User Database

qwicker · **User Database -** 12-14-2004, 12:46 AM

Hello all,
I was wondering how i can extract the user database into a text file. This may be somewhat advanced, but i am running a HUB software on my server, and i want everyone to have a login and password. Thus, i want to link my php site with my hubsoftware. I figure the easiest way to do this would be to have the user database for all the people that register on my website also copied to a textfile. This way, i a can have a PERL script that will read the text file and insert the users and passwords into the HUB database. Any help OR different approaches to this would be very much appreciated. At the very least, where is the user database located? THANKS

Rica · 12-14-2004, 04:55 AM

You know you have only MD5 of password and not the password itself in nuke database ?

If you know it... then it's just a matter of an SQL query such as the following non tested code.

ExtractUsersPass.php

Code:

<?php
// Extract users/pass from phpNuke database
// Non tested code by Rica http://www.thehorde.be
require_once("mainfile.php");
global $db;
$sql="SELECT username,user_password FROM nuke_users";
$result=$db->sql_query($sql);
echo "<table border="1" cellspacing="3" cellpadding="3"><tr><th>Username</th><th>MD5 Password Hash</th></tr>";
while($row=$db->sql_fetchrow($result)){
 echo "<tr><td>".$row["username"]."</td><td>".$row["user_password"]."</td></tr>";
}

echo "<tr><td colspan="2">".$db->sql_numrows()." users in database."</td></tr>";
echo "</table>";
?>

mikem · 12-14-2004, 11:31 AM

Nice code Rica...I had a few errors with it though. Here's what I used once I got rid of the errors

Code:

<?php
// Extract users/pass from phpNuke database
// Non tested code by Rica http://www.thehorde.be
require_once("mainfile.php");
global $db;
$sql="SELECT username,user_password FROM nuke_users";
$result=$db->sql_query($sql);
echo "<table border=\"1\" cellspacing=\"3\" cellpadding=\"3\"><tr><th>Username</th><th>MD5 Password Hash</th></tr>";
while($row=$db->sql_fetchrow($result)){
 echo "<tr><td>".$row["username"]."</td><td>".$row["user_password"]."</td></tr>";
}

echo "<tr><td colspan=\"2\">".$db->sql_numrows()." users in database.";
echo "</td></tr></table>";
?>

qwicker, Like rica said, the passwords are MD5 hashes, which cannot be decrypted or unencrypted. So if you use the code above, it will list all your users and their MD5 hash password.

qwicker · 12-14-2004, 01:55 PM

Hmmm alright, the code looks good, but the MD5 hash password is a problem. I cannot use an encrypted password for my hub. I know this must be possible, though it is probobly quite tricky. Is there prehaps another block or form that i can use to register users without an encrypted password and the results would be stored in a text file. I know how to make a form like this in html, but not in php. Thanks

Rica · 12-14-2004, 02:40 PM

Quote:

Originally Posted by mikem

Nice code Rica...I had a few errors with it though. Here's what I used once I got rid of the errors

Thanks for fix , mikem.. bad habits from my phpEdit that escape double quote for me

Quote:

Originally Posted by qwicker

Hmmm alright, the code looks good, but the MD5 hash password is a problem. I cannot use an encrypted password for my hub. I know this must be possible, though it is probobly quite tricky. Is there prehaps another block or form that i can use to register users without an encrypted password and the results would be stored in a text file. I know how to make a form like this in html, but not in php. Thanks

There is some problem with this technic because user usually dont enter their name/pass each times , cookies are used (and they use the MD5 hashed password AFAIK [but I can be wrong]).

Let suppose you wanna force them to reenter their account info to log (you can force them by changing cookies domain/path in your phpBB preference or asking them nicely) , you could intercept "uncrypted password" from the login box.

Code:

#
#-------[OPEN]----------
#
modules/Your_Account/index.php

#
#-------[FIND]----------
#
function login($username, $user_password, $redirect, $mode, $f, $t, $random_num, $gfx_check) {

#
#-------[AFTER, ADD]----------
#
$userpasswordfile="mypasswordfile.txt";
if ($fp = fopen($userpasswordfile, "a+")) {
  fwrite($fp,"$username,$user_password\r\n");
  fclose($fp);
}

#
#-------[SAVE/UPLOAD]----------
#

it will create the file if needed and add Username and Uncrypted password in this file.

NB: It's not secure at all... I mean if someone got access to this file , he will get all your USERS PASSWORDS...

(If you use this method , change the name of the file... at least...)

( It doesnt check if user info is already in the file
It doesnt check if users accidentally make a typo on his password or login name
)