Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Developers' Forum

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 23rd January 2011, 13:48
davesco davesco is offline
Junior Member
 
Join Date: Jan 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Centralizacion de cambio de password

Hola buenas tardes, estoy haciendo una aplicacion en php para que todos los usuarios de la oficina puedan cambiar la password de otras aplicaciones que tenemos en php y ya de paso poder incluir el cambio password del correo.

El problema lo tengo cuando intento comparar el hash que no coincide.

El hash y semilla que genera al crear la cuenta ispconfig 3.0.3.2 seria:

Ejemplo la password 11223344 equivale entre otros hash a:
$1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

Entoces si password 11223344 es igual a $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

la semilla seria $1$ueeJE1n7$

Lo que estoy haciendo es lo siguiente:

$password = "{$_POST['password']}";
$passencry = crypt(stripslashes('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

Y el resultado es:
$1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

Error no coincide, tambien he probado:

$password = "{$_POST['password']}";
$passencry = crypt(md5('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

Y el resultado es:
$1$ueeJE1n7$XUbHsrpfXhG4HwC0DxRXe0

Error no coincide, tambien he probado:

$password = "{$_POST['password']}";
$passencry = crypt(('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

Y el resultado es:
$1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

Error no coincide, tambien he probado:

$password = "{$_POST['password']}";
$passencry = md5(('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");


$>aAW}-f,g^

Nada que estoy como loco y no encuentro la manera de ver como lo encrypta si alguien me puede ayudar, se lo agradecere de por vida.

Saludos a todos.
--------------------------------------------------------------------------
Hi good afternoon, I am making an application in php for all office users can change the password of other applications in php and we have already happened to include the change password mail.

The problem as I have when I try to compare the hash does not match.

The hash and seed generated when creating the account ispconfig 3.0.3.2 would be:

Example, 11223344 equals among other password hash:
$1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

So if password 11223344 = $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

would seed $1$ueeJE1n7$

What I am doing is this:

$password = "{$_POST['password']}";
$passencry = crypt(stripslashes('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

And the result:
$1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

Mismatch error, I've also tried:

$password = "{$_POST['password']}";
$passencry = crypt(md5('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

And the result:
$1$ueeJE1n7$XUbHsrpfXhG4HwC0DxRXe0

Mismatch error, I've also tried:

$password = "{$_POST['password']}";
$passencry = crypt(('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

And the result:
$1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

Mismatch error, I've also tried:

$password = "{$_POST['password']}";
$passencry = md5(('$password'),('$1$ueeJE1n7$') );
mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");


$>aAW}-f,g^

Nothing that I'm crazy and can not find a way to see how it encrypta if anyone can help me, I thank you for life.

Greetings to everyone.
Reply With Quote
Sponsored Links
  #2  
Old 23rd January 2011, 20:48
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,340
Thanks: 810
Thanked 5,171 Times in 4,055 Posts
Default

This kind of password is the Default for all linux systems, so not ispconfig specific. A crpyt-md5 password used by Linux is e.g. verified like this (see ispconfoig sourcecode):

Code:
$saved_password = '$1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.';
$salt = '$1$'.substr($saved_password,3,8).'$';
if(crypt($passwort,$salt) == $saved_password) {
    echo 'verified successfully.';
}
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 23rd January 2011, 23:15
davesco davesco is offline
Junior Member
 
Join Date: Jan 2011
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default Gracias Till -- Thanks Till

Gracias Till.
Lo tenia delante y no era capaz de verlo.
Ahora he visto la tonteria que estaba haciendo, en vez de encriptar el contenido del campo del formulario que guardaba en ($password) lo que estaba encriptando era la palabra (password) con el simbolo ($).

no es lo mismo:

$passencry = crypt('$password','$1$ueeJE1n7$');


--------------------

Y este es el correcto

$passencry = crypt($password,'$1$ueeJE1n7$');

Gracias Till

--------------------------------------------------------------------------


Thanks Till.
I had it before and could not see him.
Now I've seen the nonsense he was doing, instead of encrypting the contents of the form field that kept it in ($ password) that was encrypted was the word (password) with the symbol ($).

is not the same:

$passencry = crypt('$password','$1$ueeJE1n7$');


--------------------

And this is correct

$passencry = crypt($password,'$1$ueeJE1n7$');

Thanks Till
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Newb: Desperately need help to password protect a directory smartin Installation/Configuration 47 19th February 2010 18:01
postfix: "unknown user" with mysql auth. Kruser Server Operation 3 18th June 2009 18:20
Samba LDAP, Webmin User password mperreault Server Operation 0 26th August 2008 14:34
Password bug NIXin General 8 8th May 2008 15:08
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 00:54.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.