Autor | Zpráva | ||
---|---|---|---|
Baterie Profil |
#1 · Zasláno: 24. 3. 2013, 19:22:12 · Upravil/a: Moderátor (editace znemožněna) 24. 3. 2013, 22:34:38
Ahoj lidi, Mám na Vás mega prosbu. Mám skript z www.hotscripts.com/listing/php-login-script-v3, který využívám na webu www.voxelcraft.cz/public/index.php. Hledal jsem už všude, ale moje znalosti v PHP nestačí na to, abych dokázal změnit zbůsob hashování hesel tohoto skriptu. Potřeboval bych změnit ten hash, který používá tento skript (SHA1+usersalt) na obyčejný MD5, nebo SHA1.
Prosím poraďte mi jak na to.. Zde máte stránku, na které se hashe generují(Alespon mysím) <?php /** * Database.php * * The Database class is meant to simplify the task of accessing * information from the website's database. * * Updated by: The Angry Frog * Last Updated: April 04, 2012 */ include("constants.php"); class MySQLDB { public $connection; //The MySQL database connection public $num_active_users; //Number of active users viewing site public $num_active_guests; //Number of active guests viewing site public $num_members; //Number of signed-up users /* Note: call getNumMembers() to access $num_members! */ /* Class constructor */ function MySQLDB(){ /* Make connection to database */ try { # MySQL with PDO_MYSQL $this->connection = new PDO('mysql:host='.DB_SERVER.';dbname='.DB_NAME, DB_USER, DB_PASS); $this->connection->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); } catch(PDOException $e) { echo "Error connecting to database."; } /** * Only query database to find out number of members * when getNumMembers() is called for the first time, * until then, default value set. */ $this->num_members = -1; $config = $this->getConfigs(); if($config['TRACK_VISITORS']){ /* Calculate number of users at site */ $this->calcNumActiveUsers(); /* Calculate number of guests at site */ $this->calcNumActiveGuests(); } } // MySQLDB function /** * Gather together the configs from the database configuration table. */ function getConfigs(){ $config = array(); $sql = $this->connection->query("SELECT * FROM ".TBL_CONFIGURATION); while($row = $sql->fetch()) { $config[$row['config_name']] = $row['config_value']; } return $config; } /** * Update Configs - updates the configuration table in the database * */ function updateConfigs($value,$configname){ $query = "UPDATE ".TBL_CONFIGURATION." SET config_value = :value WHERE config_name = :configname"; $stmt = $this->connection->prepare($query); return $stmt->execute(array(':value' => $value, ':configname' => $configname)); } /** * confirmUserPass - Checks whether or not the given username is in the database, * if so it checks if the given password is the same password in the database * for that user. If the user doesn't exist or if the passwords don't match up, * it returns an error code (1 or 2). On success it returns 0. */ function confirmUserPass($username, $password){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $query = "SELECT password, userlevel, usersalt FROM ".TBL_USERS." WHERE username = :username"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username)); $count = $stmt->rowCount(); if(!$stmt || $count < 1){ return 1; //Indicates username failure } /* Retrieve password and userlevel from result, strip slashes */ $dbarray = $stmt->fetch(); $dbarray['userlevel'] = stripslashes($dbarray['userlevel']); $dbarray['usersalt'] = stripslashes($dbarray['usersalt']); $password = stripslashes($password); $sqlpass = sha1($dbarray['usersalt'].$password); /* Validate that password matches and check if userlevel is equal to 1 */ if(($dbarray['password'] == $sqlpass)&&($dbarray['userlevel'] == 1)){ return 3; //Indicates account has not been activated } /* Validate that password matches and check if userlevel is equal to 2 */ if(($dbarray['password'] == $sqlpass)&&($dbarray['userlevel'] == 2)){ return 4; //Indicates admin has not activated account } /* Validate that password is correct */ if($dbarray['password'] == $sqlpass){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } /** * confirmUserID - Checks whether or not the given username is in the database, * if so it checks if the given userid is the same userid in the database * for that user. If the user doesn't exist or if the userids don't match up, * it returns an error code (1 or 2). On success it returns 0. */ function confirmUserID($username, $userid){ /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $query = "SELECT userid FROM ".TBL_USERS." WHERE username = :username"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username)); $count = $stmt->rowCount(); if(!$stmt || $count < 1){ return 1; //Indicates username failure } $dbarray = $stmt->fetch(); /* Retrieve userid from result, strip slashes */ $dbarray['userid'] = stripslashes($dbarray['userid']); $userid = stripslashes($userid); /* Validate that userid is correct */ if($userid == $dbarray['userid']){ return 0; //Success! Username and userid confirmed } else{ return 2; //Indicates userid invalid } } /** * usernameTaken - Returns true if the username has been taken by another user, false otherwise. */ function usernameTaken($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $query = "SELECT username FROM ".TBL_USERS." WHERE username = :username"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username)); $count = $stmt->rowCount(); return ($count > 0); } /** * usernameBanned - Returns true if the username has been banned by the administrator. */ function usernameBanned($username){ if(!get_magic_quotes_gpc()){ $username = addslashes($username); } $query = "SELECT username FROM ".TBL_BANNED_USERS." WHERE username = :username"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username)); $count = $stmt->rowCount(); return ($count > 0); } /** * addNewUser - Inserts the given (username, password, email) info into the database. * Appropriate user level is set. Returns true on success, false otherwise. */ function addNewUser($username, $password, $email, $token, $usersalt){ $time = time(); $config = $this->getConfigs(); /* If admin sign up, give admin user level */ if(strcasecmp($username, ADMIN_NAME) == 0){ $ulevel = ADMIN_LEVEL; /* Which validation is on? */ }else if ($config['ACCOUNT_ACTIVATION'] == 1) { $ulevel = REGUSER_LEVEL; /* No activation required */ }else if ($config['ACCOUNT_ACTIVATION'] == 2) { $ulevel = ACT_EMAIL; /* Activation e-mail will be sent */ }else if ($config['ACCOUNT_ACTIVATION'] == 3) { $ulevel = ADMIN_ACT; /* Admin will activate account */ } $password = sha1($usersalt.$password); $userip = $_SERVER['REMOTE_ADDR']; $query = "INSERT INTO ".TBL_USERS." SET username = :username, password = :password, usersalt = :usersalt, userid = 0, userlevel = $ulevel, email = :email, timestamp = $time, actkey = :token, ip = '$userip', regdate = $time"; $stmt = $this->connection->prepare($query); return $stmt->execute(array(':username' => $username, ':password' => $password, ':usersalt' => $usersalt, ':email' => $email, ':token' => $token)); } /** * updateUserField - Updates a field, specified by the field * parameter, in the user's row of the database. */ function updateUserField($username, $field, $value){ $query = "UPDATE ".TBL_USERS." SET ".$field." = :value WHERE username = :username"; $stmt = $this->connection->prepare($query); return $stmt->execute(array(':username' => $username, ':value' => $value)); } |
||
Alphard Profil |
Zbytek kódu z Baterie [#1]:
/** * getUserInfo - Returns the result array from a mysql * query asking for all information stored regarding * the given username. If query fails, NULL is returned. */ function getUserInfo($username){ $query = "SELECT * FROM ".TBL_USERS." WHERE username = :username"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username)); $dbarray = $stmt->fetch(); /* Error occurred, return given name by default */ $result = count($dbarray); if(!$dbarray || $result < 1){ return NULL; } /* Return result array */ return $dbarray; } /** * checkUserEmailMatch - Checks whether username * and email match in forget password form. */ function checkUserEmailMatch($username, $email){ $query = "SELECT username FROM ".TBL_USERS." WHERE username = :username AND email = :email"; $stmt = $this->connection->prepare($query); $stmt->execute(array(':username' => $username, ':email' => $email)); $number_of_rows = $stmt->rowCount(); if(!$stmt || $number_of_rows < 1){ return 0; } else { return 1; } } $password = sha1($usersalt.$password); $sqlpass = sha1($dbarray['usersalt'].$password); |
||
Baterie Profil |
#3 · Zasláno: 24. 3. 2013, 20:39:28 · Upravil/a: Baterie
No to vím, proto potřebuju pomoct
aha jo takhle :D no zkusim to nefunguje to... Změnil jsem to na: $password = sha1($password); $sqlpass = md5($password); Při registraci není žádná změna a při loginu mi skript odepíše, že jsem zadal špatné údaje. |
||
Virtus Profil |
ještě upravte tohle:
$query = "INSERT INTO ".TBL_USERS." SET username = :username, password = :password, usersalt = :usersalt, userid = 0, userlevel = $ulevel, email = :email, timestamp = $time, actkey = :token, ip = '$userip', regdate = $time"; $stmt = $this->connection->prepare($query); return $stmt->execute(array(':username' => $username, ':password' => $password, ':usersalt' => $usersalt, ':email' => $email, ':token' => $token)); $query = "INSERT INTO ".TBL_USERS." SET username = :username, password = :password, usersalt = :usersalt, userid = 0, userlevel = $ulevel, email = :email, timestamp = $time, actkey = :token, ip = '$userip', regdate = $time"; $stmt = $this->connection->prepare($query); return $stmt->execute(array(':username' => $username, ':password' => $password, ':usersalt' => '', ':email' => $email, ':token' => $token)); Pro nově vytvořené uživatele by to mělo fungovat už bez saltu a to i v případě, že zbytek kódu zůstatne nezměněn Edit: tak ponechte úpravy z [#3], minimálně tu proměnnou $password, bez té by to nefungovalo |
||
Časová prodleva: 11 let
|
0