Menu
Forums
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Trending
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Upgrades
Log in
Register
What's new
Search
Search
Search titles only
By:
All threads
Latest threads
New posts
Trending threads
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More options
Contact us
Close Menu
Forums
Server Development
Habbo Retros
Habbo Q&A
MD5 TO SHA1
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MayoMayn" data-source="post: 390525" data-attributes="member: 71840"><p>Sorry man, but you should find a new CMS, whoever made that, is a bunch of noobs who doesn't care about xss or sqli's. For the record, I would recommend using PDO. I can paste some code ina few minutes on how mine works.</p><p>[doublepost=1480473861,1480473751][/doublepost]</p><p>Totally wrong. Hashing passwords with sha1 that's already hashed with md5 is stupid lmao.</p><p>[doublepost=1480474206][/doublepost]Here's how I have done it in my CMS:</p><p>For hashing the password's when users register, I've done something similar to yours:</p><p>[PHP]</p><p>final public function hashed($password) {</p><p> return password_hash($password, PASSWORD_DEFAULT);</p><p> }</p><p>[/PHP]</p><p>And for validation passwords when user logs in, I've done this:</p><p>[PHP]</p><p>final public function passValidation($username, $password) { </p><p> global $db, $core;</p><p> $conn = $db->PDO();</p><p> try {</p><p> $stmt = $conn->pdo->prepare('SELECT `password` FROM `users` WHERE `username` = :u LIMIT 1');</p><p> $stmt->bindParam(':u', $username, $db->PARAM_STR);</p><p> $stmt->execute();</p><p> if(password_verify($password, $stmt->fetchColumn())) {</p><p> return true;</p><p> }</p><p> return false;</p><p> } catch(PDOException $e) {</p><p> die($e->getMessage());</p><p> }</p><p> $conn = null;</p><p> }</p><p>[/PHP]</p><p>Oops, please bear in mind, that I'm using class-oriented PDO, and not mysql or mysqli.</p><p>Just use:</p><p>[PHP]</p><p>if(password_verify($password, $stmt->fetchColumn())) {</p><p> return true;</p><p>}</p><p>[/PHP]</p><p>and switch out [PHP]$stmt->fetchColumn()[/PHP] with whatever users stored password in db is.</p><p></p><p>Anyway I'm just wondering, if I am really the only one with a hotel, which is not a complete shitload of deprecated coding?</p><p>[doublepost=1480474827][/doublepost]Anyway, if you want to convert md5 into sha1, devbest is probably not the best way to ask a question. A simple Google search gave you the answer:</p><p><a href="https://stackoverflow.com/questions/1381448/how-do-i-convert-password-hashing-from-md5-to-sha" target="_blank">https://stackoverflow.com/questions/1381448/how-do-i-convert-password-hashing-from-md5-to-sha</a></p></blockquote><p></p>
[QUOTE="MayoMayn, post: 390525, member: 71840"] Sorry man, but you should find a new CMS, whoever made that, is a bunch of noobs who doesn't care about xss or sqli's. For the record, I would recommend using PDO. I can paste some code ina few minutes on how mine works. [doublepost=1480473861,1480473751][/doublepost] Totally wrong. Hashing passwords with sha1 that's already hashed with md5 is stupid lmao. [doublepost=1480474206][/doublepost]Here's how I have done it in my CMS: For hashing the password's when users register, I've done something similar to yours: [PHP] final public function hashed($password) { return password_hash($password, PASSWORD_DEFAULT); } [/PHP] And for validation passwords when user logs in, I've done this: [PHP] final public function passValidation($username, $password) { global $db, $core; $conn = $db->PDO(); try { $stmt = $conn->pdo->prepare('SELECT `password` FROM `users` WHERE `username` = :u LIMIT 1'); $stmt->bindParam(':u', $username, $db->PARAM_STR); $stmt->execute(); if(password_verify($password, $stmt->fetchColumn())) { return true; } return false; } catch(PDOException $e) { die($e->getMessage()); } $conn = null; } [/PHP] Oops, please bear in mind, that I'm using class-oriented PDO, and not mysql or mysqli. Just use: [PHP] if(password_verify($password, $stmt->fetchColumn())) { return true; } [/PHP] and switch out [PHP]$stmt->fetchColumn()[/PHP] with whatever users stored password in db is. Anyway I'm just wondering, if I am really the only one with a hotel, which is not a complete shitload of deprecated coding? [doublepost=1480474827][/doublepost]Anyway, if you want to convert md5 into sha1, devbest is probably not the best way to ask a question. A simple Google search gave you the answer: [URL]https://stackoverflow.com/questions/1381448/how-do-i-convert-password-hashing-from-md5-to-sha[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Server Development
Habbo Retros
Habbo Q&A
MD5 TO SHA1
Top