Password encoding/decoding function (Expert PHP)

Hello every body,

I'm Hassan Faghihi (Know as deadManN), and i and some of my friend are about to make a platform, but there's some problem, we have to link our user from client to our forum database, but there's a mess in DB, cuz all data has been coded, and my need is a structure that be enable to decode the the data, but it's a hard for me to trace PHP, even though i don't know any about that.

the forum i need you trace for me is DIscuz Ver 6.1. that you can download from E-Discuz.com
in DB out table is cdb_members and in forum i need both register and read user, so we need to trace the structure from Register and from login .

Please help me ASAP,
I looking after you guys, as i told you i don't know any about PHP else i do this myself.

Thank you,
deadManN.

Hmmm....from the Dizcuz download page:

"We have translated and moded this Discuz! 6.1 to make more stable because , maybe you already know , Discuz! 6.0 is very easy to hack ."

That's not exactly what I'd call an auspicious beginning.....

Anyway, I went there to see if I could get a a copy and help you out, but I must be an idiot because I didn't see any place I could actually download the code from. Lots and lots of messages about downloading the code, but I must have missed the link where you actually get it.

Homepage >> Download Latest Discuz now ! >> ??????????

Post the code or a zip and I'll see what I can do.

here's link: Discuz! 6.1 Download English Translated by E-Discuz.com - General Discussion - Discuz! support forum discuz - Powered by Discuz! - Support by E-Discuz
u must post a reply, so it will show u !
BTW it's file link it host allow you: http://www.e-discuz.com/discuzdownlo...Discuz.com.zip

thank you for your help, but as i told you, i don't know php

I looked at this and what they do is store the MD5'd user password along with a random salt. Here's the code snippet that does that:

$salt = random(6);
$password = md5(md5($password).$salt);

First they create a random salt, then they append the salt to the password and MD5 it, then they MD5 the result again. Finally they do the insert into the DB, storing the salt:

INSERT INTO {$tablepre}members (username, password, salt, ..... etc

You can't really "undo" an MD5 function, but by using the same function with the stored salt value, you could create the same MD5 digest of the password for use in your system. The user could then login with the same password

so can i have this md5 function also plus salt in other language?

Also, how they have been combined?
like attach random number in front or end of code, or like encode or decode via number 5?!

You can have it in any language you want, as far as I know. (You'll want to use same they salt they generate so the MD5 result comes out the same.)

Please try reading my post- I showed you the exact code they use, right there in my post, plus I explained it in detail.

ok, what about decoding?! don't we need to separate salt, or actually we use the number again to decode, and in the end we just have our password , include nothing more !

You are not able to get the passwords out of the hashes.

If you want existing user to be able to log in, you will have to implement the current logic in your project.

End User was so kind to look it up for you:
$password = md5(md5($password).$salt);

All you need to do is:
Have access to the 'old' user-data (You`ll need the username, password, salt Fields from {$tablepre}members).
When someone tries to log in, check if that login exists.
if it does, get the salt and password-hash to that login out of the database.
check if
$database_password_hash == md5(md5($user_entered_password).$database_salt)

tnx, and just one more thing, if my project be based on java, what diff will be on this code, what i need to include, and how to make this on there?