close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

MD5 with salt?

Thread began 4/05/2013 2:41 pm by john384495 | Last modified 4/29/2013 10:05 am by Jason Byrnes | 1136 views | 6 replies |

john384495

MD5 with salt?

Ok after searching the forum I am thinking this can't be done as the redirect page says login failed. Anyways, the database I am connecting to (and cannot be changed) is using a email field (varchar255), a password field (char32) with MD5 encryption and a password_salt field (char3). Looking at the only user (1 record)...which is the admin the password_salt field data is "=0=" which I assume would be the same for all user.

I was able to create the form and the redirects forms but having no success in an actual success for a login. I am assuming because I have to use MD5 for the encryption for the password field and that does not generate the extra file in the webassist folder called "wa_securitykey.php" which I guess is required for salt. Is there anyway to hardcode it.

Thank you in advance for your time.

John

Sign in to reply to this post

Jason ByrnesWebAssist

what version of security assist are you using?

the salt should not be stored in the database. The wa_secuirtykey.php file should be created in the webassist/security_assist folder. the salt should be set in that file.

also, the password field should be a varchar filed, not a char filed.


send a copy for the registration page and the login page please.

Sign in to reply to this post

john384495

WOW!!! Very sorry for taking such a long time to respond and I want to thank you for trying to help so fast. I have searched hundreds of threads and searched many keywords...their search on this application is not as good as yours and they have pretty much no documentation. Below is what I found so far in regards to their application. Your software is so much easier to use and that is why I want to create separate forms using your software instead to interface with their database to confirm the user is log in as well as making a new log in form connecting to their database. Thanks in advance for any help.

The final field we require for this table is the password. It is split up into 2 fields:
password
password_salt

The field: password
holds a 32 character salted MD5 hashed version of their password. In order to get this value we use the following PHP code:

md5(md5($PASSWORD) . md5($SALT))

The variable: $PASSWORD
holds the users password. The variable:

$SALT
holds a random set of characters. The PHP function we use is:

function getSalt($iTotal = 3)
{
$sSalt = '';
for ($i = 0; $i < $iTotal; $i++)
{
$sSalt .= chr(rand(33, 91));
}
return $sSalt;
}

For the field: password_salt
we input the value for the salt we created earlier and used in the MD5 hash.

Sign in to reply to this post

Jason ByrnesWebAssist

This would take hand coding to accomplish. You would need a recordset to lookup the entered email address, and return the salt for that email address, use the recordset value for the salt in the wa_secuirtykey.php file

Sign in to reply to this post

john384495

Thank you....I will attempt that...even with my limited skill set :)

Sign in to reply to this post

john384495

Ok Jason...I learned a lot and hopefully you can direct me some more. I will only put part of the code since I think you know the easy parts already.

1. I was able to make an HTML file with an email and password field with submit button...blah blah blah :)
2. Made a PHP file started a session for the email and password.
3. Opened a database connection found the matching email.
4. Pulled the salt from the database ($salt = $row['password_salt'];)
5. Then took the session password and applied encryption ($password = md5(md5($password) . md5($salt));)
6. Then called the database again and compared $password with the database password (if ($respassword == $password) {)
7. Came back echo...congrats login.

Now even though it comes in login....nothing was set in their software so when I attempted to do location redirect it would only go to the log in page. So within the if statement of being login at attempted to use their service (which it worked).

8. Connect to their service.

define('TheirService', true);
define('TheirService_DS', DIRECTORY_SEPARATOR);

define('TheirService_DIR', dirname(__FILE__) . TheirService_DS . 'SomeFolder' . TheirService_DS);

define('TheirService_START_TIME', array_sum(explode(' ', microtime())));
require(TheirService_DIR . 'include' . TheirService_DS . 'ini.inc.php');

list($bSuccess, $aUser) = TheirService::getService('user.auth')->login($semail, $sPassword);

if ($bSuccess == true)
{
{header("Location: http://localhost/Domain/folder/index.php?do=/place/");
exit;

Now everything works...I can use their service to pull stuff from the database but I want to use my own login form...or I really mean to use your forms and software for an outside product so when they update their stuff it won't affect me unless they change the tables and field names...which they won't. I know you said I had to put the salt in wa_secuirtykey.php file but since MD5 does not use that in your software I am not too sure what you want me to learn or do as I added the login form and tried several things but nothing works. I am somewhat new at this and this last stuff took me at least a week to learn...although happy to learn it...very stressful figuring it myself. Like I said...I want to use webassist software to create forms, security and everything else webassist has I have purchased most of it but use their database to store info and retrieve info as well. If you could give me a helping hand I would really appreciate it....thank you in advance for your time :)

JohnJr

Sign in to reply to this post

Jason ByrnesWebAssist

I'm not really sure what your question is, see private message.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...