Login password help

smorodina

As a complete beginner, I used Dreamweaver MX to create a login page. My site uses a YABBSE forum and I want to use the user list from that for access to another part of the site, so that users only have to register once. Everything works fine except the password. The Yabbse password is crypted, so I need to crypt the input password to compare with the stored one and I simply can't figure out how to do this. Again, my understanding is very limited, but I think the YABBSE uses a pw seed = 'YS' - ? Or uses the first two letters of the password to seed the rest? You can see I'm confused!! Anyway, below is the Dreamweaver code, and any help will be much appreciated.

<?php require_once(connection); ?>
<?php
// *** Validate request to login to this site.
session_start();

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($accesscheck)) {
$GLOBALS['PrevUrl'] = $accesscheck;
session_register('PrevUrl');
}

if (isset($POST['username'])) {
$loginUsername=$POST['username'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "http://www.mysite.com/members/welcome.php";
$MM_redirectLoginFailed = "http://www.mysite.com/members.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_mysite, $mysite);

$LoginRS__query=sprintf("SELECT memberName, passwd FROM mys_members WHERE memberName='%s' AND

passwd='%s'",
get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password :

addslashes($password));

$LoginRS = mysql_query($LoginRS__query, $mysite) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$GLOBALS['MM_Username'] = $loginUsername;
$GLOBALS['MM_UserGroup'] = $loginStrGroup;	      

//register the session variables
session_register("MM_Username");
session_register("MM_UserGroup");

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );

}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

<form ACTION="<?php echo $loginFormAction; ?>" name="form1" method="POST">
<table width="400" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="100">Username:</td>
<td><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td width="100">Password:</td>
<td><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td width="100"> </td>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</form>

Huuggee

it looks like YABBSE uses an md5 hash on the password.

if you look in the Sources/Load.php file, there is a function

function md5_hmac($data, $key

have a look, and you can call that function to hash the password being given in your script for login. It should retun the same value

smorodina

Thanks for the quick reply! In fact it seems in my version the password is crypted using substr($password, 0, 2), so I needed to use that on the input password - and I finally figured out how to do it. Only took two weeks! There was nothing on it in Dreamweaver's help.