I'm building an application for my site with C#. I just had a few questions about it really quick.
For the password I know its md5 encrypted with a salt. Is the salt after its pulled from the database and before its added to the password is it md5 encrypted two?
Or is the salt just added automatically to the end of the password?
It's done like this I believe:
md5(md5(salt).md5(password))
One thing you can do is let all MyBB do all the work for you, simply POST "username" and "password" data to
www.yourforumdomain.com/member.php?action=do_login and you can search the result source code for "Welcome Back, YourUsername" and if it finds it it means the login was successful, if it doesn't then it will most likely display "welcomeblock guest".
Thanks euantor. So you orginally pull the salt md5 that mdt the password and then md5 the entire thing. Thanks for the help.
Yup. Here's the actual function from the MyBB Core:
/**
* Salts a password based on a supplied salt.
*
* @param string The md5()'ed password.
* @param string The salt.
* @return string The password hash.
*/
function salt_password($password, $salt)
{
return md5(md5($salt).$password);
}
Thanks a lot. I was about to start going to my C# help site for this but, what you posted helped me out. I'm getting the correct password created now to use myBB as my login system. Thanks for the help guys.
Next up will be registration through my game once i get it up and running. Once again thanks for the help.