Thread: Need help with MD5 (PHPBB3)

Results 1 to 7 of 7
  1. #1 Need help with MD5 (PHPBB3) 
    Registered Member

    Join Date
    Oct 2007
    Posts
    1,017
    Thanks given
    1
    Thanks received
    3
    Rep Power
    562
    I'm trying to intergrate my PHPBB3 forums with my server, however I'm getting the following problem.

    Both passwords are the same (the one I used with logging in & the one into the MySQL database) however it returns both a another MD5 encryption.

    I tested this onto the password 'w13m11rs'

    Code:
    [00:00:36]: User INPUT: a8573850817e59f64c9c3393bbb025fe
    [00:00:36]: PHPBB3: $H$711OXgIf9h3Oo9F7O7i.iUf4QYg/e60
    Here the methods I'm using (Most credits go to Ultimate)

    Code:
    public boolean checkAccount(String enteredUser, String enteredPass) {
    		try {
    			Statement stmt = MySQL.conn.createStatement();
    			ResultSet rs;
    			rs = stmt
    					.executeQuery("SELECT * FROM phpbb_users WHERE username = '"
    							+ enteredUser + "'");
    			while (rs.next()) {
    				String password = rs.getString("user_password");
    				//String salt = rs.getString("salt");
    				String myInput = passHash(enteredPass);
    				System.out.print("User INPUT: "+myInput+"\r\n");
    				System.out.print("PHPBB3: "+password+"\r\n");
    				if (enteredPass.equalsIgnoreCase(password)) {
    					return true;
    				} else {
    					return false;
    				}
                                                 
    			}
                            stmt.close();
    		} catch (Exception e) {
    			System.err.println(e.getMessage());
    		}
    		return false;
    	}
    
    	
    	
    	public String passHash(String in) {
    		String passM = new MD5(in).compute();
    		return new MD5(passM).compute();
    	}
    Anyone knows what's wrong?

    Thanks,

    William.D
    <William.D | Perfectworld> before
    Reply With Quote  
     

  2. #2  
    Banned

    Join Date
    Jan 2007
    Age
    30
    Posts
    4,417
    Thanks given
    3
    Thanks received
    105
    Rep Power
    0
    My guess is phpbb3 uses a different type of md5 hashing?
    Reply With Quote  
     

  3. #3  
    Banned

    Join Date
    Jul 2007
    Age
    31
    Posts
    1,438
    Thanks given
    43
    Thanks received
    21
    Rep Power
    0
    //String salt = rs.getString("salt");
    do it
    String salt = rs.getString("salt");
    Reply With Quote  
     

  4. #4  
    Programmer, Contributor, RM and Veteran




    Join Date
    Mar 2007
    Posts
    5,147
    Thanks given
    2,656
    Thanks received
    3,731
    Rep Power
    5000
    Quote Originally Posted by Raid View Post
    My guess is phpbb3 uses a different type of md5 hashing?
    Yes that is correct, they use some custom method. I don't know how it works, but when I was doing the same thing I modified phpbb to just do a plain hash of the password.
    .
    Reply With Quote  
     

  5. #5  
    Registered Member

    Join Date
    Oct 2007
    Posts
    1,017
    Thanks given
    1
    Thanks received
    3
    Rep Power
    562
    I already found a class whichh can set passwords to phpbb3 hash, trying it now. Thanks all.

    Edit: NOT WORKING - I'm using this; http://larsho.blogspot.com/2008/02/p...n-phpbb-3.html They just remade the PHPBB3 functions in PHP (includes/functions.php). I checked it and everything seems fine. Anyone knows what wrong? The PHP Functions: http://pastebin.com/m1402ec1a
    <William.D | Perfectworld> before
    Reply With Quote  
     

  6. #6  
    Banned

    Join Date
    Jan 2007
    Age
    30
    Posts
    4,417
    Thanks given
    3
    Thanks received
    105
    Rep Power
    0
    I think it has something to do with this bit:
    Code:
      String _hash_crypt_private(String password, String setting) {
          String output = "*";
    
          // Check for correct hash
          if (!setting.substring(0, 3).equals("$H$"))
            return output;
    
          int count_log2 = itoa64.indexOf(setting.charAt(3));
          if (count_log2 < 7 || count_log2 > 30)
            return output;
    
          int count = 1 << count_log2;
          String salt = setting.substring(4, 12);
          if (salt.length() != 8)
            return output;
    
          String m1 = md5(salt + password);
          String hash = pack(m1);
          do {
            hash = pack(md5(hash + password));
          } while (--count > 0);
    
          output = setting.substring(0, 12);
          output += _hash_encode64(hash, 16);
    
          return output;
      }
    Reply With Quote  
     

  7. #7  
    Registered Member

    Join Date
    Oct 2007
    Posts
    1,017
    Thanks given
    1
    Thanks received
    3
    Rep Power
    562
    bump
    <William.D | Perfectworld> before
    Reply With Quote  
     


Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


User Tag List

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •