help needed. very simple

ataomega · 06-06-2012, 06:46 PM

Hello

i'm a php programmer and dont know nothing about ASP

this script changes user's password in microsoft access database :

Code:

<%@ Page Language="VB" %>
<script runat="server">

    Function checkuser(ByVal tAC_ID As String, ByVal tAC_Attr As String, ByVal tAC_Val As String) As System.Data.DataSet
            Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\NTTacPlus2\ODBC\NTTacDB.mdb"
            Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
    
            Dim queryString As String = "SELECT [TAC_USR].[TAC_ID], [TAC_USR].[TAC_Attr], [TAC_USR].[TAC_Val] FROM [TAC_USR] WHERE (([TAC_USR].[TAC_ID] = @TAC_ID) AND ([TAC_USR].[TAC_Attr] = @TAC_Attr) AND ([TAC_USR].[TAC_Val] = @TAC_Val))"
            Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
            dbCommand.CommandText = queryString
            dbCommand.Connection = dbConnection
    
            Dim dbParam_tAC_ID As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_ID.ParameterName = "@TAC_ID"
            dbParam_tAC_ID.Value = tAC_ID
            dbParam_tAC_ID.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_ID)
            Dim dbParam_tAC_Attr As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_Attr.ParameterName = "@TAC_Attr"
            dbParam_tAC_Attr.Value = tAC_Attr
            dbParam_tAC_Attr.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_Attr)
            Dim dbParam_tAC_Val As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_Val.ParameterName = "@TAC_Val"
            dbParam_tAC_Val.Value = tAC_Val
            dbParam_tAC_Val.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_Val)
    
            Dim dataAdapter As System.Data.IDbDataAdapter = New System.Data.OleDb.OleDbDataAdapter
            dataAdapter.SelectCommand = dbCommand
            Dim dataSet As System.Data.DataSet = New System.Data.DataSet
            dataAdapter.Fill(dataSet)
    
            Return dataSet
        End Function
    
    
        Function ChangeDB(ByVal tAC_ID As String, ByVal tAC_Attr As String, ByVal tAC_Val As String) As Integer
            Dim connectionString As String = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\NTTacPlus2\ODBC\NTTacDB.mdb"
            Dim dbConnection As System.Data.IDbConnection = New System.Data.OleDb.OleDbConnection(connectionString)
    
            Dim queryString As String = "UPDATE [TAC_GRP] SET [TAC_ID]=@TAC_ID, [TAC_Attr]=@TAC_Attr, [TAC_Val]=@TAC_Val"
            Dim dbCommand As System.Data.IDbCommand = New System.Data.OleDb.OleDbCommand
            dbCommand.CommandText = queryString
            dbCommand.Connection = dbConnection
    
            Dim dbParam_tAC_ID As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_ID.ParameterName = "@TAC_ID"
            dbParam_tAC_ID.Value = tAC_ID
            dbParam_tAC_ID.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_ID)
            Dim dbParam_tAC_Attr As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_Attr.ParameterName = "@TAC_Attr"
            dbParam_tAC_Attr.Value = tAC_Attr
            dbParam_tAC_Attr.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_Attr)
            Dim dbParam_tAC_Val As System.Data.IDataParameter = New System.Data.OleDb.OleDbParameter
            dbParam_tAC_Val.ParameterName = "@TAC_Val"
            dbParam_tAC_Val.Value = tAC_Val
            dbParam_tAC_Val.DbType = System.Data.DbType.String
            dbCommand.Parameters.Add(dbParam_tAC_Val)
    
            Dim rowsAffected As Integer = 0
            dbConnection.Open
            Try
                rowsAffected = dbCommand.ExecuteNonQuery
            Finally
                dbConnection.Close
            End Try
    
            Return rowsAffected
        End Function
    
    
    
    
        Sub Button1_Click(sender As Object, e As EventArgs)
            label1.text=""
            Dim userDS As New System.Data.DataSet
            userDS = checkuser(txtUsername.text , "[Global]Passwd" , txtPassword.text )
            if not txtcNPassword.text = txtNPassword.text then
                label1.text = "New password is not match with its confirmation."
            else If userDS.Tables(0).Rows.Count = 1 Then
                    ChangeDB(ltrim(rtrim(txtUsername.text)),"[Global]Passwd",ltrim(rtrim(txtNPassword.text)))
                    label1.text = "Your password is changed."
             Else
                        label1.text = "Invalid username or password"
             end if
        End Sub

</script>
<html>
<head>
    <title>Change Password</title> 
    <meta content="Sadjad Seyed-Ahmadian" name="Programmer" />
    <meta content="Microsoft FrontPage 5.0" name="GENERATOR" />
    <meta content="FrontPage.Editor.Document" name="ProgId" />
</head>
<body>
    <form runat="server">
        <table id="AutoNumber1" style="BORDER-COLLAPSE: collapse" bordercolor="#111111" cellspacing="0" cellpadding="0" width="520" border="0">
            <tbody>
                <tr>
                    <td width="919" colspan="2">
                        <b><font color="#3366cc" size="7">C</font></b><font color="#3366cc" size="7"><b>hange
                        Password</b></font></td>
                </tr>
                <tr>
                    <td width="200">
                        &nbsp; Username :</td>
                    <td width="719">
                        &nbsp; 
                        <asp:TextBox id="txtUsername" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px">
                        </asp:TextBox>
                    </td>
                </tr>
                <tr>
                    <td width="200">
                        &nbsp; Password :</td>
                    <td width="719">
                        &nbsp; 
                        <asp:TextBox id="txtPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                        </asp:TextBox>
                    </td>
                </tr>
                <tr>
                    <td width="137">
                        <p align="left">
                            &nbsp;&nbsp;New Password : 
                        </p>
                    </td>
                    <td width="383">
                        &nbsp; 
                        <asp:TextBox id="txtNPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                        </asp:TextBox>
                    </td>
                </tr>
                <tr>
                    <td width="137">
                        &nbsp;&nbsp;Confirm Password :</td>
                    <td width="383">
                        &nbsp; 
                        <asp:TextBox id="txtCNPassword" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="120px" TextMode="Password">
                        </asp:TextBox>
                    </td>
                </tr>
                <tr>
                    <td width="137">
                        &nbsp;<asp:Button id="Button1" onclick="Button1_Click" runat="server" BorderColor="DarkGoldenrod" BorderStyle="Dotted" BorderWidth="1px" Font-Size="X-Small" Width="129px" Text="Change Password"></asp:Button>
                    </td>
                    <td width="383">
                        &nbsp;<asp:Label id="Label1" runat="server" font-size="Medium" forecolor="Red"></asp:Label> 
                    </td>
                </tr>
                <tr>
                    <td width="520" colspan="2" height="160">&nbsp;
                        </td>
                </tr>
            </tbody>
        </table>
        <p>
        </p>
    </form>
</body>
</html>

Passwords are stored in database as encrypted. but i dont know how they are encrypted.

i'm wroting a php program and need to know how can i encrypt passwords like this. (what algorithm this uses)

this script gets new password and stores it on database. i read all codes but didnt found out that how this script encrypts password,

could you please tell me in which line program goes to convert password?

thanks

miranda · 06-07-2012, 05:37 PM

I am not too familiar with vb.Net but it looks to me like it is passing a key with the "[Global]Passwd" (located in the Button1_click sub) it is the value tAC_Attr in the other 2 functions

I would say that is the part that is doing the encrypting

ataomega · 06-07-2012, 05:56 PM

tnx for reply.

global[passwd] is field name on database

ataomega · 06-07-2012, 05:58 PM

i have attached a program's source which decodes this passwords.

miranda · 06-07-2012, 06:10 PM

Quote:

Originally Posted by ataomega

tnx for reply.

global[passwd] is field name on database

Not according to the SQL query
SELECT [TAC_USR].[TAC_ID], [TAC_USR].[TAC_Attr], [TAC_USR].[TAC_Val] FROM [TAC_USR]

TAC_USR is the table name
TAC_ID, TAC_Attr, TAC_Val are the columns

ataomega · 06-07-2012, 06:19 PM

no, please see : (part of database i have exported)

Code:

TAC_ID	TAC_Attr	TAC_Val
AnalogicUser 	[Global]Groups 	AnalogicOnlyPPP 
AnalogicUser 	[Global]Name 	Analogic user 
Default 	[Global]Groups 	standard 
Default 	[Global]Name 	Default user 
ISDNUser 	[Global]Groups 	ISDNOnlyPPP 
ISDNUser 	[Global]Name 	ISDN user 
pars 	[Global]Expires 	#356 
pars 	[Global]Passwd 	+@96CA30F8 
pars 	[Global]Groups 	PPP 
pars 	[Global]EffectiveFrom 	28-04-2012 
pars 	[Warning]FailedLogins 	0 
pars 	[Warning]ExpireStatus 	0 
DEFAULT 	[Warning]FailedLogins 	0 
DEFAULT 	[Warning]LastFailedLogin 	06-06-2012 13:53:49 
Admin 	[Global]Groups 	Admin 
Admin 	[Global]Name 	Administrator 
Admin 	[Global]Passwd 	netihaa 
DEFAULT 	[Warning]ExpireStatus 	0 
User 	[Global]Groups 	Standard,PPP 
User 	[Global]Name 	mydsoftware 
User 	[Global]Expires 	#60 
User 	[Global]MaxLogins 	1 
User 	[Global]Passwd 	1990415121 
mydsoftware 	[Global]Expires 	#60 
mydsoftware 	[Global]Passwd 	+@D7927BBBCA6E80B29C47 
mydsoftware 	[Global]Groups 	PPP,Standard 
mydsoftware 	[Global]Name 	mydsoftware 
mydsoftware 	[Global]MaxLogins 	1 
mydsoftware 	[Warning]FailedLogins 	0 
mydsoftware 	[Warning]ExpireStatus 	0 
mydsoftware 	[Global]EffectiveFrom 	30-04-2012 
arya1376 	[Global]Name 	arya1376 
arya1376 	[Global]Expires 	#30 
arya1376 	[Global]MaxLogins 	1 
arya1376 	[Global]Passwd 	+@87D93BEACF6C82B5 
arya1376 	[Global]Groups 	Standard,PPP

gnoix · 07-04-2012, 05:05 AM

do you use MS Access database for your PHP application?
if you are using MySQL database, it should be encrypted by itself using MD5