Vbulletin Md5

OHai,

Im trying to create a login system on my site that uses the userinfo from the vb_user table, im using version 3.8.4 of vbulletin. It always returns me invalid password and when it outputs both md5's they do not match.

how is the encryption handled in VB?


public function doLogin() {
$connection = $this->dbConnect("r");
$this->SelectDB("r");
$account = $this->SanitizeName($_POST['account']);
$password = $this->SanitizeName($_POST['password']);
if(strLen($account) < 1 || strlen($password) < 1) {
return false;
}

$result = mysql_query('SELECT Username,password,salt FROM vb_user WHERE Username="'.$account.'" ') or die("Could not execute the query (E6).");

$vb_info[0] = mysql_result($result, 0, "Username"); //username
$vb_info[1] = mysql_result($result, 0, "password"); //password
$vb_info[2] = mysql_result($result, 0, "salt"); //salt (md5)
$md5_password = md5(md5(md5($password) . $vb_info[2]));

echo $vb_info[0]. "<br/>";
echo $vb_info[1]. "<br/>";
echo $vb_info[2]. "<br/>";
echo $md5_password. "<br/>";
if($vb_info[0] != $account) {
return false;
} else if($vb_info[1] != $md5_password) {
return false;
}
$_SESSION['account'] = $account;
return true;
}


Thanks!

I'm not sure about this because I have never had vBullentin but have you tried to edit the


$md5_password = md5(md5(md5($password) . $vb_info[2]));


to something else like


$md5_password = md5(md5($password) . $vb_info[2]);


Just to see if it md5'ed it once to many.

Actually i took a look at the class_core.php file and it was set as 3x md5.

Edit: Nvm this worked, thank you.