Centralizacion de cambio de password

Discussion in 'Developers' Forum' started by davesco, Jan 23, 2011.

  1. davesco

    davesco New Member

    Hola buenas tardes, estoy haciendo una aplicacion en php para que todos los usuarios de la oficina puedan cambiar la password de otras aplicaciones que tenemos en php y ya de paso poder incluir el cambio password del correo.

    El problema lo tengo cuando intento comparar el hash que no coincide.

    El hash y semilla que genera al crear la cuenta ispconfig 3.0.3.2 seria:

    Ejemplo la password 11223344 equivale entre otros hash a:
    $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

    Entoces si password 11223344 es igual a $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

    la semilla seria $1$ueeJE1n7$

    Lo que estoy haciendo es lo siguiente:

    $password = "{$_POST['password']}";
    $passencry = crypt(stripslashes('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    Y el resultado es:
    $1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

    Error no coincide, tambien he probado:

    $password = "{$_POST['password']}";
    $passencry = crypt(md5('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    Y el resultado es:
    $1$ueeJE1n7$XUbHsrpfXhG4HwC0DxRXe0

    Error no coincide, tambien he probado:

    $password = "{$_POST['password']}";
    $passencry = crypt(('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    Y el resultado es:
    $1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

    Error no coincide, tambien he probado:

    $password = "{$_POST['password']}";
    $passencry = md5(('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");


    $>aéAŸW}-f,g^é

    Nada que estoy como loco y no encuentro la manera de ver como lo encrypta si alguien me puede ayudar, se lo agradecere de por vida.

    Saludos a todos. ;)
    --------------------------------------------------------------------------
    Hi good afternoon, I am making an application in php for all office users can change the password of other applications in php and we have already happened to include the change password mail.

    The problem as I have when I try to compare the hash does not match.

    The hash and seed generated when creating the account ispconfig 3.0.3.2 would be:

    Example, 11223344 equals among other password hash:
    $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

    So if password 11223344 = $1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.

    would seed $1$ueeJE1n7$

    What I am doing is this:

    $password = "{$_POST['password']}";
    $passencry = crypt(stripslashes('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    And the result:
    $1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

    Mismatch error, I've also tried:

    $password = "{$_POST['password']}";
    $passencry = crypt(md5('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    And the result:
    $1$ueeJE1n7$XUbHsrpfXhG4HwC0DxRXe0

    Mismatch error, I've also tried:

    $password = "{$_POST['password']}";
    $passencry = crypt(('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");

    And the result:
    $1$ueeJE1n7$qwT8lUmuEUz07e9SU8z6p.

    Mismatch error, I've also tried:

    $password = "{$_POST['password']}";
    $passencry = md5(('$password'),('$1$ueeJE1n7$') );
    mysql_query("insert into consultas (email,password) values ('{$_POST['email']}','$passencry')");


    $>aéAŸW}-f,g^é

    Nothing that I'm crazy and can not find a way to see how it encrypta if anyone can help me, I thank you for life.

    Greetings to everyone. ;)
     
  2. till

    till Super Moderator

    This kind of password is the Default for all linux systems, so not ispconfig specific. A crpyt-md5 password used by Linux is e.g. verified like this (see ispconfoig sourcecode):

    Code:
    $saved_password = '$1$ueeJE1n7$Fo.SWbKNQjwyguRoHE7r/.';
    $salt = '$1$'.substr($saved_password,3,8).'$';
    if(crypt($passwort,$salt) == $saved_password) {
        echo 'verified successfully.';
    }
    
    
     
  3. davesco

    davesco New Member

    Gracias Till -- Thanks Till

    Gracias Till.
    Lo tenia delante y no era capaz de verlo.
    Ahora he visto la tonteria que estaba haciendo, en vez de encriptar el contenido del campo del formulario que guardaba en ($password) lo que estaba encriptando era la palabra (password) con el simbolo ($).

    no es lo mismo:

    $passencry = crypt('$password','$1$ueeJE1n7$');


    --------------------

    Y este es el correcto

    $passencry = crypt($password,'$1$ueeJE1n7$');

    Gracias Till

    --------------------------------------------------------------------------


    Thanks Till.
    I had it before and could not see him.
    Now I've seen the nonsense he was doing, instead of encrypting the contents of the form field that kept it in ($ password) that was encrypted was the word (password) with the symbol ($).

    is not the same:

    $passencry = crypt('$password','$1$ueeJE1n7$');


    --------------------

    And this is correct

    $passencry = crypt($password,'$1$ueeJE1n7$');

    Thanks Till
     

Share This Page