posted: Wed Feb 23, 2005 12:17 am
by dwfait
No wonder i couldnt find it. I tracked down this in the source:
Code: Select all
require KERNEL_PATH."class_converge.php";
KERNAL_PATH appears to be a preset pointer to a folder, but what folder would it be?
EDIT: nm, found it. Leads me on another goose chase to find another function in a nother class which i have to go find now :-\
Posted: Wed Feb 23, 2005 10:17 pm
by hongco
I cannot remember exactly how they have done it, but the idea is....when user registers ....a random, a variable called salt, generated....this salt is combined with already md5 password.....and this combination is then md5 again.
The salt is stored on one of the tables on forums' database, and the encoded passowrd is stored on another table. This is the reason why your encoded password is different than that of the forums.
If you still have problem with it... i will take a look at the forums script ....
What version of forums do you use?
Note: in the earlier version of invision, 1.2 and ealier, and the current version of phpbb, md5 the password once without using the salt.