MyBB Community Forums

Hi, I am making an authorization system for my programs so my users can use them. However, I also incorporated this little authorization system into my programs that will check to see if they are a member of my forum and if they are in the proper group.

However, I can't seem to get the proper password hash key from the password they enter in...how do I get this? I already tried:

$stored_pass = md5(md5($salt).md5($plain_pass));

but it does not work. I mean, I have access to the database values like the SALT and the UID and everything...I just need to compare the password they enter into my program with the password in the database. Anyway to do this??

Well, that's the algorithm, if it doesn't work you won't be using it right or using the correct values. $salt is the stored salt for the user, $plain_pass is what they enter when they login, and after this is all run through that code, $stored_pass is what's in the password column in the database. So if md5(md5($stored_salt).md5($input_password)) is equal to the stored password, they've used the correct password, if it isn't the same, they haven't.

Post the code you're using.

Hi Matt,

I'm using:

$entered_pass = md5(md5($row['salt']).md5($pass));

This returns a different password key than the one in the database. In other words, they don't match...

OK, so $pass is the inputted password from the form, and then you check $entered_pass against what I presume is $row['password'], right??

Yes, that is precisely what I did Matt.

if($entered_pass == $row['password']){
//display success message here
}

I used echo to output both and they're completely different hash keys...

Then there must be something wrong with $pass. Look, upload this file to your forum root:
[attachment=21380]

Login with it, it'll say it's correct when it's correct and say it's wrong when it's wrong, and it's using the same algorithm.

That works. You're awesome, Matt!