okay, I recently completed a CMS integration, and everything is aligned perfectly except one thing… The main platform is storing the password data using md5 hashing. Which is cool. However, when it stores the userdata for the second CMS the password is double hashing. Is there anything I can do here?!? Everything is so close to working correctly and I am learning a lot about PHP but I have not learned the security process.
In my code is there anything I can add to the MD5 ({$password}), for instance a -md5 ({$password}) or a (md5(md5({$password})) that would rectify the problem I am having. My php books, do not cover this very well and I have been googling madly!!! until I am out of ideas.
Also, I know that I could just change the way the script queries the database for that CMS, but I do not know how to make a call to another table in a query… Here’s the script…
//CODE
if( ( isset($HTTP_POST_VARS[‘login’]) || isset($HTTP_GET_VARS[‘login’]) ) && (!$userdata[‘session_logged_in’] || isset($HTTP_POST_VARS[‘admin’])) )
{
$username = isset($HTTP_POST_VARS[‘username’]) ? phpbb_clean_username($HTTP_POST_VARS[‘username’]) : ‘’;
$password = isset($HTTP_POST_VARS[‘password’]) ? $HTTP_POST_VARS[‘password’] : ‘’;
$sql = "SELECT user_id, username, user_password, user_active, user_level, user_login_tries, user_last_login_try
FROM " . USERS_TABLE . "
WHERE username = '" . str_replace("\'", "''", $username) . "'";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}
What in this code would I need to change in order to have the password be read from the same database, only a table called,“Profiles” and the field is ,“Password”.
Thanks in advance!