Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, December 29, 2018 10:44 PM
Hey,
So, I have connected to the mysql database and everything. I am able to login however obviously because in the title the password in the database is a md5 hash. So, it isn't the users original password. I have to manually give the password to people in order for them to login. I don't want it to be this way. I want for them to be able to login with their username and password they they signed up the site with - however I'm not sure how to do this.
How can I generate the md5 hash of the user's original password and then input the salt saved in the database for the user and then check if the generated hash matches the hash saved in the database password field?
Just a side note:
I am using a free forum software called 'MyBB' and the database generated automatically. Obviously the hash was automatically generated as well. So, I'm not sure they encrypt the password into a hash.
Any help would be much appreciated. I've tried searching but I don't think I am wording it properly because I can't find any discussion on this matter
All replies (5)
Monday, December 31, 2018 5:39 AM
Hi,
use MD5 to encrypt user passwords
Public Shared Function md5(ByVal password As String, ByVal codeLength As Integer) As String
If Not String.IsNullOrEmpty(password) Then
If codeLength = 16 Then
Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower().Substring(8, 16)
End If
If codeLength = 32 Then
Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower()
End If
End If
Return String.Empty
End Function
Since MD5 is irreversible, it cannot be decrypted after encryption. When the user name and password are taken, the data input by the user needs to be encrypted and compared with the encrypted data in the database. If the comparison results are consistent, you can determine that the login is successful!
Public Function UserLogOn(ByVal USERID As String, ByVal pwd As String, ByRef statusCode As String) As Model.UserInfo
Dim model As Model.UserInfo = GetModel(USERID)
If model IsNot Nothing Then
If model.PASSWORD = MD5Encrypt64(pwd) Then
statusCode = "login successfully"
Else
statusCode = "Login failed"
End If
Else
statusCode = "User does not exist!"
model = Nothing
End If
Return model
End Function
Public Shared Function MD5Encrypt64(ByVal password As String) As String
Dim cl As String = password
Dim md5 As MD5 = MD5.Create()
Dim s As Byte() = md5.ComputeHash(Encoding.UTF8.GetBytes(cl))
Return Convert.ToBase64String(s)
End Function
Best Regards,
Alex
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].
Monday, December 31, 2018 5:43 PM
Hi,
use MD5 to encrypt user passwords
Public Shared Function md5(ByVal password As String, ByVal codeLength As Integer) As String If Not String.IsNullOrEmpty(password) Then If codeLength = 16 Then Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower().Substring(8, 16) End If If codeLength = 32 Then Return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(password, "MD5").ToLower() End If End If Return String.Empty End FunctionSince MD5 is irreversible, it cannot be decrypted after encryption. When the user name and password are taken, the data input by the user needs to be encrypted and compared with the encrypted data in the database. If the comparison results are consistent, you can determine that the login is successful!
Public Function UserLogOn(ByVal USERID As String, ByVal pwd As String, ByRef statusCode As String) As Model.UserInfo Dim model As Model.UserInfo = GetModel(USERID) If model IsNot Nothing Then If model.PASSWORD = MD5Encrypt64(pwd) Then statusCode = "login successfully" Else statusCode = "Login failed" End If Else statusCode = "User does not exist!" model = Nothing End If Return model End Function Public Shared Function MD5Encrypt64(ByVal password As String) As String Dim cl As String = password Dim md5 As MD5 = MD5.Create() Dim s As Byte() = md5.ComputeHash(Encoding.UTF8.GetBytes(cl)) Return Convert.ToBase64String(s) End FunctionBest Regards,
Alex
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].
Thanks for your reply, however this doesn't solve my problem.
I have installed the forum software called 'MyBB' to my website.
Mybb creates the database automatically. So, when I created my account. I put my Username and password. I would like to use in order to access the website.
Now what I am trying to do is make an application but user's will need to login in first. I want them to use the username and password they used to sign up with.
So, I have connected to the database and checked if the username and password exists then they can log on but I have obviously one problem doing this and that is they can't login using their password they used to sign up with. They have to use the password in the database which is a md5 password. So, I have to give them the password from the database. Which I don't want. I want them to be able to use their password they signed up with.
Obviously when you sign up the password gets encrypted to an md5 hash. It does it automatically because the forum software implemented it as a security feature.
So, how would I do what you said above but for a mysql database?
Tuesday, January 1, 2019 7:42 AM
Hi,
I don't really understand what you mean, is that okay?
Public Shared Function ToMD5(ByVal source As String) As String
Dim sb As StringBuilder = New StringBuilder()
Dim md5 As MD5 = MD5.Create()
Dim data As Byte() = Encoding.UTF8.GetBytes(source)
data = md5.ComputeHash(data)
For Each item In data
sb.Append(item.ToString("x2"))
Next
Return sb.ToString()
End Function
receive password entered by the user
Dim password As String = Me.txtPwd.Text.Trim()
MD5 encryption of the received password
Dim pwd As String =ToMD5(password)
The user input has been converted to encryption, and pwd is compared with the encrypted password in the database.
Best Regards,
Alex
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].
Tuesday, January 1, 2019 9:30 PM
Hi,
I don't really understand what you mean, is that okay?
Public Shared Function ToMD5(ByVal source As String) As String Dim sb As StringBuilder = New StringBuilder() Dim md5 As MD5 = MD5.Create() Dim data As Byte() = Encoding.UTF8.GetBytes(source) data = md5.ComputeHash(data) For Each item In data sb.Append(item.ToString("x2")) Next Return sb.ToString() End Functionreceive password entered by the user
Dim password As String = Me.txtPwd.Text.Trim()MD5 encryption of the received password
Dim pwd As String =ToMD5(password)The user input has been converted to encryption, and pwd is compared with the encrypted password in the database.
Best Regards,
Alex
MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact [email protected].
Yes I forgot to mention as well that the database has a salt as well. Sorry I completely forgot about this.
So, not only do I need to hash the password when the user types in his password. I need to hash it and salt it and then compare it with the database. I have done research of how to do this but it nothing comes up of how to salt and hash a password but then put the results in a MySQL database.
How do you hash and salt a password and then compare the results to the database?
Could you also provide the code to the mysql database? Like what you would put in to compare the results? For example
MysqlConn = New MySqlConnection
MysqlConn.ConnectionString = "server=.; user id=hidden_login; username=; password=; database="
MysqlConn.Open()
Dim Myadapter As New MySqlDataAdapter
Dim sqlquary = "SELECT * FROM `mybb_users` where username='" & MephTextBox1.Text & " ' and password='" & MephTextBox2.Text & "'"
So, after I've hashed and salted the password. How do I put put to the database? If that makes sense?
Tuesday, January 1, 2019 10:33 PM
Hi
Here is a stand alone example that may show some of what you want. It has some dummy test data hard coded, but the data could as well be from a database.
' Serialize, Dictionary, Deserialize
' Salt, Hash, Hashing, Salting
' Form1 with TextBox1, TextBox2,
' Label1 and Button1
' 2 x Labels for TextBox contents
Option Strict On
Option Explicit On
Imports System.Runtime.Serialization.Formatters.Binary
Imports System.Security.Cryptography
Imports System.Text
Public Class Form1
Dim DataBase As New Dictionary(Of String, User)
<Serializable> Class User
Property Name As String
Property PW As String
Property Salt As String
Property hash As String
End Class
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
' add some random data to database for tests
Dim user1, user2, user3 As New User
user1.Name = "Les"
user1.PW = "freddy"
user1.Salt = CreateRandomSalt()
user1.hash = Hash512(user1.PW, user1.Salt)
DataBase.Add(user1.Name, user1)
user2.Name = "Mary"
user2.PW = "qwerty"
user2.Salt = CreateRandomSalt()
user2.hash = Hash512(user2.PW, user2.Salt)
DataBase.Add(user2.Name, user2)
user3.Name = "Elizabeth"
user3.PW = "123456"
user3.Salt = CreateRandomSalt()
user3.hash = Hash512(user3.PW, user3.Salt)
DataBase.Add(user3.Name, user3)
' uncomment to save DataBase
' SaveDataBase()
' un comment to read DataBase
'DataBase.Clear()
'ReadDataBase()
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Select Case VerifyUser(TextBox1.Text, TextBox2.Text)
Case True
Label1.Text = "Successful login"
Case Else
Label1.Text = "Failed login"
End Select
End Sub
Function VerifyUser(name As String, password As String) As Boolean
' uncomment messageboxes to see which failed
' verify user name
If Not DataBase.Keys.Contains(name) Then
' MessageBox.Show("User Name not found")
Return False
Else
' verify user hash
If Not Hash512(password, DataBase(name).Salt) = DataBase(name).hash Then
' MessageBox.Show("Password incorrect")
Return False
End If
End If
Return True
End Function
Public Function Hash512(password As String, salt As String) As String
Dim convertedToBytes As Byte() = Encoding.UTF8.GetBytes(password & salt)
Dim hashType As HashAlgorithm = New SHA512Managed()
Dim hashBytes As Byte() = hashType.ComputeHash(convertedToBytes)
Dim hashedResult As String = Convert.ToBase64String(hashBytes)
Return hashedResult
End Function
Public Function CreateRandomSalt() As String
Dim mix As String = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+=][}{<>"
Dim salt As String = ""
Dim rnd As New Random
Dim sb As New StringBuilder
For i As Integer = 1 To 100
Dim x As Integer = rnd.Next(0, mix.Length)
salt &= (mix.Substring(x, 1))
Next
Return salt
End Function
Dim DBpath As String = My.Computer.FileSystem.SpecialDirectories.MyDocuments & "\DB.xml"
Public Sub SaveDataBase()
Dim path As String = DBpath
Dim fs As IO.FileStream = New IO.FileStream(DBpath, IO.FileMode.OpenOrCreate)
Dim bf As New BinaryFormatter()
bf.Serialize(fs, DataBase)
fs.Close()
End Sub
Public Sub ReadDataBase()
Dim path As String = DBpath
If FileIO.FileSystem.FileExists(DBpath) Then
Dim fsRead As New IO.FileStream(DBpath, IO.FileMode.Open)
Dim bf As New BinaryFormatter()
DataBase = CType(bf.Deserialize(fsRead), Dictionary(Of String, User))
fsRead.Close()
End If
End Sub
End Class
Regards Les, Livingston, Scotland