[UberCMS] Password Reset

Status
Not open for further replies.
JayC

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
This one really has me stumped. It updates the password, WITH THE CORRECT MD5 Hash, and I know for sure its 100% correct because I have encrypted it and decrypted it online at multiple sources. The problem is if I change the password, the user can't log in.

PHP: 
<?php
                if(isset($_POST['TheUser'])){ //Posts The Form
                     $newPass = rand(58946, 98946); //Generates a Random Number
                     $hashedPass = md5($newPass); //Encrypts the numbers
                    $theUser = filter($_POST['TheUser']); //Grabs the posted text
                    $findUser = mysql_query("SELECT * FROM users WHERE username = '".$theUser."'"); // Tries to find the user
                   $findUser2 = mysql_fetch_assoc($findUser); //Fetch Assoc if possible
                    if(mysql_num_rows($findUser) == 0){ //Double check that user exists
                    echo "Invalid User"; //throw back user does not exist
                    }elseif($findUser2['rank'] > 7){//Make sure that user is not staff
                    echo "For Security, You can not reset this users password via housekeeping"; //Let them know they have to do it manually
                    }else{ //Otherwise
                     mysql_query("UPDATE users SET password = '".$hashedPass."' WHERE username='".$findUser2['username']."' LIMIT 1"); //Set Pass
                      echo "".$findUser2['username']."s pass has been changed to ".$newPass.""; //Echo out the new password of the user to give to them
                  }
                }
                    ?>
 
Sort by date Sort by votes
Brad

Brad

Well-Known Member
Jun 5, 2012
2,320
993
JayCustom said:
This one really has me stumped. It updates the password, WITH THE CORRECT MD5 Hash, and I know for sure its 100% correct because I have encrypted it and decrypted it online at multiple sources. The problem is if I change the password, the user can't log in.

PHP: 
<?php
                if(isset($_POST['TheUser'])){ //Posts The Form
                     $newPass = rand(58946, 98946); //Generates a Random Number
                     $hashedPass = md5($newPass); //Encrypts the numbers
                    $theUser = filter($_POST['TheUser']); //Grabs the posted text
                    $findUser = mysql_query("SELECT * FROM users WHERE username = '".$theUser."'"); // Tries to find the user
                   $findUser2 = mysql_fetch_assoc($findUser); //Fetch Assoc if possible
                    if(mysql_num_rows($findUser) == 0){ //Double check that user exists
                    echo "Invalid User"; //throw back user does not exist
                    }elseif($findUser2['rank'] > 7){//Make sure that user is not staff
                    echo "For Security, You can not reset this users password via housekeeping"; //Let them know they have to do it manually
                    }else{ //Otherwise
                     mysql_query("UPDATE users SET password = '".$hashedPass."' WHERE username='".$findUser2['username']."' LIMIT 1"); //Set Pass
                      echo "".$findUser2['username']."s pass has been changed to ".$newPass.""; //Echo out the new password of the user to give to them
                  }
                }
                    ?>
Click to expand...
Doesn't Uber use sha1? Not entirely sure, you maybe have moved it to md5 but just asking just incase lol.
 
Upvote 0 Downvote
JayC

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
Westyy said:
Doesn't Uber use sha1? Not entirely sure, you maybe have moved it to md5 but just asking just incase lol.
Click to expand...
nah it uses MD5 :( Let me double check all the code !
 
Hey, Thank you very much for having me look into it more, I traced it and found the method it was actually calling to. Look how weird this is!!
sha1(md5($password) . strtolower($username));
 
Upvote 0 Downvote
Brad

Brad

Well-Known Member
Jun 5, 2012
2,320
993
JayCustom said:
nah it uses MD5 :( Let me double check all the code !
 
Hey, Thank you very much for having me look into it more, I traced it and found the method it was actually calling to. Look how weird this is!!
sha1(md5($password) . strtolower($username));
Click to expand...
No problem, guessing you fixed the problem? If so I'll close thread.
 
Upvote 0 Downvote
Status
Not open for further replies.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top